Blame - tests/opt-testcases/tls13-compat.sh - mirror/mbed-tls

blob: ae49312dbc646588c65cea1dce218570a0396e65 [file] [log] [blame]

XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	1	requires_config_enabled MBEDTLS_DEBUG_C
				2	requires_config_enabled MBEDTLS_SSL_CLI_C
				3	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5	requires_openssl_tls1_3
				6	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				7	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				9	0 \
				10	-s "Protocol is TLSv1.3" \
				11	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				12	-s "received signature algorithm: 0x403" \
				13	-s "got named group: secp256r1(0017)" \
				14	-s "Verifying peer X.509 certificate... ok" \
				15	-s "HTTP/1.0 200 OK" \
				16	-C "received HelloRetryRequest message"
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	17
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	18	requires_config_enabled MBEDTLS_DEBUG_C
				19	requires_config_enabled MBEDTLS_SSL_CLI_C
				20	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				21	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				22	requires_openssl_tls1_3
				23	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				24	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				25	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				26	0 \
				27	-s "Protocol is TLSv1.3" \
				28	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				29	-s "received signature algorithm: 0x503" \
				30	-s "got named group: secp256r1(0017)" \
				31	-s "Verifying peer X.509 certificate... ok" \
				32	-s "HTTP/1.0 200 OK" \
				33	-C "received HelloRetryRequest message"
				34
				35	requires_config_enabled MBEDTLS_DEBUG_C
				36	requires_config_enabled MBEDTLS_SSL_CLI_C
				37	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				38	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				39	requires_openssl_tls1_3
				40	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				41	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				42	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				43	0 \
				44	-s "Protocol is TLSv1.3" \
				45	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				46	-s "received signature algorithm: 0x603" \
				47	-s "got named group: secp256r1(0017)" \
				48	-s "Verifying peer X.509 certificate... ok" \
				49	-s "HTTP/1.0 200 OK" \
				50	-C "received HelloRetryRequest message"
				51
				52	requires_config_enabled MBEDTLS_DEBUG_C
				53	requires_config_enabled MBEDTLS_SSL_CLI_C
				54	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				55	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				56	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				57	requires_openssl_tls1_3
				58	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				59	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				60	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				61	0 \
				62	-s "Protocol is TLSv1.3" \
				63	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				64	-s "received signature algorithm: 0x804" \
				65	-s "got named group: secp256r1(0017)" \
				66	-s "Verifying peer X.509 certificate... ok" \
				67	-s "HTTP/1.0 200 OK" \
				68	-C "received HelloRetryRequest message"
				69
				70	requires_config_enabled MBEDTLS_DEBUG_C
				71	requires_config_enabled MBEDTLS_SSL_CLI_C
				72	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				73	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				74	requires_openssl_tls1_3
				75	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				76	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				77	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				78	0 \
				79	-s "Protocol is TLSv1.3" \
				80	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				81	-s "received signature algorithm: 0x403" \
				82	-s "got named group: secp384r1(0018)" \
				83	-s "Verifying peer X.509 certificate... ok" \
				84	-s "HTTP/1.0 200 OK" \
				85	-C "received HelloRetryRequest message"
				86
				87	requires_config_enabled MBEDTLS_DEBUG_C
				88	requires_config_enabled MBEDTLS_SSL_CLI_C
				89	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				90	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				91	requires_openssl_tls1_3
				92	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				93	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				94	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				95	0 \
				96	-s "Protocol is TLSv1.3" \
				97	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				98	-s "received signature algorithm: 0x503" \
				99	-s "got named group: secp384r1(0018)" \
				100	-s "Verifying peer X.509 certificate... ok" \
				101	-s "HTTP/1.0 200 OK" \
				102	-C "received HelloRetryRequest message"
				103
				104	requires_config_enabled MBEDTLS_DEBUG_C
				105	requires_config_enabled MBEDTLS_SSL_CLI_C
				106	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				107	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				108	requires_openssl_tls1_3
				109	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				110	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				111	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				112	0 \
				113	-s "Protocol is TLSv1.3" \
				114	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				115	-s "received signature algorithm: 0x603" \
				116	-s "got named group: secp384r1(0018)" \
				117	-s "Verifying peer X.509 certificate... ok" \
				118	-s "HTTP/1.0 200 OK" \
				119	-C "received HelloRetryRequest message"
				120
				121	requires_config_enabled MBEDTLS_DEBUG_C
				122	requires_config_enabled MBEDTLS_SSL_CLI_C
				123	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				124	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				125	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				126	requires_openssl_tls1_3
				127	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				128	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				129	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				130	0 \
				131	-s "Protocol is TLSv1.3" \
				132	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				133	-s "received signature algorithm: 0x804" \
				134	-s "got named group: secp384r1(0018)" \
				135	-s "Verifying peer X.509 certificate... ok" \
				136	-s "HTTP/1.0 200 OK" \
				137	-C "received HelloRetryRequest message"
				138
				139	requires_config_enabled MBEDTLS_DEBUG_C
				140	requires_config_enabled MBEDTLS_SSL_CLI_C
				141	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				142	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				143	requires_openssl_tls1_3
				144	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				145	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				146	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				147	0 \
				148	-s "Protocol is TLSv1.3" \
				149	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				150	-s "received signature algorithm: 0x403" \
				151	-s "got named group: secp521r1(0019)" \
				152	-s "Verifying peer X.509 certificate... ok" \
				153	-s "HTTP/1.0 200 OK" \
				154	-C "received HelloRetryRequest message"
				155
				156	requires_config_enabled MBEDTLS_DEBUG_C
				157	requires_config_enabled MBEDTLS_SSL_CLI_C
				158	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				159	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				160	requires_openssl_tls1_3
				161	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				162	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				163	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				164	0 \
				165	-s "Protocol is TLSv1.3" \
				166	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				167	-s "received signature algorithm: 0x503" \
				168	-s "got named group: secp521r1(0019)" \
				169	-s "Verifying peer X.509 certificate... ok" \
				170	-s "HTTP/1.0 200 OK" \
				171	-C "received HelloRetryRequest message"
				172
				173	requires_config_enabled MBEDTLS_DEBUG_C
				174	requires_config_enabled MBEDTLS_SSL_CLI_C
				175	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				176	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				177	requires_openssl_tls1_3
				178	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				179	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				180	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				181	0 \
				182	-s "Protocol is TLSv1.3" \
				183	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				184	-s "received signature algorithm: 0x603" \
				185	-s "got named group: secp521r1(0019)" \
				186	-s "Verifying peer X.509 certificate... ok" \
				187	-s "HTTP/1.0 200 OK" \
				188	-C "received HelloRetryRequest message"
				189
				190	requires_config_enabled MBEDTLS_DEBUG_C
				191	requires_config_enabled MBEDTLS_SSL_CLI_C
				192	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				193	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				194	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				195	requires_openssl_tls1_3
				196	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				197	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				198	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				199	0 \
				200	-s "Protocol is TLSv1.3" \
				201	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				202	-s "received signature algorithm: 0x804" \
				203	-s "got named group: secp521r1(0019)" \
				204	-s "Verifying peer X.509 certificate... ok" \
				205	-s "HTTP/1.0 200 OK" \
				206	-C "received HelloRetryRequest message"
				207
				208	requires_config_enabled MBEDTLS_DEBUG_C
				209	requires_config_enabled MBEDTLS_SSL_CLI_C
				210	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				211	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				212	requires_openssl_tls1_3
				213	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
				214	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				215	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				216	0 \
				217	-s "Protocol is TLSv1.3" \
				218	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				219	-s "received signature algorithm: 0x403" \
				220	-s "got named group: x25519(001d)" \
				221	-s "Verifying peer X.509 certificate... ok" \
				222	-s "HTTP/1.0 200 OK" \
				223	-C "received HelloRetryRequest message"
				224
				225	requires_config_enabled MBEDTLS_DEBUG_C
				226	requires_config_enabled MBEDTLS_SSL_CLI_C
				227	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				228	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				229	requires_openssl_tls1_3
				230	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
				231	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				232	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				233	0 \
				234	-s "Protocol is TLSv1.3" \
				235	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				236	-s "received signature algorithm: 0x503" \
				237	-s "got named group: x25519(001d)" \
				238	-s "Verifying peer X.509 certificate... ok" \
				239	-s "HTTP/1.0 200 OK" \
				240	-C "received HelloRetryRequest message"
				241
				242	requires_config_enabled MBEDTLS_DEBUG_C
				243	requires_config_enabled MBEDTLS_SSL_CLI_C
				244	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				245	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				246	requires_openssl_tls1_3
				247	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
				248	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				249	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				250	0 \
				251	-s "Protocol is TLSv1.3" \
				252	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				253	-s "received signature algorithm: 0x603" \
				254	-s "got named group: x25519(001d)" \
				255	-s "Verifying peer X.509 certificate... ok" \
				256	-s "HTTP/1.0 200 OK" \
				257	-C "received HelloRetryRequest message"
				258
				259	requires_config_enabled MBEDTLS_DEBUG_C
				260	requires_config_enabled MBEDTLS_SSL_CLI_C
				261	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				262	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				263	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				264	requires_openssl_tls1_3
				265	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
				266	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				267	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				268	0 \
				269	-s "Protocol is TLSv1.3" \
				270	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				271	-s "received signature algorithm: 0x804" \
				272	-s "got named group: x25519(001d)" \
				273	-s "Verifying peer X.509 certificate... ok" \
				274	-s "HTTP/1.0 200 OK" \
				275	-C "received HelloRetryRequest message"
				276
				277	requires_config_enabled MBEDTLS_DEBUG_C
				278	requires_config_enabled MBEDTLS_SSL_CLI_C
				279	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				280	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				281	requires_openssl_tls1_3
				282	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
				283	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				284	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				285	0 \
				286	-s "Protocol is TLSv1.3" \
				287	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				288	-s "received signature algorithm: 0x403" \
				289	-s "got named group: x448(001e)" \
				290	-s "Verifying peer X.509 certificate... ok" \
				291	-s "HTTP/1.0 200 OK" \
				292	-C "received HelloRetryRequest message"
				293
				294	requires_config_enabled MBEDTLS_DEBUG_C
				295	requires_config_enabled MBEDTLS_SSL_CLI_C
				296	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				297	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				298	requires_openssl_tls1_3
				299	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
				300	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				301	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				302	0 \
				303	-s "Protocol is TLSv1.3" \
				304	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				305	-s "received signature algorithm: 0x503" \
				306	-s "got named group: x448(001e)" \
				307	-s "Verifying peer X.509 certificate... ok" \
				308	-s "HTTP/1.0 200 OK" \
				309	-C "received HelloRetryRequest message"
				310
				311	requires_config_enabled MBEDTLS_DEBUG_C
				312	requires_config_enabled MBEDTLS_SSL_CLI_C
				313	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				314	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				315	requires_openssl_tls1_3
				316	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
				317	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				318	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				319	0 \
				320	-s "Protocol is TLSv1.3" \
				321	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				322	-s "received signature algorithm: 0x603" \
				323	-s "got named group: x448(001e)" \
				324	-s "Verifying peer X.509 certificate... ok" \
				325	-s "HTTP/1.0 200 OK" \
				326	-C "received HelloRetryRequest message"
				327
				328	requires_config_enabled MBEDTLS_DEBUG_C
				329	requires_config_enabled MBEDTLS_SSL_CLI_C
				330	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				331	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				332	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				333	requires_openssl_tls1_3
				334	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
				335	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				336	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				337	0 \
				338	-s "Protocol is TLSv1.3" \
				339	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				340	-s "received signature algorithm: 0x804" \
				341	-s "got named group: x448(001e)" \
				342	-s "Verifying peer X.509 certificate... ok" \
				343	-s "HTTP/1.0 200 OK" \
				344	-C "received HelloRetryRequest message"
				345
				346	requires_config_enabled MBEDTLS_DEBUG_C
				347	requires_config_enabled MBEDTLS_SSL_CLI_C
				348	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				349	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				350	requires_openssl_tls1_3
				351	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
				352	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				353	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				354	0 \
				355	-s "Protocol is TLSv1.3" \
				356	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				357	-s "received signature algorithm: 0x403" \
				358	-s "got named group: secp256r1(0017)" \
				359	-s "Verifying peer X.509 certificate... ok" \
				360	-s "HTTP/1.0 200 OK" \
				361	-C "received HelloRetryRequest message"
				362
				363	requires_config_enabled MBEDTLS_DEBUG_C
				364	requires_config_enabled MBEDTLS_SSL_CLI_C
				365	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				366	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				367	requires_openssl_tls1_3
				368	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
				369	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				370	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				371	0 \
				372	-s "Protocol is TLSv1.3" \
				373	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				374	-s "received signature algorithm: 0x503" \
				375	-s "got named group: secp256r1(0017)" \
				376	-s "Verifying peer X.509 certificate... ok" \
				377	-s "HTTP/1.0 200 OK" \
				378	-C "received HelloRetryRequest message"
				379
				380	requires_config_enabled MBEDTLS_DEBUG_C
				381	requires_config_enabled MBEDTLS_SSL_CLI_C
				382	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				383	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				384	requires_openssl_tls1_3
				385	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
				386	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				387	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				388	0 \
				389	-s "Protocol is TLSv1.3" \
				390	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				391	-s "received signature algorithm: 0x603" \
				392	-s "got named group: secp256r1(0017)" \
				393	-s "Verifying peer X.509 certificate... ok" \
				394	-s "HTTP/1.0 200 OK" \
				395	-C "received HelloRetryRequest message"
				396
				397	requires_config_enabled MBEDTLS_DEBUG_C
				398	requires_config_enabled MBEDTLS_SSL_CLI_C
				399	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				400	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				401	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				402	requires_openssl_tls1_3
				403	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
				404	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				405	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				406	0 \
				407	-s "Protocol is TLSv1.3" \
				408	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				409	-s "received signature algorithm: 0x804" \
				410	-s "got named group: secp256r1(0017)" \
				411	-s "Verifying peer X.509 certificate... ok" \
				412	-s "HTTP/1.0 200 OK" \
				413	-C "received HelloRetryRequest message"
				414
				415	requires_config_enabled MBEDTLS_DEBUG_C
				416	requires_config_enabled MBEDTLS_SSL_CLI_C
				417	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				418	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				419	requires_openssl_tls1_3
				420	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
				421	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				422	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				423	0 \
				424	-s "Protocol is TLSv1.3" \
				425	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				426	-s "received signature algorithm: 0x403" \
				427	-s "got named group: secp384r1(0018)" \
				428	-s "Verifying peer X.509 certificate... ok" \
				429	-s "HTTP/1.0 200 OK" \
				430	-C "received HelloRetryRequest message"
				431
				432	requires_config_enabled MBEDTLS_DEBUG_C
				433	requires_config_enabled MBEDTLS_SSL_CLI_C
				434	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				435	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				436	requires_openssl_tls1_3
				437	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
				438	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				439	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				440	0 \
				441	-s "Protocol is TLSv1.3" \
				442	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				443	-s "received signature algorithm: 0x503" \
				444	-s "got named group: secp384r1(0018)" \
				445	-s "Verifying peer X.509 certificate... ok" \
				446	-s "HTTP/1.0 200 OK" \
				447	-C "received HelloRetryRequest message"
				448
				449	requires_config_enabled MBEDTLS_DEBUG_C
				450	requires_config_enabled MBEDTLS_SSL_CLI_C
				451	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				452	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				453	requires_openssl_tls1_3
				454	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
				455	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				456	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				457	0 \
				458	-s "Protocol is TLSv1.3" \
				459	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				460	-s "received signature algorithm: 0x603" \
				461	-s "got named group: secp384r1(0018)" \
				462	-s "Verifying peer X.509 certificate... ok" \
				463	-s "HTTP/1.0 200 OK" \
				464	-C "received HelloRetryRequest message"
				465
				466	requires_config_enabled MBEDTLS_DEBUG_C
				467	requires_config_enabled MBEDTLS_SSL_CLI_C
				468	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				469	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				470	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				471	requires_openssl_tls1_3
				472	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
				473	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				474	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				475	0 \
				476	-s "Protocol is TLSv1.3" \
				477	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				478	-s "received signature algorithm: 0x804" \
				479	-s "got named group: secp384r1(0018)" \
				480	-s "Verifying peer X.509 certificate... ok" \
				481	-s "HTTP/1.0 200 OK" \
				482	-C "received HelloRetryRequest message"
				483
				484	requires_config_enabled MBEDTLS_DEBUG_C
				485	requires_config_enabled MBEDTLS_SSL_CLI_C
				486	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				487	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				488	requires_openssl_tls1_3
				489	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
				490	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				491	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				492	0 \
				493	-s "Protocol is TLSv1.3" \
				494	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				495	-s "received signature algorithm: 0x403" \
				496	-s "got named group: secp521r1(0019)" \
				497	-s "Verifying peer X.509 certificate... ok" \
				498	-s "HTTP/1.0 200 OK" \
				499	-C "received HelloRetryRequest message"
				500
				501	requires_config_enabled MBEDTLS_DEBUG_C
				502	requires_config_enabled MBEDTLS_SSL_CLI_C
				503	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				504	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				505	requires_openssl_tls1_3
				506	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
				507	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				508	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				509	0 \
				510	-s "Protocol is TLSv1.3" \
				511	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				512	-s "received signature algorithm: 0x503" \
				513	-s "got named group: secp521r1(0019)" \
				514	-s "Verifying peer X.509 certificate... ok" \
				515	-s "HTTP/1.0 200 OK" \
				516	-C "received HelloRetryRequest message"
				517
				518	requires_config_enabled MBEDTLS_DEBUG_C
				519	requires_config_enabled MBEDTLS_SSL_CLI_C
				520	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				521	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				522	requires_openssl_tls1_3
				523	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
				524	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				525	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				526	0 \
				527	-s "Protocol is TLSv1.3" \
				528	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				529	-s "received signature algorithm: 0x603" \
				530	-s "got named group: secp521r1(0019)" \
				531	-s "Verifying peer X.509 certificate... ok" \
				532	-s "HTTP/1.0 200 OK" \
				533	-C "received HelloRetryRequest message"
				534
				535	requires_config_enabled MBEDTLS_DEBUG_C
				536	requires_config_enabled MBEDTLS_SSL_CLI_C
				537	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				538	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				539	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				540	requires_openssl_tls1_3
				541	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
				542	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				543	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				544	0 \
				545	-s "Protocol is TLSv1.3" \
				546	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				547	-s "received signature algorithm: 0x804" \
				548	-s "got named group: secp521r1(0019)" \
				549	-s "Verifying peer X.509 certificate... ok" \
				550	-s "HTTP/1.0 200 OK" \
				551	-C "received HelloRetryRequest message"
				552
				553	requires_config_enabled MBEDTLS_DEBUG_C
				554	requires_config_enabled MBEDTLS_SSL_CLI_C
				555	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				556	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				557	requires_openssl_tls1_3
				558	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
				559	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				560	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				561	0 \
				562	-s "Protocol is TLSv1.3" \
				563	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				564	-s "received signature algorithm: 0x403" \
				565	-s "got named group: x25519(001d)" \
				566	-s "Verifying peer X.509 certificate... ok" \
				567	-s "HTTP/1.0 200 OK" \
				568	-C "received HelloRetryRequest message"
				569
				570	requires_config_enabled MBEDTLS_DEBUG_C
				571	requires_config_enabled MBEDTLS_SSL_CLI_C
				572	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				573	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				574	requires_openssl_tls1_3
				575	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
				576	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				577	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				578	0 \
				579	-s "Protocol is TLSv1.3" \
				580	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				581	-s "received signature algorithm: 0x503" \
				582	-s "got named group: x25519(001d)" \
				583	-s "Verifying peer X.509 certificate... ok" \
				584	-s "HTTP/1.0 200 OK" \
				585	-C "received HelloRetryRequest message"
				586
				587	requires_config_enabled MBEDTLS_DEBUG_C
				588	requires_config_enabled MBEDTLS_SSL_CLI_C
				589	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				590	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				591	requires_openssl_tls1_3
				592	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
				593	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				594	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				595	0 \
				596	-s "Protocol is TLSv1.3" \
				597	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				598	-s "received signature algorithm: 0x603" \
				599	-s "got named group: x25519(001d)" \
				600	-s "Verifying peer X.509 certificate... ok" \
				601	-s "HTTP/1.0 200 OK" \
				602	-C "received HelloRetryRequest message"
				603
				604	requires_config_enabled MBEDTLS_DEBUG_C
				605	requires_config_enabled MBEDTLS_SSL_CLI_C
				606	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				607	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				608	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				609	requires_openssl_tls1_3
				610	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
				611	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				612	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				613	0 \
				614	-s "Protocol is TLSv1.3" \
				615	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				616	-s "received signature algorithm: 0x804" \
				617	-s "got named group: x25519(001d)" \
				618	-s "Verifying peer X.509 certificate... ok" \
				619	-s "HTTP/1.0 200 OK" \
				620	-C "received HelloRetryRequest message"
				621
				622	requires_config_enabled MBEDTLS_DEBUG_C
				623	requires_config_enabled MBEDTLS_SSL_CLI_C
				624	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				625	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				626	requires_openssl_tls1_3
				627	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
				628	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				629	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				630	0 \
				631	-s "Protocol is TLSv1.3" \
				632	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				633	-s "received signature algorithm: 0x403" \
				634	-s "got named group: x448(001e)" \
				635	-s "Verifying peer X.509 certificate... ok" \
				636	-s "HTTP/1.0 200 OK" \
				637	-C "received HelloRetryRequest message"
				638
				639	requires_config_enabled MBEDTLS_DEBUG_C
				640	requires_config_enabled MBEDTLS_SSL_CLI_C
				641	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				642	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				643	requires_openssl_tls1_3
				644	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
				645	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				646	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				647	0 \
				648	-s "Protocol is TLSv1.3" \
				649	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				650	-s "received signature algorithm: 0x503" \
				651	-s "got named group: x448(001e)" \
				652	-s "Verifying peer X.509 certificate... ok" \
				653	-s "HTTP/1.0 200 OK" \
				654	-C "received HelloRetryRequest message"
				655
				656	requires_config_enabled MBEDTLS_DEBUG_C
				657	requires_config_enabled MBEDTLS_SSL_CLI_C
				658	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				659	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				660	requires_openssl_tls1_3
				661	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
				662	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				663	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				664	0 \
				665	-s "Protocol is TLSv1.3" \
				666	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				667	-s "received signature algorithm: 0x603" \
				668	-s "got named group: x448(001e)" \
				669	-s "Verifying peer X.509 certificate... ok" \
				670	-s "HTTP/1.0 200 OK" \
				671	-C "received HelloRetryRequest message"
				672
				673	requires_config_enabled MBEDTLS_DEBUG_C
				674	requires_config_enabled MBEDTLS_SSL_CLI_C
				675	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				676	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				677	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				678	requires_openssl_tls1_3
				679	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
				680	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				681	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				682	0 \
				683	-s "Protocol is TLSv1.3" \
				684	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				685	-s "received signature algorithm: 0x804" \
				686	-s "got named group: x448(001e)" \
				687	-s "Verifying peer X.509 certificate... ok" \
				688	-s "HTTP/1.0 200 OK" \
				689	-C "received HelloRetryRequest message"
				690
				691	requires_config_enabled MBEDTLS_DEBUG_C
				692	requires_config_enabled MBEDTLS_SSL_CLI_C
				693	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				694	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				695	requires_openssl_tls1_3
				696	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				697	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				698	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				699	0 \
				700	-s "Protocol is TLSv1.3" \
				701	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				702	-s "received signature algorithm: 0x403" \
				703	-s "got named group: secp256r1(0017)" \
				704	-s "Verifying peer X.509 certificate... ok" \
				705	-s "HTTP/1.0 200 OK" \
				706	-C "received HelloRetryRequest message"
				707
				708	requires_config_enabled MBEDTLS_DEBUG_C
				709	requires_config_enabled MBEDTLS_SSL_CLI_C
				710	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				711	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				712	requires_openssl_tls1_3
				713	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				714	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				715	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				716	0 \
				717	-s "Protocol is TLSv1.3" \
				718	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				719	-s "received signature algorithm: 0x503" \
				720	-s "got named group: secp256r1(0017)" \
				721	-s "Verifying peer X.509 certificate... ok" \
				722	-s "HTTP/1.0 200 OK" \
				723	-C "received HelloRetryRequest message"
				724
				725	requires_config_enabled MBEDTLS_DEBUG_C
				726	requires_config_enabled MBEDTLS_SSL_CLI_C
				727	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				728	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				729	requires_openssl_tls1_3
				730	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				731	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				732	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				733	0 \
				734	-s "Protocol is TLSv1.3" \
				735	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				736	-s "received signature algorithm: 0x603" \
				737	-s "got named group: secp256r1(0017)" \
				738	-s "Verifying peer X.509 certificate... ok" \
				739	-s "HTTP/1.0 200 OK" \
				740	-C "received HelloRetryRequest message"
				741
				742	requires_config_enabled MBEDTLS_DEBUG_C
				743	requires_config_enabled MBEDTLS_SSL_CLI_C
				744	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				745	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				746	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				747	requires_openssl_tls1_3
				748	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				749	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				750	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				751	0 \
				752	-s "Protocol is TLSv1.3" \
				753	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				754	-s "received signature algorithm: 0x804" \
				755	-s "got named group: secp256r1(0017)" \
				756	-s "Verifying peer X.509 certificate... ok" \
				757	-s "HTTP/1.0 200 OK" \
				758	-C "received HelloRetryRequest message"
				759
				760	requires_config_enabled MBEDTLS_DEBUG_C
				761	requires_config_enabled MBEDTLS_SSL_CLI_C
				762	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				763	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				764	requires_openssl_tls1_3
				765	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				766	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				767	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				768	0 \
				769	-s "Protocol is TLSv1.3" \
				770	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				771	-s "received signature algorithm: 0x403" \
				772	-s "got named group: secp384r1(0018)" \
				773	-s "Verifying peer X.509 certificate... ok" \
				774	-s "HTTP/1.0 200 OK" \
				775	-C "received HelloRetryRequest message"
				776
				777	requires_config_enabled MBEDTLS_DEBUG_C
				778	requires_config_enabled MBEDTLS_SSL_CLI_C
				779	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				780	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				781	requires_openssl_tls1_3
				782	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				783	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				784	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				785	0 \
				786	-s "Protocol is TLSv1.3" \
				787	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				788	-s "received signature algorithm: 0x503" \
				789	-s "got named group: secp384r1(0018)" \
				790	-s "Verifying peer X.509 certificate... ok" \
				791	-s "HTTP/1.0 200 OK" \
				792	-C "received HelloRetryRequest message"
				793
				794	requires_config_enabled MBEDTLS_DEBUG_C
				795	requires_config_enabled MBEDTLS_SSL_CLI_C
				796	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				797	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				798	requires_openssl_tls1_3
				799	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				800	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				801	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				802	0 \
				803	-s "Protocol is TLSv1.3" \
				804	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				805	-s "received signature algorithm: 0x603" \
				806	-s "got named group: secp384r1(0018)" \
				807	-s "Verifying peer X.509 certificate... ok" \
				808	-s "HTTP/1.0 200 OK" \
				809	-C "received HelloRetryRequest message"
				810
				811	requires_config_enabled MBEDTLS_DEBUG_C
				812	requires_config_enabled MBEDTLS_SSL_CLI_C
				813	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				814	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				815	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				816	requires_openssl_tls1_3
				817	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				818	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				819	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				820	0 \
				821	-s "Protocol is TLSv1.3" \
				822	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				823	-s "received signature algorithm: 0x804" \
				824	-s "got named group: secp384r1(0018)" \
				825	-s "Verifying peer X.509 certificate... ok" \
				826	-s "HTTP/1.0 200 OK" \
				827	-C "received HelloRetryRequest message"
				828
				829	requires_config_enabled MBEDTLS_DEBUG_C
				830	requires_config_enabled MBEDTLS_SSL_CLI_C
				831	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				832	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				833	requires_openssl_tls1_3
				834	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				835	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				836	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				837	0 \
				838	-s "Protocol is TLSv1.3" \
				839	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				840	-s "received signature algorithm: 0x403" \
				841	-s "got named group: secp521r1(0019)" \
				842	-s "Verifying peer X.509 certificate... ok" \
				843	-s "HTTP/1.0 200 OK" \
				844	-C "received HelloRetryRequest message"
				845
				846	requires_config_enabled MBEDTLS_DEBUG_C
				847	requires_config_enabled MBEDTLS_SSL_CLI_C
				848	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				849	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				850	requires_openssl_tls1_3
				851	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				852	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				853	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				854	0 \
				855	-s "Protocol is TLSv1.3" \
				856	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				857	-s "received signature algorithm: 0x503" \
				858	-s "got named group: secp521r1(0019)" \
				859	-s "Verifying peer X.509 certificate... ok" \
				860	-s "HTTP/1.0 200 OK" \
				861	-C "received HelloRetryRequest message"
				862
				863	requires_config_enabled MBEDTLS_DEBUG_C
				864	requires_config_enabled MBEDTLS_SSL_CLI_C
				865	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				866	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				867	requires_openssl_tls1_3
				868	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				869	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				870	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				871	0 \
				872	-s "Protocol is TLSv1.3" \
				873	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				874	-s "received signature algorithm: 0x603" \
				875	-s "got named group: secp521r1(0019)" \
				876	-s "Verifying peer X.509 certificate... ok" \
				877	-s "HTTP/1.0 200 OK" \
				878	-C "received HelloRetryRequest message"
				879
				880	requires_config_enabled MBEDTLS_DEBUG_C
				881	requires_config_enabled MBEDTLS_SSL_CLI_C
				882	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				883	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				884	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				885	requires_openssl_tls1_3
				886	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				887	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				888	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				889	0 \
				890	-s "Protocol is TLSv1.3" \
				891	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				892	-s "received signature algorithm: 0x804" \
				893	-s "got named group: secp521r1(0019)" \
				894	-s "Verifying peer X.509 certificate... ok" \
				895	-s "HTTP/1.0 200 OK" \
				896	-C "received HelloRetryRequest message"
				897
				898	requires_config_enabled MBEDTLS_DEBUG_C
				899	requires_config_enabled MBEDTLS_SSL_CLI_C
				900	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				901	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				902	requires_openssl_tls1_3
				903	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
				904	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				905	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				906	0 \
				907	-s "Protocol is TLSv1.3" \
				908	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				909	-s "received signature algorithm: 0x403" \
				910	-s "got named group: x25519(001d)" \
				911	-s "Verifying peer X.509 certificate... ok" \
				912	-s "HTTP/1.0 200 OK" \
				913	-C "received HelloRetryRequest message"
				914
				915	requires_config_enabled MBEDTLS_DEBUG_C
				916	requires_config_enabled MBEDTLS_SSL_CLI_C
				917	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				918	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				919	requires_openssl_tls1_3
				920	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
				921	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				922	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				923	0 \
				924	-s "Protocol is TLSv1.3" \
				925	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				926	-s "received signature algorithm: 0x503" \
				927	-s "got named group: x25519(001d)" \
				928	-s "Verifying peer X.509 certificate... ok" \
				929	-s "HTTP/1.0 200 OK" \
				930	-C "received HelloRetryRequest message"
				931
				932	requires_config_enabled MBEDTLS_DEBUG_C
				933	requires_config_enabled MBEDTLS_SSL_CLI_C
				934	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				935	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				936	requires_openssl_tls1_3
				937	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
				938	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				939	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				940	0 \
				941	-s "Protocol is TLSv1.3" \
				942	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				943	-s "received signature algorithm: 0x603" \
				944	-s "got named group: x25519(001d)" \
				945	-s "Verifying peer X.509 certificate... ok" \
				946	-s "HTTP/1.0 200 OK" \
				947	-C "received HelloRetryRequest message"
				948
				949	requires_config_enabled MBEDTLS_DEBUG_C
				950	requires_config_enabled MBEDTLS_SSL_CLI_C
				951	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				952	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				953	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				954	requires_openssl_tls1_3
				955	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
				956	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				957	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				958	0 \
				959	-s "Protocol is TLSv1.3" \
				960	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				961	-s "received signature algorithm: 0x804" \
				962	-s "got named group: x25519(001d)" \
				963	-s "Verifying peer X.509 certificate... ok" \
				964	-s "HTTP/1.0 200 OK" \
				965	-C "received HelloRetryRequest message"
				966
				967	requires_config_enabled MBEDTLS_DEBUG_C
				968	requires_config_enabled MBEDTLS_SSL_CLI_C
				969	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				970	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				971	requires_openssl_tls1_3
				972	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
				973	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				974	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				975	0 \
				976	-s "Protocol is TLSv1.3" \
				977	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				978	-s "received signature algorithm: 0x403" \
				979	-s "got named group: x448(001e)" \
				980	-s "Verifying peer X.509 certificate... ok" \
				981	-s "HTTP/1.0 200 OK" \
				982	-C "received HelloRetryRequest message"
				983
				984	requires_config_enabled MBEDTLS_DEBUG_C
				985	requires_config_enabled MBEDTLS_SSL_CLI_C
				986	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				987	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				988	requires_openssl_tls1_3
				989	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
				990	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				991	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				992	0 \
				993	-s "Protocol is TLSv1.3" \
				994	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				995	-s "received signature algorithm: 0x503" \
				996	-s "got named group: x448(001e)" \
				997	-s "Verifying peer X.509 certificate... ok" \
				998	-s "HTTP/1.0 200 OK" \
				999	-C "received HelloRetryRequest message"
				1000
				1001	requires_config_enabled MBEDTLS_DEBUG_C
				1002	requires_config_enabled MBEDTLS_SSL_CLI_C
				1003	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1004	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1005	requires_openssl_tls1_3
				1006	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
				1007	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1008	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1009	0 \
				1010	-s "Protocol is TLSv1.3" \
				1011	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1012	-s "received signature algorithm: 0x603" \
				1013	-s "got named group: x448(001e)" \
				1014	-s "Verifying peer X.509 certificate... ok" \
				1015	-s "HTTP/1.0 200 OK" \
				1016	-C "received HelloRetryRequest message"
				1017
				1018	requires_config_enabled MBEDTLS_DEBUG_C
				1019	requires_config_enabled MBEDTLS_SSL_CLI_C
				1020	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1021	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1022	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1023	requires_openssl_tls1_3
				1024	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
				1025	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1026	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1027	0 \
				1028	-s "Protocol is TLSv1.3" \
				1029	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1030	-s "received signature algorithm: 0x804" \
				1031	-s "got named group: x448(001e)" \
				1032	-s "Verifying peer X.509 certificate... ok" \
				1033	-s "HTTP/1.0 200 OK" \
				1034	-C "received HelloRetryRequest message"
				1035
				1036	requires_config_enabled MBEDTLS_DEBUG_C
				1037	requires_config_enabled MBEDTLS_SSL_CLI_C
				1038	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1039	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1040	requires_openssl_tls1_3
				1041	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				1042	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1043	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1044	0 \
				1045	-s "Protocol is TLSv1.3" \
				1046	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1047	-s "received signature algorithm: 0x403" \
				1048	-s "got named group: secp256r1(0017)" \
				1049	-s "Verifying peer X.509 certificate... ok" \
				1050	-s "HTTP/1.0 200 OK" \
				1051	-C "received HelloRetryRequest message"
				1052
				1053	requires_config_enabled MBEDTLS_DEBUG_C
				1054	requires_config_enabled MBEDTLS_SSL_CLI_C
				1055	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1056	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1057	requires_openssl_tls1_3
				1058	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				1059	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1060	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1061	0 \
				1062	-s "Protocol is TLSv1.3" \
				1063	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1064	-s "received signature algorithm: 0x503" \
				1065	-s "got named group: secp256r1(0017)" \
				1066	-s "Verifying peer X.509 certificate... ok" \
				1067	-s "HTTP/1.0 200 OK" \
				1068	-C "received HelloRetryRequest message"
				1069
				1070	requires_config_enabled MBEDTLS_DEBUG_C
				1071	requires_config_enabled MBEDTLS_SSL_CLI_C
				1072	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1073	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1074	requires_openssl_tls1_3
				1075	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				1076	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1077	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1078	0 \
				1079	-s "Protocol is TLSv1.3" \
				1080	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1081	-s "received signature algorithm: 0x603" \
				1082	-s "got named group: secp256r1(0017)" \
				1083	-s "Verifying peer X.509 certificate... ok" \
				1084	-s "HTTP/1.0 200 OK" \
				1085	-C "received HelloRetryRequest message"
				1086
				1087	requires_config_enabled MBEDTLS_DEBUG_C
				1088	requires_config_enabled MBEDTLS_SSL_CLI_C
				1089	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1090	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1091	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1092	requires_openssl_tls1_3
				1093	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				1094	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1095	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1096	0 \
				1097	-s "Protocol is TLSv1.3" \
				1098	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1099	-s "received signature algorithm: 0x804" \
				1100	-s "got named group: secp256r1(0017)" \
				1101	-s "Verifying peer X.509 certificate... ok" \
				1102	-s "HTTP/1.0 200 OK" \
				1103	-C "received HelloRetryRequest message"
				1104
				1105	requires_config_enabled MBEDTLS_DEBUG_C
				1106	requires_config_enabled MBEDTLS_SSL_CLI_C
				1107	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1108	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1109	requires_openssl_tls1_3
				1110	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				1111	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1112	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1113	0 \
				1114	-s "Protocol is TLSv1.3" \
				1115	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1116	-s "received signature algorithm: 0x403" \
				1117	-s "got named group: secp384r1(0018)" \
				1118	-s "Verifying peer X.509 certificate... ok" \
				1119	-s "HTTP/1.0 200 OK" \
				1120	-C "received HelloRetryRequest message"
				1121
				1122	requires_config_enabled MBEDTLS_DEBUG_C
				1123	requires_config_enabled MBEDTLS_SSL_CLI_C
				1124	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1125	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1126	requires_openssl_tls1_3
				1127	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				1128	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1129	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1130	0 \
				1131	-s "Protocol is TLSv1.3" \
				1132	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1133	-s "received signature algorithm: 0x503" \
				1134	-s "got named group: secp384r1(0018)" \
				1135	-s "Verifying peer X.509 certificate... ok" \
				1136	-s "HTTP/1.0 200 OK" \
				1137	-C "received HelloRetryRequest message"
				1138
				1139	requires_config_enabled MBEDTLS_DEBUG_C
				1140	requires_config_enabled MBEDTLS_SSL_CLI_C
				1141	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1142	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1143	requires_openssl_tls1_3
				1144	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				1145	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1146	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1147	0 \
				1148	-s "Protocol is TLSv1.3" \
				1149	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1150	-s "received signature algorithm: 0x603" \
				1151	-s "got named group: secp384r1(0018)" \
				1152	-s "Verifying peer X.509 certificate... ok" \
				1153	-s "HTTP/1.0 200 OK" \
				1154	-C "received HelloRetryRequest message"
				1155
				1156	requires_config_enabled MBEDTLS_DEBUG_C
				1157	requires_config_enabled MBEDTLS_SSL_CLI_C
				1158	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1159	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1160	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1161	requires_openssl_tls1_3
				1162	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				1163	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1164	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1165	0 \
				1166	-s "Protocol is TLSv1.3" \
				1167	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1168	-s "received signature algorithm: 0x804" \
				1169	-s "got named group: secp384r1(0018)" \
				1170	-s "Verifying peer X.509 certificate... ok" \
				1171	-s "HTTP/1.0 200 OK" \
				1172	-C "received HelloRetryRequest message"
				1173
				1174	requires_config_enabled MBEDTLS_DEBUG_C
				1175	requires_config_enabled MBEDTLS_SSL_CLI_C
				1176	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1177	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1178	requires_openssl_tls1_3
				1179	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				1180	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1181	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1182	0 \
				1183	-s "Protocol is TLSv1.3" \
				1184	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1185	-s "received signature algorithm: 0x403" \
				1186	-s "got named group: secp521r1(0019)" \
				1187	-s "Verifying peer X.509 certificate... ok" \
				1188	-s "HTTP/1.0 200 OK" \
				1189	-C "received HelloRetryRequest message"
				1190
				1191	requires_config_enabled MBEDTLS_DEBUG_C
				1192	requires_config_enabled MBEDTLS_SSL_CLI_C
				1193	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1194	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1195	requires_openssl_tls1_3
				1196	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				1197	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1198	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1199	0 \
				1200	-s "Protocol is TLSv1.3" \
				1201	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1202	-s "received signature algorithm: 0x503" \
				1203	-s "got named group: secp521r1(0019)" \
				1204	-s "Verifying peer X.509 certificate... ok" \
				1205	-s "HTTP/1.0 200 OK" \
				1206	-C "received HelloRetryRequest message"
				1207
				1208	requires_config_enabled MBEDTLS_DEBUG_C
				1209	requires_config_enabled MBEDTLS_SSL_CLI_C
				1210	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1211	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1212	requires_openssl_tls1_3
				1213	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				1214	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1215	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1216	0 \
				1217	-s "Protocol is TLSv1.3" \
				1218	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1219	-s "received signature algorithm: 0x603" \
				1220	-s "got named group: secp521r1(0019)" \
				1221	-s "Verifying peer X.509 certificate... ok" \
				1222	-s "HTTP/1.0 200 OK" \
				1223	-C "received HelloRetryRequest message"
				1224
				1225	requires_config_enabled MBEDTLS_DEBUG_C
				1226	requires_config_enabled MBEDTLS_SSL_CLI_C
				1227	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1228	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1229	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1230	requires_openssl_tls1_3
				1231	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				1232	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1233	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1234	0 \
				1235	-s "Protocol is TLSv1.3" \
				1236	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1237	-s "received signature algorithm: 0x804" \
				1238	-s "got named group: secp521r1(0019)" \
				1239	-s "Verifying peer X.509 certificate... ok" \
				1240	-s "HTTP/1.0 200 OK" \
				1241	-C "received HelloRetryRequest message"
				1242
				1243	requires_config_enabled MBEDTLS_DEBUG_C
				1244	requires_config_enabled MBEDTLS_SSL_CLI_C
				1245	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1246	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1247	requires_openssl_tls1_3
				1248	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
				1249	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1250	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1251	0 \
				1252	-s "Protocol is TLSv1.3" \
				1253	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1254	-s "received signature algorithm: 0x403" \
				1255	-s "got named group: x25519(001d)" \
				1256	-s "Verifying peer X.509 certificate... ok" \
				1257	-s "HTTP/1.0 200 OK" \
				1258	-C "received HelloRetryRequest message"
				1259
				1260	requires_config_enabled MBEDTLS_DEBUG_C
				1261	requires_config_enabled MBEDTLS_SSL_CLI_C
				1262	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1263	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1264	requires_openssl_tls1_3
				1265	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
				1266	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1267	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1268	0 \
				1269	-s "Protocol is TLSv1.3" \
				1270	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1271	-s "received signature algorithm: 0x503" \
				1272	-s "got named group: x25519(001d)" \
				1273	-s "Verifying peer X.509 certificate... ok" \
				1274	-s "HTTP/1.0 200 OK" \
				1275	-C "received HelloRetryRequest message"
				1276
				1277	requires_config_enabled MBEDTLS_DEBUG_C
				1278	requires_config_enabled MBEDTLS_SSL_CLI_C
				1279	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1280	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1281	requires_openssl_tls1_3
				1282	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
				1283	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1284	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1285	0 \
				1286	-s "Protocol is TLSv1.3" \
				1287	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1288	-s "received signature algorithm: 0x603" \
				1289	-s "got named group: x25519(001d)" \
				1290	-s "Verifying peer X.509 certificate... ok" \
				1291	-s "HTTP/1.0 200 OK" \
				1292	-C "received HelloRetryRequest message"
				1293
				1294	requires_config_enabled MBEDTLS_DEBUG_C
				1295	requires_config_enabled MBEDTLS_SSL_CLI_C
				1296	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1297	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1298	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1299	requires_openssl_tls1_3
				1300	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
				1301	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1302	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1303	0 \
				1304	-s "Protocol is TLSv1.3" \
				1305	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1306	-s "received signature algorithm: 0x804" \
				1307	-s "got named group: x25519(001d)" \
				1308	-s "Verifying peer X.509 certificate... ok" \
				1309	-s "HTTP/1.0 200 OK" \
				1310	-C "received HelloRetryRequest message"
				1311
				1312	requires_config_enabled MBEDTLS_DEBUG_C
				1313	requires_config_enabled MBEDTLS_SSL_CLI_C
				1314	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1315	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1316	requires_openssl_tls1_3
				1317	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
				1318	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1319	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1320	0 \
				1321	-s "Protocol is TLSv1.3" \
				1322	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1323	-s "received signature algorithm: 0x403" \
				1324	-s "got named group: x448(001e)" \
				1325	-s "Verifying peer X.509 certificate... ok" \
				1326	-s "HTTP/1.0 200 OK" \
				1327	-C "received HelloRetryRequest message"
				1328
				1329	requires_config_enabled MBEDTLS_DEBUG_C
				1330	requires_config_enabled MBEDTLS_SSL_CLI_C
				1331	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1332	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1333	requires_openssl_tls1_3
				1334	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
				1335	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1336	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1337	0 \
				1338	-s "Protocol is TLSv1.3" \
				1339	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1340	-s "received signature algorithm: 0x503" \
				1341	-s "got named group: x448(001e)" \
				1342	-s "Verifying peer X.509 certificate... ok" \
				1343	-s "HTTP/1.0 200 OK" \
				1344	-C "received HelloRetryRequest message"
				1345
				1346	requires_config_enabled MBEDTLS_DEBUG_C
				1347	requires_config_enabled MBEDTLS_SSL_CLI_C
				1348	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1349	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1350	requires_openssl_tls1_3
				1351	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
				1352	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1353	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1354	0 \
				1355	-s "Protocol is TLSv1.3" \
				1356	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1357	-s "received signature algorithm: 0x603" \
				1358	-s "got named group: x448(001e)" \
				1359	-s "Verifying peer X.509 certificate... ok" \
				1360	-s "HTTP/1.0 200 OK" \
				1361	-C "received HelloRetryRequest message"
				1362
				1363	requires_config_enabled MBEDTLS_DEBUG_C
				1364	requires_config_enabled MBEDTLS_SSL_CLI_C
				1365	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1366	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1367	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1368	requires_openssl_tls1_3
				1369	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
				1370	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1371	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1372	0 \
				1373	-s "Protocol is TLSv1.3" \
				1374	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1375	-s "received signature algorithm: 0x804" \
				1376	-s "got named group: x448(001e)" \
				1377	-s "Verifying peer X.509 certificate... ok" \
				1378	-s "HTTP/1.0 200 OK" \
				1379	-C "received HelloRetryRequest message"
				1380
				1381	requires_config_enabled MBEDTLS_DEBUG_C
				1382	requires_config_enabled MBEDTLS_SSL_CLI_C
				1383	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1384	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1385	requires_openssl_tls1_3
				1386	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				1387	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1388	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1389	0 \
				1390	-s "Protocol is TLSv1.3" \
				1391	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1392	-s "received signature algorithm: 0x403" \
				1393	-s "got named group: secp256r1(0017)" \
				1394	-s "Verifying peer X.509 certificate... ok" \
				1395	-s "HTTP/1.0 200 OK" \
				1396	-C "received HelloRetryRequest message"
				1397
				1398	requires_config_enabled MBEDTLS_DEBUG_C
				1399	requires_config_enabled MBEDTLS_SSL_CLI_C
				1400	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1401	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1402	requires_openssl_tls1_3
				1403	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				1404	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1405	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1406	0 \
				1407	-s "Protocol is TLSv1.3" \
				1408	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1409	-s "received signature algorithm: 0x503" \
				1410	-s "got named group: secp256r1(0017)" \
				1411	-s "Verifying peer X.509 certificate... ok" \
				1412	-s "HTTP/1.0 200 OK" \
				1413	-C "received HelloRetryRequest message"
				1414
				1415	requires_config_enabled MBEDTLS_DEBUG_C
				1416	requires_config_enabled MBEDTLS_SSL_CLI_C
				1417	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1418	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1419	requires_openssl_tls1_3
				1420	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				1421	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1422	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1423	0 \
				1424	-s "Protocol is TLSv1.3" \
				1425	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1426	-s "received signature algorithm: 0x603" \
				1427	-s "got named group: secp256r1(0017)" \
				1428	-s "Verifying peer X.509 certificate... ok" \
				1429	-s "HTTP/1.0 200 OK" \
				1430	-C "received HelloRetryRequest message"
				1431
				1432	requires_config_enabled MBEDTLS_DEBUG_C
				1433	requires_config_enabled MBEDTLS_SSL_CLI_C
				1434	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1435	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1436	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1437	requires_openssl_tls1_3
				1438	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				1439	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1440	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1441	0 \
				1442	-s "Protocol is TLSv1.3" \
				1443	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1444	-s "received signature algorithm: 0x804" \
				1445	-s "got named group: secp256r1(0017)" \
				1446	-s "Verifying peer X.509 certificate... ok" \
				1447	-s "HTTP/1.0 200 OK" \
				1448	-C "received HelloRetryRequest message"
				1449
				1450	requires_config_enabled MBEDTLS_DEBUG_C
				1451	requires_config_enabled MBEDTLS_SSL_CLI_C
				1452	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1453	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1454	requires_openssl_tls1_3
				1455	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				1456	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1457	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1458	0 \
				1459	-s "Protocol is TLSv1.3" \
				1460	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1461	-s "received signature algorithm: 0x403" \
				1462	-s "got named group: secp384r1(0018)" \
				1463	-s "Verifying peer X.509 certificate... ok" \
				1464	-s "HTTP/1.0 200 OK" \
				1465	-C "received HelloRetryRequest message"
				1466
				1467	requires_config_enabled MBEDTLS_DEBUG_C
				1468	requires_config_enabled MBEDTLS_SSL_CLI_C
				1469	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1470	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1471	requires_openssl_tls1_3
				1472	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				1473	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1474	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1475	0 \
				1476	-s "Protocol is TLSv1.3" \
				1477	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1478	-s "received signature algorithm: 0x503" \
				1479	-s "got named group: secp384r1(0018)" \
				1480	-s "Verifying peer X.509 certificate... ok" \
				1481	-s "HTTP/1.0 200 OK" \
				1482	-C "received HelloRetryRequest message"
				1483
				1484	requires_config_enabled MBEDTLS_DEBUG_C
				1485	requires_config_enabled MBEDTLS_SSL_CLI_C
				1486	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1487	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1488	requires_openssl_tls1_3
				1489	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				1490	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1491	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1492	0 \
				1493	-s "Protocol is TLSv1.3" \
				1494	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1495	-s "received signature algorithm: 0x603" \
				1496	-s "got named group: secp384r1(0018)" \
				1497	-s "Verifying peer X.509 certificate... ok" \
				1498	-s "HTTP/1.0 200 OK" \
				1499	-C "received HelloRetryRequest message"
				1500
				1501	requires_config_enabled MBEDTLS_DEBUG_C
				1502	requires_config_enabled MBEDTLS_SSL_CLI_C
				1503	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1504	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1505	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1506	requires_openssl_tls1_3
				1507	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				1508	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1509	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1510	0 \
				1511	-s "Protocol is TLSv1.3" \
				1512	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1513	-s "received signature algorithm: 0x804" \
				1514	-s "got named group: secp384r1(0018)" \
				1515	-s "Verifying peer X.509 certificate... ok" \
				1516	-s "HTTP/1.0 200 OK" \
				1517	-C "received HelloRetryRequest message"
				1518
				1519	requires_config_enabled MBEDTLS_DEBUG_C
				1520	requires_config_enabled MBEDTLS_SSL_CLI_C
				1521	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1522	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1523	requires_openssl_tls1_3
				1524	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				1525	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1526	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1527	0 \
				1528	-s "Protocol is TLSv1.3" \
				1529	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1530	-s "received signature algorithm: 0x403" \
				1531	-s "got named group: secp521r1(0019)" \
				1532	-s "Verifying peer X.509 certificate... ok" \
				1533	-s "HTTP/1.0 200 OK" \
				1534	-C "received HelloRetryRequest message"
				1535
				1536	requires_config_enabled MBEDTLS_DEBUG_C
				1537	requires_config_enabled MBEDTLS_SSL_CLI_C
				1538	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1539	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1540	requires_openssl_tls1_3
				1541	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				1542	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1543	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1544	0 \
				1545	-s "Protocol is TLSv1.3" \
				1546	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1547	-s "received signature algorithm: 0x503" \
				1548	-s "got named group: secp521r1(0019)" \
				1549	-s "Verifying peer X.509 certificate... ok" \
				1550	-s "HTTP/1.0 200 OK" \
				1551	-C "received HelloRetryRequest message"
				1552
				1553	requires_config_enabled MBEDTLS_DEBUG_C
				1554	requires_config_enabled MBEDTLS_SSL_CLI_C
				1555	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1556	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1557	requires_openssl_tls1_3
				1558	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				1559	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1560	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1561	0 \
				1562	-s "Protocol is TLSv1.3" \
				1563	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1564	-s "received signature algorithm: 0x603" \
				1565	-s "got named group: secp521r1(0019)" \
				1566	-s "Verifying peer X.509 certificate... ok" \
				1567	-s "HTTP/1.0 200 OK" \
				1568	-C "received HelloRetryRequest message"
				1569
				1570	requires_config_enabled MBEDTLS_DEBUG_C
				1571	requires_config_enabled MBEDTLS_SSL_CLI_C
				1572	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1573	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1574	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1575	requires_openssl_tls1_3
				1576	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				1577	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1578	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1579	0 \
				1580	-s "Protocol is TLSv1.3" \
				1581	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1582	-s "received signature algorithm: 0x804" \
				1583	-s "got named group: secp521r1(0019)" \
				1584	-s "Verifying peer X.509 certificate... ok" \
				1585	-s "HTTP/1.0 200 OK" \
				1586	-C "received HelloRetryRequest message"
				1587
				1588	requires_config_enabled MBEDTLS_DEBUG_C
				1589	requires_config_enabled MBEDTLS_SSL_CLI_C
				1590	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1591	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1592	requires_openssl_tls1_3
				1593	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
				1594	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1595	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1596	0 \
				1597	-s "Protocol is TLSv1.3" \
				1598	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1599	-s "received signature algorithm: 0x403" \
				1600	-s "got named group: x25519(001d)" \
				1601	-s "Verifying peer X.509 certificate... ok" \
				1602	-s "HTTP/1.0 200 OK" \
				1603	-C "received HelloRetryRequest message"
				1604
				1605	requires_config_enabled MBEDTLS_DEBUG_C
				1606	requires_config_enabled MBEDTLS_SSL_CLI_C
				1607	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1608	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1609	requires_openssl_tls1_3
				1610	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
				1611	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1612	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1613	0 \
				1614	-s "Protocol is TLSv1.3" \
				1615	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1616	-s "received signature algorithm: 0x503" \
				1617	-s "got named group: x25519(001d)" \
				1618	-s "Verifying peer X.509 certificate... ok" \
				1619	-s "HTTP/1.0 200 OK" \
				1620	-C "received HelloRetryRequest message"
				1621
				1622	requires_config_enabled MBEDTLS_DEBUG_C
				1623	requires_config_enabled MBEDTLS_SSL_CLI_C
				1624	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1625	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1626	requires_openssl_tls1_3
				1627	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
				1628	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1629	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1630	0 \
				1631	-s "Protocol is TLSv1.3" \
				1632	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1633	-s "received signature algorithm: 0x603" \
				1634	-s "got named group: x25519(001d)" \
				1635	-s "Verifying peer X.509 certificate... ok" \
				1636	-s "HTTP/1.0 200 OK" \
				1637	-C "received HelloRetryRequest message"
				1638
				1639	requires_config_enabled MBEDTLS_DEBUG_C
				1640	requires_config_enabled MBEDTLS_SSL_CLI_C
				1641	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1642	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1643	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1644	requires_openssl_tls1_3
				1645	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
				1646	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1647	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1648	0 \
				1649	-s "Protocol is TLSv1.3" \
				1650	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1651	-s "received signature algorithm: 0x804" \
				1652	-s "got named group: x25519(001d)" \
				1653	-s "Verifying peer X.509 certificate... ok" \
				1654	-s "HTTP/1.0 200 OK" \
				1655	-C "received HelloRetryRequest message"
				1656
				1657	requires_config_enabled MBEDTLS_DEBUG_C
				1658	requires_config_enabled MBEDTLS_SSL_CLI_C
				1659	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1660	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1661	requires_openssl_tls1_3
				1662	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
				1663	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1664	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1665	0 \
				1666	-s "Protocol is TLSv1.3" \
				1667	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1668	-s "received signature algorithm: 0x403" \
				1669	-s "got named group: x448(001e)" \
				1670	-s "Verifying peer X.509 certificate... ok" \
				1671	-s "HTTP/1.0 200 OK" \
				1672	-C "received HelloRetryRequest message"
				1673
				1674	requires_config_enabled MBEDTLS_DEBUG_C
				1675	requires_config_enabled MBEDTLS_SSL_CLI_C
				1676	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1677	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1678	requires_openssl_tls1_3
				1679	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
				1680	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1681	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1682	0 \
				1683	-s "Protocol is TLSv1.3" \
				1684	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1685	-s "received signature algorithm: 0x503" \
				1686	-s "got named group: x448(001e)" \
				1687	-s "Verifying peer X.509 certificate... ok" \
				1688	-s "HTTP/1.0 200 OK" \
				1689	-C "received HelloRetryRequest message"
				1690
				1691	requires_config_enabled MBEDTLS_DEBUG_C
				1692	requires_config_enabled MBEDTLS_SSL_CLI_C
				1693	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1694	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1695	requires_openssl_tls1_3
				1696	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
				1697	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1698	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				1699	0 \
				1700	-s "Protocol is TLSv1.3" \
				1701	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1702	-s "received signature algorithm: 0x603" \
				1703	-s "got named group: x448(001e)" \
				1704	-s "Verifying peer X.509 certificate... ok" \
				1705	-s "HTTP/1.0 200 OK" \
				1706	-C "received HelloRetryRequest message"
				1707
				1708	requires_config_enabled MBEDTLS_DEBUG_C
				1709	requires_config_enabled MBEDTLS_SSL_CLI_C
				1710	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1711	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1712	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1713	requires_openssl_tls1_3
				1714	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
				1715	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1716	"$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
				1717	0 \
				1718	-s "Protocol is TLSv1.3" \
				1719	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1720	-s "received signature algorithm: 0x804" \
				1721	-s "got named group: x448(001e)" \
				1722	-s "Verifying peer X.509 certificate... ok" \
				1723	-s "HTTP/1.0 200 OK" \
				1724	-C "received HelloRetryRequest message"
				1725
				1726	requires_config_enabled MBEDTLS_DEBUG_C
				1727	requires_config_enabled MBEDTLS_SSL_CLI_C
				1728	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1729	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1730	requires_gnutls_tls1_3
				1731	requires_gnutls_next_no_ticket
				1732	requires_gnutls_next_disable_tls13_compat
				1733	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				1734	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1735	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1736	0 \
				1737	-s "Protocol is TLSv1.3" \
				1738	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1739	-s "received signature algorithm: 0x403" \
				1740	-s "got named group: secp256r1(0017)" \
				1741	-s "Verifying peer X.509 certificate... ok" \
				1742	-c "HTTP/1.0 200 OK" \
				1743	-C "received HelloRetryRequest message"
				1744
				1745	requires_config_enabled MBEDTLS_DEBUG_C
				1746	requires_config_enabled MBEDTLS_SSL_CLI_C
				1747	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1748	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1749	requires_gnutls_tls1_3
				1750	requires_gnutls_next_no_ticket
				1751	requires_gnutls_next_disable_tls13_compat
				1752	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				1753	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1754	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1755	0 \
				1756	-s "Protocol is TLSv1.3" \
				1757	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1758	-s "received signature algorithm: 0x503" \
				1759	-s "got named group: secp256r1(0017)" \
				1760	-s "Verifying peer X.509 certificate... ok" \
				1761	-c "HTTP/1.0 200 OK" \
				1762	-C "received HelloRetryRequest message"
				1763
				1764	requires_config_enabled MBEDTLS_DEBUG_C
				1765	requires_config_enabled MBEDTLS_SSL_CLI_C
				1766	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1767	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1768	requires_gnutls_tls1_3
				1769	requires_gnutls_next_no_ticket
				1770	requires_gnutls_next_disable_tls13_compat
				1771	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				1772	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1773	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1774	0 \
				1775	-s "Protocol is TLSv1.3" \
				1776	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1777	-s "received signature algorithm: 0x603" \
				1778	-s "got named group: secp256r1(0017)" \
				1779	-s "Verifying peer X.509 certificate... ok" \
				1780	-c "HTTP/1.0 200 OK" \
				1781	-C "received HelloRetryRequest message"
				1782
				1783	requires_config_enabled MBEDTLS_DEBUG_C
				1784	requires_config_enabled MBEDTLS_SSL_CLI_C
				1785	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1786	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1787	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1788	requires_gnutls_tls1_3
				1789	requires_gnutls_next_no_ticket
				1790	requires_gnutls_next_disable_tls13_compat
				1791	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				1792	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1793	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				1794	0 \
				1795	-s "Protocol is TLSv1.3" \
				1796	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1797	-s "received signature algorithm: 0x804" \
				1798	-s "got named group: secp256r1(0017)" \
				1799	-s "Verifying peer X.509 certificate... ok" \
				1800	-c "HTTP/1.0 200 OK" \
				1801	-C "received HelloRetryRequest message"
				1802
				1803	requires_config_enabled MBEDTLS_DEBUG_C
				1804	requires_config_enabled MBEDTLS_SSL_CLI_C
				1805	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1806	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1807	requires_gnutls_tls1_3
				1808	requires_gnutls_next_no_ticket
				1809	requires_gnutls_next_disable_tls13_compat
				1810	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				1811	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1812	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1813	0 \
				1814	-s "Protocol is TLSv1.3" \
				1815	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1816	-s "received signature algorithm: 0x403" \
				1817	-s "got named group: secp384r1(0018)" \
				1818	-s "Verifying peer X.509 certificate... ok" \
				1819	-c "HTTP/1.0 200 OK" \
				1820	-C "received HelloRetryRequest message"
				1821
				1822	requires_config_enabled MBEDTLS_DEBUG_C
				1823	requires_config_enabled MBEDTLS_SSL_CLI_C
				1824	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1825	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1826	requires_gnutls_tls1_3
				1827	requires_gnutls_next_no_ticket
				1828	requires_gnutls_next_disable_tls13_compat
				1829	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				1830	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1831	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1832	0 \
				1833	-s "Protocol is TLSv1.3" \
				1834	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1835	-s "received signature algorithm: 0x503" \
				1836	-s "got named group: secp384r1(0018)" \
				1837	-s "Verifying peer X.509 certificate... ok" \
				1838	-c "HTTP/1.0 200 OK" \
				1839	-C "received HelloRetryRequest message"
				1840
				1841	requires_config_enabled MBEDTLS_DEBUG_C
				1842	requires_config_enabled MBEDTLS_SSL_CLI_C
				1843	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1844	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1845	requires_gnutls_tls1_3
				1846	requires_gnutls_next_no_ticket
				1847	requires_gnutls_next_disable_tls13_compat
				1848	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				1849	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1850	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1851	0 \
				1852	-s "Protocol is TLSv1.3" \
				1853	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1854	-s "received signature algorithm: 0x603" \
				1855	-s "got named group: secp384r1(0018)" \
				1856	-s "Verifying peer X.509 certificate... ok" \
				1857	-c "HTTP/1.0 200 OK" \
				1858	-C "received HelloRetryRequest message"
				1859
				1860	requires_config_enabled MBEDTLS_DEBUG_C
				1861	requires_config_enabled MBEDTLS_SSL_CLI_C
				1862	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1863	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1864	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1865	requires_gnutls_tls1_3
				1866	requires_gnutls_next_no_ticket
				1867	requires_gnutls_next_disable_tls13_compat
				1868	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				1869	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1870	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				1871	0 \
				1872	-s "Protocol is TLSv1.3" \
				1873	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1874	-s "received signature algorithm: 0x804" \
				1875	-s "got named group: secp384r1(0018)" \
				1876	-s "Verifying peer X.509 certificate... ok" \
				1877	-c "HTTP/1.0 200 OK" \
				1878	-C "received HelloRetryRequest message"
				1879
				1880	requires_config_enabled MBEDTLS_DEBUG_C
				1881	requires_config_enabled MBEDTLS_SSL_CLI_C
				1882	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1883	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1884	requires_gnutls_tls1_3
				1885	requires_gnutls_next_no_ticket
				1886	requires_gnutls_next_disable_tls13_compat
				1887	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				1888	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1889	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1890	0 \
				1891	-s "Protocol is TLSv1.3" \
				1892	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1893	-s "received signature algorithm: 0x403" \
				1894	-s "got named group: secp521r1(0019)" \
				1895	-s "Verifying peer X.509 certificate... ok" \
				1896	-c "HTTP/1.0 200 OK" \
				1897	-C "received HelloRetryRequest message"
				1898
				1899	requires_config_enabled MBEDTLS_DEBUG_C
				1900	requires_config_enabled MBEDTLS_SSL_CLI_C
				1901	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1902	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1903	requires_gnutls_tls1_3
				1904	requires_gnutls_next_no_ticket
				1905	requires_gnutls_next_disable_tls13_compat
				1906	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				1907	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1908	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1909	0 \
				1910	-s "Protocol is TLSv1.3" \
				1911	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1912	-s "received signature algorithm: 0x503" \
				1913	-s "got named group: secp521r1(0019)" \
				1914	-s "Verifying peer X.509 certificate... ok" \
				1915	-c "HTTP/1.0 200 OK" \
				1916	-C "received HelloRetryRequest message"
				1917
				1918	requires_config_enabled MBEDTLS_DEBUG_C
				1919	requires_config_enabled MBEDTLS_SSL_CLI_C
				1920	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1921	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1922	requires_gnutls_tls1_3
				1923	requires_gnutls_next_no_ticket
				1924	requires_gnutls_next_disable_tls13_compat
				1925	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				1926	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1927	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1928	0 \
				1929	-s "Protocol is TLSv1.3" \
				1930	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1931	-s "received signature algorithm: 0x603" \
				1932	-s "got named group: secp521r1(0019)" \
				1933	-s "Verifying peer X.509 certificate... ok" \
				1934	-c "HTTP/1.0 200 OK" \
				1935	-C "received HelloRetryRequest message"
				1936
				1937	requires_config_enabled MBEDTLS_DEBUG_C
				1938	requires_config_enabled MBEDTLS_SSL_CLI_C
				1939	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1940	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1941	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				1942	requires_gnutls_tls1_3
				1943	requires_gnutls_next_no_ticket
				1944	requires_gnutls_next_disable_tls13_compat
				1945	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				1946	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1947	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				1948	0 \
				1949	-s "Protocol is TLSv1.3" \
				1950	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1951	-s "received signature algorithm: 0x804" \
				1952	-s "got named group: secp521r1(0019)" \
				1953	-s "Verifying peer X.509 certificate... ok" \
				1954	-c "HTTP/1.0 200 OK" \
				1955	-C "received HelloRetryRequest message"
				1956
				1957	requires_config_enabled MBEDTLS_DEBUG_C
				1958	requires_config_enabled MBEDTLS_SSL_CLI_C
				1959	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1960	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1961	requires_gnutls_tls1_3
				1962	requires_gnutls_next_no_ticket
				1963	requires_gnutls_next_disable_tls13_compat
				1964	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
				1965	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1966	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1967	0 \
				1968	-s "Protocol is TLSv1.3" \
				1969	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1970	-s "received signature algorithm: 0x403" \
				1971	-s "got named group: x25519(001d)" \
				1972	-s "Verifying peer X.509 certificate... ok" \
				1973	-c "HTTP/1.0 200 OK" \
				1974	-C "received HelloRetryRequest message"
				1975
				1976	requires_config_enabled MBEDTLS_DEBUG_C
				1977	requires_config_enabled MBEDTLS_SSL_CLI_C
				1978	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1979	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1980	requires_gnutls_tls1_3
				1981	requires_gnutls_next_no_ticket
				1982	requires_gnutls_next_disable_tls13_compat
				1983	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
				1984	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1985	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				1986	0 \
				1987	-s "Protocol is TLSv1.3" \
				1988	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				1989	-s "received signature algorithm: 0x503" \
				1990	-s "got named group: x25519(001d)" \
				1991	-s "Verifying peer X.509 certificate... ok" \
				1992	-c "HTTP/1.0 200 OK" \
				1993	-C "received HelloRetryRequest message"
				1994
				1995	requires_config_enabled MBEDTLS_DEBUG_C
				1996	requires_config_enabled MBEDTLS_SSL_CLI_C
				1997	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				1998	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1999	requires_gnutls_tls1_3
				2000	requires_gnutls_next_no_ticket
				2001	requires_gnutls_next_disable_tls13_compat
				2002	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
				2003	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2004	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2005	0 \
				2006	-s "Protocol is TLSv1.3" \
				2007	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2008	-s "received signature algorithm: 0x603" \
				2009	-s "got named group: x25519(001d)" \
				2010	-s "Verifying peer X.509 certificate... ok" \
				2011	-c "HTTP/1.0 200 OK" \
				2012	-C "received HelloRetryRequest message"
				2013
				2014	requires_config_enabled MBEDTLS_DEBUG_C
				2015	requires_config_enabled MBEDTLS_SSL_CLI_C
				2016	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2017	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2018	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2019	requires_gnutls_tls1_3
				2020	requires_gnutls_next_no_ticket
				2021	requires_gnutls_next_disable_tls13_compat
				2022	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
				2023	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2024	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2025	0 \
				2026	-s "Protocol is TLSv1.3" \
				2027	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2028	-s "received signature algorithm: 0x804" \
				2029	-s "got named group: x25519(001d)" \
				2030	-s "Verifying peer X.509 certificate... ok" \
				2031	-c "HTTP/1.0 200 OK" \
				2032	-C "received HelloRetryRequest message"
				2033
				2034	requires_config_enabled MBEDTLS_DEBUG_C
				2035	requires_config_enabled MBEDTLS_SSL_CLI_C
				2036	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2037	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2038	requires_gnutls_tls1_3
				2039	requires_gnutls_next_no_ticket
				2040	requires_gnutls_next_disable_tls13_compat
				2041	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
				2042	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2043	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2044	0 \
				2045	-s "Protocol is TLSv1.3" \
				2046	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2047	-s "received signature algorithm: 0x403" \
				2048	-s "got named group: x448(001e)" \
				2049	-s "Verifying peer X.509 certificate... ok" \
				2050	-c "HTTP/1.0 200 OK" \
				2051	-C "received HelloRetryRequest message"
				2052
				2053	requires_config_enabled MBEDTLS_DEBUG_C
				2054	requires_config_enabled MBEDTLS_SSL_CLI_C
				2055	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2056	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2057	requires_gnutls_tls1_3
				2058	requires_gnutls_next_no_ticket
				2059	requires_gnutls_next_disable_tls13_compat
				2060	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
				2061	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2062	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2063	0 \
				2064	-s "Protocol is TLSv1.3" \
				2065	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2066	-s "received signature algorithm: 0x503" \
				2067	-s "got named group: x448(001e)" \
				2068	-s "Verifying peer X.509 certificate... ok" \
				2069	-c "HTTP/1.0 200 OK" \
				2070	-C "received HelloRetryRequest message"
				2071
				2072	requires_config_enabled MBEDTLS_DEBUG_C
				2073	requires_config_enabled MBEDTLS_SSL_CLI_C
				2074	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2075	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2076	requires_gnutls_tls1_3
				2077	requires_gnutls_next_no_ticket
				2078	requires_gnutls_next_disable_tls13_compat
				2079	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
				2080	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2081	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2082	0 \
				2083	-s "Protocol is TLSv1.3" \
				2084	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2085	-s "received signature algorithm: 0x603" \
				2086	-s "got named group: x448(001e)" \
				2087	-s "Verifying peer X.509 certificate... ok" \
				2088	-c "HTTP/1.0 200 OK" \
				2089	-C "received HelloRetryRequest message"
				2090
				2091	requires_config_enabled MBEDTLS_DEBUG_C
				2092	requires_config_enabled MBEDTLS_SSL_CLI_C
				2093	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2094	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2095	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2096	requires_gnutls_tls1_3
				2097	requires_gnutls_next_no_ticket
				2098	requires_gnutls_next_disable_tls13_compat
				2099	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
				2100	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2101	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2102	0 \
				2103	-s "Protocol is TLSv1.3" \
				2104	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2105	-s "received signature algorithm: 0x804" \
				2106	-s "got named group: x448(001e)" \
				2107	-s "Verifying peer X.509 certificate... ok" \
				2108	-c "HTTP/1.0 200 OK" \
				2109	-C "received HelloRetryRequest message"
				2110
				2111	requires_config_enabled MBEDTLS_DEBUG_C
				2112	requires_config_enabled MBEDTLS_SSL_CLI_C
				2113	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2114	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2115	requires_gnutls_tls1_3
				2116	requires_gnutls_next_no_ticket
				2117	requires_gnutls_next_disable_tls13_compat
				2118	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
				2119	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2120	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2121	0 \
				2122	-s "Protocol is TLSv1.3" \
				2123	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2124	-s "received signature algorithm: 0x403" \
				2125	-s "got named group: secp256r1(0017)" \
				2126	-s "Verifying peer X.509 certificate... ok" \
				2127	-c "HTTP/1.0 200 OK" \
				2128	-C "received HelloRetryRequest message"
				2129
				2130	requires_config_enabled MBEDTLS_DEBUG_C
				2131	requires_config_enabled MBEDTLS_SSL_CLI_C
				2132	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2133	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2134	requires_gnutls_tls1_3
				2135	requires_gnutls_next_no_ticket
				2136	requires_gnutls_next_disable_tls13_compat
				2137	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
				2138	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2139	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2140	0 \
				2141	-s "Protocol is TLSv1.3" \
				2142	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2143	-s "received signature algorithm: 0x503" \
				2144	-s "got named group: secp256r1(0017)" \
				2145	-s "Verifying peer X.509 certificate... ok" \
				2146	-c "HTTP/1.0 200 OK" \
				2147	-C "received HelloRetryRequest message"
				2148
				2149	requires_config_enabled MBEDTLS_DEBUG_C
				2150	requires_config_enabled MBEDTLS_SSL_CLI_C
				2151	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2152	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2153	requires_gnutls_tls1_3
				2154	requires_gnutls_next_no_ticket
				2155	requires_gnutls_next_disable_tls13_compat
				2156	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
				2157	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2158	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2159	0 \
				2160	-s "Protocol is TLSv1.3" \
				2161	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2162	-s "received signature algorithm: 0x603" \
				2163	-s "got named group: secp256r1(0017)" \
				2164	-s "Verifying peer X.509 certificate... ok" \
				2165	-c "HTTP/1.0 200 OK" \
				2166	-C "received HelloRetryRequest message"
				2167
				2168	requires_config_enabled MBEDTLS_DEBUG_C
				2169	requires_config_enabled MBEDTLS_SSL_CLI_C
				2170	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2171	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2172	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2173	requires_gnutls_tls1_3
				2174	requires_gnutls_next_no_ticket
				2175	requires_gnutls_next_disable_tls13_compat
				2176	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
				2177	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2178	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2179	0 \
				2180	-s "Protocol is TLSv1.3" \
				2181	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2182	-s "received signature algorithm: 0x804" \
				2183	-s "got named group: secp256r1(0017)" \
				2184	-s "Verifying peer X.509 certificate... ok" \
				2185	-c "HTTP/1.0 200 OK" \
				2186	-C "received HelloRetryRequest message"
				2187
				2188	requires_config_enabled MBEDTLS_DEBUG_C
				2189	requires_config_enabled MBEDTLS_SSL_CLI_C
				2190	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2191	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2192	requires_gnutls_tls1_3
				2193	requires_gnutls_next_no_ticket
				2194	requires_gnutls_next_disable_tls13_compat
				2195	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
				2196	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2197	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2198	0 \
				2199	-s "Protocol is TLSv1.3" \
				2200	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2201	-s "received signature algorithm: 0x403" \
				2202	-s "got named group: secp384r1(0018)" \
				2203	-s "Verifying peer X.509 certificate... ok" \
				2204	-c "HTTP/1.0 200 OK" \
				2205	-C "received HelloRetryRequest message"
				2206
				2207	requires_config_enabled MBEDTLS_DEBUG_C
				2208	requires_config_enabled MBEDTLS_SSL_CLI_C
				2209	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2210	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2211	requires_gnutls_tls1_3
				2212	requires_gnutls_next_no_ticket
				2213	requires_gnutls_next_disable_tls13_compat
				2214	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
				2215	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2216	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2217	0 \
				2218	-s "Protocol is TLSv1.3" \
				2219	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2220	-s "received signature algorithm: 0x503" \
				2221	-s "got named group: secp384r1(0018)" \
				2222	-s "Verifying peer X.509 certificate... ok" \
				2223	-c "HTTP/1.0 200 OK" \
				2224	-C "received HelloRetryRequest message"
				2225
				2226	requires_config_enabled MBEDTLS_DEBUG_C
				2227	requires_config_enabled MBEDTLS_SSL_CLI_C
				2228	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2229	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2230	requires_gnutls_tls1_3
				2231	requires_gnutls_next_no_ticket
				2232	requires_gnutls_next_disable_tls13_compat
				2233	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
				2234	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2235	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2236	0 \
				2237	-s "Protocol is TLSv1.3" \
				2238	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2239	-s "received signature algorithm: 0x603" \
				2240	-s "got named group: secp384r1(0018)" \
				2241	-s "Verifying peer X.509 certificate... ok" \
				2242	-c "HTTP/1.0 200 OK" \
				2243	-C "received HelloRetryRequest message"
				2244
				2245	requires_config_enabled MBEDTLS_DEBUG_C
				2246	requires_config_enabled MBEDTLS_SSL_CLI_C
				2247	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2248	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2249	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2250	requires_gnutls_tls1_3
				2251	requires_gnutls_next_no_ticket
				2252	requires_gnutls_next_disable_tls13_compat
				2253	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
				2254	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2255	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2256	0 \
				2257	-s "Protocol is TLSv1.3" \
				2258	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2259	-s "received signature algorithm: 0x804" \
				2260	-s "got named group: secp384r1(0018)" \
				2261	-s "Verifying peer X.509 certificate... ok" \
				2262	-c "HTTP/1.0 200 OK" \
				2263	-C "received HelloRetryRequest message"
				2264
				2265	requires_config_enabled MBEDTLS_DEBUG_C
				2266	requires_config_enabled MBEDTLS_SSL_CLI_C
				2267	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2268	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2269	requires_gnutls_tls1_3
				2270	requires_gnutls_next_no_ticket
				2271	requires_gnutls_next_disable_tls13_compat
				2272	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
				2273	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2274	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2275	0 \
				2276	-s "Protocol is TLSv1.3" \
				2277	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2278	-s "received signature algorithm: 0x403" \
				2279	-s "got named group: secp521r1(0019)" \
				2280	-s "Verifying peer X.509 certificate... ok" \
				2281	-c "HTTP/1.0 200 OK" \
				2282	-C "received HelloRetryRequest message"
				2283
				2284	requires_config_enabled MBEDTLS_DEBUG_C
				2285	requires_config_enabled MBEDTLS_SSL_CLI_C
				2286	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2287	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2288	requires_gnutls_tls1_3
				2289	requires_gnutls_next_no_ticket
				2290	requires_gnutls_next_disable_tls13_compat
				2291	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
				2292	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2293	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2294	0 \
				2295	-s "Protocol is TLSv1.3" \
				2296	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2297	-s "received signature algorithm: 0x503" \
				2298	-s "got named group: secp521r1(0019)" \
				2299	-s "Verifying peer X.509 certificate... ok" \
				2300	-c "HTTP/1.0 200 OK" \
				2301	-C "received HelloRetryRequest message"
				2302
				2303	requires_config_enabled MBEDTLS_DEBUG_C
				2304	requires_config_enabled MBEDTLS_SSL_CLI_C
				2305	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2306	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2307	requires_gnutls_tls1_3
				2308	requires_gnutls_next_no_ticket
				2309	requires_gnutls_next_disable_tls13_compat
				2310	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
				2311	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2312	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2313	0 \
				2314	-s "Protocol is TLSv1.3" \
				2315	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2316	-s "received signature algorithm: 0x603" \
				2317	-s "got named group: secp521r1(0019)" \
				2318	-s "Verifying peer X.509 certificate... ok" \
				2319	-c "HTTP/1.0 200 OK" \
				2320	-C "received HelloRetryRequest message"
				2321
				2322	requires_config_enabled MBEDTLS_DEBUG_C
				2323	requires_config_enabled MBEDTLS_SSL_CLI_C
				2324	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2325	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2326	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2327	requires_gnutls_tls1_3
				2328	requires_gnutls_next_no_ticket
				2329	requires_gnutls_next_disable_tls13_compat
				2330	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
				2331	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2332	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2333	0 \
				2334	-s "Protocol is TLSv1.3" \
				2335	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2336	-s "received signature algorithm: 0x804" \
				2337	-s "got named group: secp521r1(0019)" \
				2338	-s "Verifying peer X.509 certificate... ok" \
				2339	-c "HTTP/1.0 200 OK" \
				2340	-C "received HelloRetryRequest message"
				2341
				2342	requires_config_enabled MBEDTLS_DEBUG_C
				2343	requires_config_enabled MBEDTLS_SSL_CLI_C
				2344	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2345	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2346	requires_gnutls_tls1_3
				2347	requires_gnutls_next_no_ticket
				2348	requires_gnutls_next_disable_tls13_compat
				2349	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
				2350	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2351	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2352	0 \
				2353	-s "Protocol is TLSv1.3" \
				2354	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2355	-s "received signature algorithm: 0x403" \
				2356	-s "got named group: x25519(001d)" \
				2357	-s "Verifying peer X.509 certificate... ok" \
				2358	-c "HTTP/1.0 200 OK" \
				2359	-C "received HelloRetryRequest message"
				2360
				2361	requires_config_enabled MBEDTLS_DEBUG_C
				2362	requires_config_enabled MBEDTLS_SSL_CLI_C
				2363	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2364	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2365	requires_gnutls_tls1_3
				2366	requires_gnutls_next_no_ticket
				2367	requires_gnutls_next_disable_tls13_compat
				2368	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
				2369	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2370	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2371	0 \
				2372	-s "Protocol is TLSv1.3" \
				2373	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2374	-s "received signature algorithm: 0x503" \
				2375	-s "got named group: x25519(001d)" \
				2376	-s "Verifying peer X.509 certificate... ok" \
				2377	-c "HTTP/1.0 200 OK" \
				2378	-C "received HelloRetryRequest message"
				2379
				2380	requires_config_enabled MBEDTLS_DEBUG_C
				2381	requires_config_enabled MBEDTLS_SSL_CLI_C
				2382	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2383	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2384	requires_gnutls_tls1_3
				2385	requires_gnutls_next_no_ticket
				2386	requires_gnutls_next_disable_tls13_compat
				2387	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
				2388	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2389	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2390	0 \
				2391	-s "Protocol is TLSv1.3" \
				2392	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2393	-s "received signature algorithm: 0x603" \
				2394	-s "got named group: x25519(001d)" \
				2395	-s "Verifying peer X.509 certificate... ok" \
				2396	-c "HTTP/1.0 200 OK" \
				2397	-C "received HelloRetryRequest message"
				2398
				2399	requires_config_enabled MBEDTLS_DEBUG_C
				2400	requires_config_enabled MBEDTLS_SSL_CLI_C
				2401	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2402	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2403	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2404	requires_gnutls_tls1_3
				2405	requires_gnutls_next_no_ticket
				2406	requires_gnutls_next_disable_tls13_compat
				2407	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
				2408	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2409	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2410	0 \
				2411	-s "Protocol is TLSv1.3" \
				2412	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2413	-s "received signature algorithm: 0x804" \
				2414	-s "got named group: x25519(001d)" \
				2415	-s "Verifying peer X.509 certificate... ok" \
				2416	-c "HTTP/1.0 200 OK" \
				2417	-C "received HelloRetryRequest message"
				2418
				2419	requires_config_enabled MBEDTLS_DEBUG_C
				2420	requires_config_enabled MBEDTLS_SSL_CLI_C
				2421	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2422	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2423	requires_gnutls_tls1_3
				2424	requires_gnutls_next_no_ticket
				2425	requires_gnutls_next_disable_tls13_compat
				2426	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
				2427	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2428	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2429	0 \
				2430	-s "Protocol is TLSv1.3" \
				2431	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2432	-s "received signature algorithm: 0x403" \
				2433	-s "got named group: x448(001e)" \
				2434	-s "Verifying peer X.509 certificate... ok" \
				2435	-c "HTTP/1.0 200 OK" \
				2436	-C "received HelloRetryRequest message"
				2437
				2438	requires_config_enabled MBEDTLS_DEBUG_C
				2439	requires_config_enabled MBEDTLS_SSL_CLI_C
				2440	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2441	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2442	requires_gnutls_tls1_3
				2443	requires_gnutls_next_no_ticket
				2444	requires_gnutls_next_disable_tls13_compat
				2445	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
				2446	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2447	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2448	0 \
				2449	-s "Protocol is TLSv1.3" \
				2450	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2451	-s "received signature algorithm: 0x503" \
				2452	-s "got named group: x448(001e)" \
				2453	-s "Verifying peer X.509 certificate... ok" \
				2454	-c "HTTP/1.0 200 OK" \
				2455	-C "received HelloRetryRequest message"
				2456
				2457	requires_config_enabled MBEDTLS_DEBUG_C
				2458	requires_config_enabled MBEDTLS_SSL_CLI_C
				2459	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2460	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2461	requires_gnutls_tls1_3
				2462	requires_gnutls_next_no_ticket
				2463	requires_gnutls_next_disable_tls13_compat
				2464	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
				2465	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2466	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2467	0 \
				2468	-s "Protocol is TLSv1.3" \
				2469	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2470	-s "received signature algorithm: 0x603" \
				2471	-s "got named group: x448(001e)" \
				2472	-s "Verifying peer X.509 certificate... ok" \
				2473	-c "HTTP/1.0 200 OK" \
				2474	-C "received HelloRetryRequest message"
				2475
				2476	requires_config_enabled MBEDTLS_DEBUG_C
				2477	requires_config_enabled MBEDTLS_SSL_CLI_C
				2478	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2479	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2480	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2481	requires_gnutls_tls1_3
				2482	requires_gnutls_next_no_ticket
				2483	requires_gnutls_next_disable_tls13_compat
				2484	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
				2485	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2486	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2487	0 \
				2488	-s "Protocol is TLSv1.3" \
				2489	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				2490	-s "received signature algorithm: 0x804" \
				2491	-s "got named group: x448(001e)" \
				2492	-s "Verifying peer X.509 certificate... ok" \
				2493	-c "HTTP/1.0 200 OK" \
				2494	-C "received HelloRetryRequest message"
				2495
				2496	requires_config_enabled MBEDTLS_DEBUG_C
				2497	requires_config_enabled MBEDTLS_SSL_CLI_C
				2498	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2499	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2500	requires_gnutls_tls1_3
				2501	requires_gnutls_next_no_ticket
				2502	requires_gnutls_next_disable_tls13_compat
				2503	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				2504	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2505	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2506	0 \
				2507	-s "Protocol is TLSv1.3" \
				2508	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2509	-s "received signature algorithm: 0x403" \
				2510	-s "got named group: secp256r1(0017)" \
				2511	-s "Verifying peer X.509 certificate... ok" \
				2512	-c "HTTP/1.0 200 OK" \
				2513	-C "received HelloRetryRequest message"
				2514
				2515	requires_config_enabled MBEDTLS_DEBUG_C
				2516	requires_config_enabled MBEDTLS_SSL_CLI_C
				2517	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2518	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2519	requires_gnutls_tls1_3
				2520	requires_gnutls_next_no_ticket
				2521	requires_gnutls_next_disable_tls13_compat
				2522	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				2523	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2524	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2525	0 \
				2526	-s "Protocol is TLSv1.3" \
				2527	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2528	-s "received signature algorithm: 0x503" \
				2529	-s "got named group: secp256r1(0017)" \
				2530	-s "Verifying peer X.509 certificate... ok" \
				2531	-c "HTTP/1.0 200 OK" \
				2532	-C "received HelloRetryRequest message"
				2533
				2534	requires_config_enabled MBEDTLS_DEBUG_C
				2535	requires_config_enabled MBEDTLS_SSL_CLI_C
				2536	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2537	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2538	requires_gnutls_tls1_3
				2539	requires_gnutls_next_no_ticket
				2540	requires_gnutls_next_disable_tls13_compat
				2541	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				2542	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2543	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2544	0 \
				2545	-s "Protocol is TLSv1.3" \
				2546	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2547	-s "received signature algorithm: 0x603" \
				2548	-s "got named group: secp256r1(0017)" \
				2549	-s "Verifying peer X.509 certificate... ok" \
				2550	-c "HTTP/1.0 200 OK" \
				2551	-C "received HelloRetryRequest message"
				2552
				2553	requires_config_enabled MBEDTLS_DEBUG_C
				2554	requires_config_enabled MBEDTLS_SSL_CLI_C
				2555	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2556	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2557	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2558	requires_gnutls_tls1_3
				2559	requires_gnutls_next_no_ticket
				2560	requires_gnutls_next_disable_tls13_compat
				2561	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				2562	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2563	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2564	0 \
				2565	-s "Protocol is TLSv1.3" \
				2566	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2567	-s "received signature algorithm: 0x804" \
				2568	-s "got named group: secp256r1(0017)" \
				2569	-s "Verifying peer X.509 certificate... ok" \
				2570	-c "HTTP/1.0 200 OK" \
				2571	-C "received HelloRetryRequest message"
				2572
				2573	requires_config_enabled MBEDTLS_DEBUG_C
				2574	requires_config_enabled MBEDTLS_SSL_CLI_C
				2575	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2576	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2577	requires_gnutls_tls1_3
				2578	requires_gnutls_next_no_ticket
				2579	requires_gnutls_next_disable_tls13_compat
				2580	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				2581	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2582	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2583	0 \
				2584	-s "Protocol is TLSv1.3" \
				2585	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2586	-s "received signature algorithm: 0x403" \
				2587	-s "got named group: secp384r1(0018)" \
				2588	-s "Verifying peer X.509 certificate... ok" \
				2589	-c "HTTP/1.0 200 OK" \
				2590	-C "received HelloRetryRequest message"
				2591
				2592	requires_config_enabled MBEDTLS_DEBUG_C
				2593	requires_config_enabled MBEDTLS_SSL_CLI_C
				2594	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2595	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2596	requires_gnutls_tls1_3
				2597	requires_gnutls_next_no_ticket
				2598	requires_gnutls_next_disable_tls13_compat
				2599	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				2600	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2601	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2602	0 \
				2603	-s "Protocol is TLSv1.3" \
				2604	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2605	-s "received signature algorithm: 0x503" \
				2606	-s "got named group: secp384r1(0018)" \
				2607	-s "Verifying peer X.509 certificate... ok" \
				2608	-c "HTTP/1.0 200 OK" \
				2609	-C "received HelloRetryRequest message"
				2610
				2611	requires_config_enabled MBEDTLS_DEBUG_C
				2612	requires_config_enabled MBEDTLS_SSL_CLI_C
				2613	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2614	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2615	requires_gnutls_tls1_3
				2616	requires_gnutls_next_no_ticket
				2617	requires_gnutls_next_disable_tls13_compat
				2618	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				2619	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2620	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2621	0 \
				2622	-s "Protocol is TLSv1.3" \
				2623	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2624	-s "received signature algorithm: 0x603" \
				2625	-s "got named group: secp384r1(0018)" \
				2626	-s "Verifying peer X.509 certificate... ok" \
				2627	-c "HTTP/1.0 200 OK" \
				2628	-C "received HelloRetryRequest message"
				2629
				2630	requires_config_enabled MBEDTLS_DEBUG_C
				2631	requires_config_enabled MBEDTLS_SSL_CLI_C
				2632	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2633	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2634	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2635	requires_gnutls_tls1_3
				2636	requires_gnutls_next_no_ticket
				2637	requires_gnutls_next_disable_tls13_compat
				2638	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				2639	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2640	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2641	0 \
				2642	-s "Protocol is TLSv1.3" \
				2643	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2644	-s "received signature algorithm: 0x804" \
				2645	-s "got named group: secp384r1(0018)" \
				2646	-s "Verifying peer X.509 certificate... ok" \
				2647	-c "HTTP/1.0 200 OK" \
				2648	-C "received HelloRetryRequest message"
				2649
				2650	requires_config_enabled MBEDTLS_DEBUG_C
				2651	requires_config_enabled MBEDTLS_SSL_CLI_C
				2652	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2653	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2654	requires_gnutls_tls1_3
				2655	requires_gnutls_next_no_ticket
				2656	requires_gnutls_next_disable_tls13_compat
				2657	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				2658	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2659	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2660	0 \
				2661	-s "Protocol is TLSv1.3" \
				2662	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2663	-s "received signature algorithm: 0x403" \
				2664	-s "got named group: secp521r1(0019)" \
				2665	-s "Verifying peer X.509 certificate... ok" \
				2666	-c "HTTP/1.0 200 OK" \
				2667	-C "received HelloRetryRequest message"
				2668
				2669	requires_config_enabled MBEDTLS_DEBUG_C
				2670	requires_config_enabled MBEDTLS_SSL_CLI_C
				2671	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2672	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2673	requires_gnutls_tls1_3
				2674	requires_gnutls_next_no_ticket
				2675	requires_gnutls_next_disable_tls13_compat
				2676	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				2677	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2678	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2679	0 \
				2680	-s "Protocol is TLSv1.3" \
				2681	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2682	-s "received signature algorithm: 0x503" \
				2683	-s "got named group: secp521r1(0019)" \
				2684	-s "Verifying peer X.509 certificate... ok" \
				2685	-c "HTTP/1.0 200 OK" \
				2686	-C "received HelloRetryRequest message"
				2687
				2688	requires_config_enabled MBEDTLS_DEBUG_C
				2689	requires_config_enabled MBEDTLS_SSL_CLI_C
				2690	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2691	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2692	requires_gnutls_tls1_3
				2693	requires_gnutls_next_no_ticket
				2694	requires_gnutls_next_disable_tls13_compat
				2695	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				2696	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2697	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2698	0 \
				2699	-s "Protocol is TLSv1.3" \
				2700	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2701	-s "received signature algorithm: 0x603" \
				2702	-s "got named group: secp521r1(0019)" \
				2703	-s "Verifying peer X.509 certificate... ok" \
				2704	-c "HTTP/1.0 200 OK" \
				2705	-C "received HelloRetryRequest message"
				2706
				2707	requires_config_enabled MBEDTLS_DEBUG_C
				2708	requires_config_enabled MBEDTLS_SSL_CLI_C
				2709	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2710	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2711	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2712	requires_gnutls_tls1_3
				2713	requires_gnutls_next_no_ticket
				2714	requires_gnutls_next_disable_tls13_compat
				2715	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				2716	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2717	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2718	0 \
				2719	-s "Protocol is TLSv1.3" \
				2720	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2721	-s "received signature algorithm: 0x804" \
				2722	-s "got named group: secp521r1(0019)" \
				2723	-s "Verifying peer X.509 certificate... ok" \
				2724	-c "HTTP/1.0 200 OK" \
				2725	-C "received HelloRetryRequest message"
				2726
				2727	requires_config_enabled MBEDTLS_DEBUG_C
				2728	requires_config_enabled MBEDTLS_SSL_CLI_C
				2729	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2730	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2731	requires_gnutls_tls1_3
				2732	requires_gnutls_next_no_ticket
				2733	requires_gnutls_next_disable_tls13_compat
				2734	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
				2735	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2736	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2737	0 \
				2738	-s "Protocol is TLSv1.3" \
				2739	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2740	-s "received signature algorithm: 0x403" \
				2741	-s "got named group: x25519(001d)" \
				2742	-s "Verifying peer X.509 certificate... ok" \
				2743	-c "HTTP/1.0 200 OK" \
				2744	-C "received HelloRetryRequest message"
				2745
				2746	requires_config_enabled MBEDTLS_DEBUG_C
				2747	requires_config_enabled MBEDTLS_SSL_CLI_C
				2748	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2749	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2750	requires_gnutls_tls1_3
				2751	requires_gnutls_next_no_ticket
				2752	requires_gnutls_next_disable_tls13_compat
				2753	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
				2754	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2755	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2756	0 \
				2757	-s "Protocol is TLSv1.3" \
				2758	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2759	-s "received signature algorithm: 0x503" \
				2760	-s "got named group: x25519(001d)" \
				2761	-s "Verifying peer X.509 certificate... ok" \
				2762	-c "HTTP/1.0 200 OK" \
				2763	-C "received HelloRetryRequest message"
				2764
				2765	requires_config_enabled MBEDTLS_DEBUG_C
				2766	requires_config_enabled MBEDTLS_SSL_CLI_C
				2767	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2768	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2769	requires_gnutls_tls1_3
				2770	requires_gnutls_next_no_ticket
				2771	requires_gnutls_next_disable_tls13_compat
				2772	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
				2773	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2774	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2775	0 \
				2776	-s "Protocol is TLSv1.3" \
				2777	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2778	-s "received signature algorithm: 0x603" \
				2779	-s "got named group: x25519(001d)" \
				2780	-s "Verifying peer X.509 certificate... ok" \
				2781	-c "HTTP/1.0 200 OK" \
				2782	-C "received HelloRetryRequest message"
				2783
				2784	requires_config_enabled MBEDTLS_DEBUG_C
				2785	requires_config_enabled MBEDTLS_SSL_CLI_C
				2786	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2787	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2788	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2789	requires_gnutls_tls1_3
				2790	requires_gnutls_next_no_ticket
				2791	requires_gnutls_next_disable_tls13_compat
				2792	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
				2793	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2794	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2795	0 \
				2796	-s "Protocol is TLSv1.3" \
				2797	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2798	-s "received signature algorithm: 0x804" \
				2799	-s "got named group: x25519(001d)" \
				2800	-s "Verifying peer X.509 certificate... ok" \
				2801	-c "HTTP/1.0 200 OK" \
				2802	-C "received HelloRetryRequest message"
				2803
				2804	requires_config_enabled MBEDTLS_DEBUG_C
				2805	requires_config_enabled MBEDTLS_SSL_CLI_C
				2806	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2807	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2808	requires_gnutls_tls1_3
				2809	requires_gnutls_next_no_ticket
				2810	requires_gnutls_next_disable_tls13_compat
				2811	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
				2812	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2813	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2814	0 \
				2815	-s "Protocol is TLSv1.3" \
				2816	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2817	-s "received signature algorithm: 0x403" \
				2818	-s "got named group: x448(001e)" \
				2819	-s "Verifying peer X.509 certificate... ok" \
				2820	-c "HTTP/1.0 200 OK" \
				2821	-C "received HelloRetryRequest message"
				2822
				2823	requires_config_enabled MBEDTLS_DEBUG_C
				2824	requires_config_enabled MBEDTLS_SSL_CLI_C
				2825	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2826	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2827	requires_gnutls_tls1_3
				2828	requires_gnutls_next_no_ticket
				2829	requires_gnutls_next_disable_tls13_compat
				2830	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
				2831	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2832	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2833	0 \
				2834	-s "Protocol is TLSv1.3" \
				2835	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2836	-s "received signature algorithm: 0x503" \
				2837	-s "got named group: x448(001e)" \
				2838	-s "Verifying peer X.509 certificate... ok" \
				2839	-c "HTTP/1.0 200 OK" \
				2840	-C "received HelloRetryRequest message"
				2841
				2842	requires_config_enabled MBEDTLS_DEBUG_C
				2843	requires_config_enabled MBEDTLS_SSL_CLI_C
				2844	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2845	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2846	requires_gnutls_tls1_3
				2847	requires_gnutls_next_no_ticket
				2848	requires_gnutls_next_disable_tls13_compat
				2849	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
				2850	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2851	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2852	0 \
				2853	-s "Protocol is TLSv1.3" \
				2854	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2855	-s "received signature algorithm: 0x603" \
				2856	-s "got named group: x448(001e)" \
				2857	-s "Verifying peer X.509 certificate... ok" \
				2858	-c "HTTP/1.0 200 OK" \
				2859	-C "received HelloRetryRequest message"
				2860
				2861	requires_config_enabled MBEDTLS_DEBUG_C
				2862	requires_config_enabled MBEDTLS_SSL_CLI_C
				2863	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2864	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2865	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2866	requires_gnutls_tls1_3
				2867	requires_gnutls_next_no_ticket
				2868	requires_gnutls_next_disable_tls13_compat
				2869	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
				2870	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2871	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2872	0 \
				2873	-s "Protocol is TLSv1.3" \
				2874	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				2875	-s "received signature algorithm: 0x804" \
				2876	-s "got named group: x448(001e)" \
				2877	-s "Verifying peer X.509 certificate... ok" \
				2878	-c "HTTP/1.0 200 OK" \
				2879	-C "received HelloRetryRequest message"
				2880
				2881	requires_config_enabled MBEDTLS_DEBUG_C
				2882	requires_config_enabled MBEDTLS_SSL_CLI_C
				2883	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2884	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2885	requires_gnutls_tls1_3
				2886	requires_gnutls_next_no_ticket
				2887	requires_gnutls_next_disable_tls13_compat
				2888	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				2889	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2890	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2891	0 \
				2892	-s "Protocol is TLSv1.3" \
				2893	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				2894	-s "received signature algorithm: 0x403" \
				2895	-s "got named group: secp256r1(0017)" \
				2896	-s "Verifying peer X.509 certificate... ok" \
				2897	-c "HTTP/1.0 200 OK" \
				2898	-C "received HelloRetryRequest message"
				2899
				2900	requires_config_enabled MBEDTLS_DEBUG_C
				2901	requires_config_enabled MBEDTLS_SSL_CLI_C
				2902	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2903	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2904	requires_gnutls_tls1_3
				2905	requires_gnutls_next_no_ticket
				2906	requires_gnutls_next_disable_tls13_compat
				2907	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				2908	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2909	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2910	0 \
				2911	-s "Protocol is TLSv1.3" \
				2912	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				2913	-s "received signature algorithm: 0x503" \
				2914	-s "got named group: secp256r1(0017)" \
				2915	-s "Verifying peer X.509 certificate... ok" \
				2916	-c "HTTP/1.0 200 OK" \
				2917	-C "received HelloRetryRequest message"
				2918
				2919	requires_config_enabled MBEDTLS_DEBUG_C
				2920	requires_config_enabled MBEDTLS_SSL_CLI_C
				2921	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2922	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2923	requires_gnutls_tls1_3
				2924	requires_gnutls_next_no_ticket
				2925	requires_gnutls_next_disable_tls13_compat
				2926	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				2927	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2928	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2929	0 \
				2930	-s "Protocol is TLSv1.3" \
				2931	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				2932	-s "received signature algorithm: 0x603" \
				2933	-s "got named group: secp256r1(0017)" \
				2934	-s "Verifying peer X.509 certificate... ok" \
				2935	-c "HTTP/1.0 200 OK" \
				2936	-C "received HelloRetryRequest message"
				2937
				2938	requires_config_enabled MBEDTLS_DEBUG_C
				2939	requires_config_enabled MBEDTLS_SSL_CLI_C
				2940	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2941	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2942	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				2943	requires_gnutls_tls1_3
				2944	requires_gnutls_next_no_ticket
				2945	requires_gnutls_next_disable_tls13_compat
				2946	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				2947	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2948	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				2949	0 \
				2950	-s "Protocol is TLSv1.3" \
				2951	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				2952	-s "received signature algorithm: 0x804" \
				2953	-s "got named group: secp256r1(0017)" \
				2954	-s "Verifying peer X.509 certificate... ok" \
				2955	-c "HTTP/1.0 200 OK" \
				2956	-C "received HelloRetryRequest message"
				2957
				2958	requires_config_enabled MBEDTLS_DEBUG_C
				2959	requires_config_enabled MBEDTLS_SSL_CLI_C
				2960	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2961	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2962	requires_gnutls_tls1_3
				2963	requires_gnutls_next_no_ticket
				2964	requires_gnutls_next_disable_tls13_compat
				2965	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				2966	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2967	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2968	0 \
				2969	-s "Protocol is TLSv1.3" \
				2970	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				2971	-s "received signature algorithm: 0x403" \
				2972	-s "got named group: secp384r1(0018)" \
				2973	-s "Verifying peer X.509 certificate... ok" \
				2974	-c "HTTP/1.0 200 OK" \
				2975	-C "received HelloRetryRequest message"
				2976
				2977	requires_config_enabled MBEDTLS_DEBUG_C
				2978	requires_config_enabled MBEDTLS_SSL_CLI_C
				2979	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2980	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2981	requires_gnutls_tls1_3
				2982	requires_gnutls_next_no_ticket
				2983	requires_gnutls_next_disable_tls13_compat
				2984	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				2985	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2986	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				2987	0 \
				2988	-s "Protocol is TLSv1.3" \
				2989	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				2990	-s "received signature algorithm: 0x503" \
				2991	-s "got named group: secp384r1(0018)" \
				2992	-s "Verifying peer X.509 certificate... ok" \
				2993	-c "HTTP/1.0 200 OK" \
				2994	-C "received HelloRetryRequest message"
				2995
				2996	requires_config_enabled MBEDTLS_DEBUG_C
				2997	requires_config_enabled MBEDTLS_SSL_CLI_C
				2998	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				2999	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3000	requires_gnutls_tls1_3
				3001	requires_gnutls_next_no_ticket
				3002	requires_gnutls_next_disable_tls13_compat
				3003	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				3004	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3005	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3006	0 \
				3007	-s "Protocol is TLSv1.3" \
				3008	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3009	-s "received signature algorithm: 0x603" \
				3010	-s "got named group: secp384r1(0018)" \
				3011	-s "Verifying peer X.509 certificate... ok" \
				3012	-c "HTTP/1.0 200 OK" \
				3013	-C "received HelloRetryRequest message"
				3014
				3015	requires_config_enabled MBEDTLS_DEBUG_C
				3016	requires_config_enabled MBEDTLS_SSL_CLI_C
				3017	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3018	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3019	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				3020	requires_gnutls_tls1_3
				3021	requires_gnutls_next_no_ticket
				3022	requires_gnutls_next_disable_tls13_compat
				3023	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				3024	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3025	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				3026	0 \
				3027	-s "Protocol is TLSv1.3" \
				3028	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3029	-s "received signature algorithm: 0x804" \
				3030	-s "got named group: secp384r1(0018)" \
				3031	-s "Verifying peer X.509 certificate... ok" \
				3032	-c "HTTP/1.0 200 OK" \
				3033	-C "received HelloRetryRequest message"
				3034
				3035	requires_config_enabled MBEDTLS_DEBUG_C
				3036	requires_config_enabled MBEDTLS_SSL_CLI_C
				3037	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3038	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3039	requires_gnutls_tls1_3
				3040	requires_gnutls_next_no_ticket
				3041	requires_gnutls_next_disable_tls13_compat
				3042	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				3043	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3044	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3045	0 \
				3046	-s "Protocol is TLSv1.3" \
				3047	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3048	-s "received signature algorithm: 0x403" \
				3049	-s "got named group: secp521r1(0019)" \
				3050	-s "Verifying peer X.509 certificate... ok" \
				3051	-c "HTTP/1.0 200 OK" \
				3052	-C "received HelloRetryRequest message"
				3053
				3054	requires_config_enabled MBEDTLS_DEBUG_C
				3055	requires_config_enabled MBEDTLS_SSL_CLI_C
				3056	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3057	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3058	requires_gnutls_tls1_3
				3059	requires_gnutls_next_no_ticket
				3060	requires_gnutls_next_disable_tls13_compat
				3061	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				3062	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3063	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3064	0 \
				3065	-s "Protocol is TLSv1.3" \
				3066	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3067	-s "received signature algorithm: 0x503" \
				3068	-s "got named group: secp521r1(0019)" \
				3069	-s "Verifying peer X.509 certificate... ok" \
				3070	-c "HTTP/1.0 200 OK" \
				3071	-C "received HelloRetryRequest message"
				3072
				3073	requires_config_enabled MBEDTLS_DEBUG_C
				3074	requires_config_enabled MBEDTLS_SSL_CLI_C
				3075	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3076	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3077	requires_gnutls_tls1_3
				3078	requires_gnutls_next_no_ticket
				3079	requires_gnutls_next_disable_tls13_compat
				3080	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				3081	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3082	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3083	0 \
				3084	-s "Protocol is TLSv1.3" \
				3085	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3086	-s "received signature algorithm: 0x603" \
				3087	-s "got named group: secp521r1(0019)" \
				3088	-s "Verifying peer X.509 certificate... ok" \
				3089	-c "HTTP/1.0 200 OK" \
				3090	-C "received HelloRetryRequest message"
				3091
				3092	requires_config_enabled MBEDTLS_DEBUG_C
				3093	requires_config_enabled MBEDTLS_SSL_CLI_C
				3094	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3095	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3096	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				3097	requires_gnutls_tls1_3
				3098	requires_gnutls_next_no_ticket
				3099	requires_gnutls_next_disable_tls13_compat
				3100	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				3101	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3102	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				3103	0 \
				3104	-s "Protocol is TLSv1.3" \
				3105	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3106	-s "received signature algorithm: 0x804" \
				3107	-s "got named group: secp521r1(0019)" \
				3108	-s "Verifying peer X.509 certificate... ok" \
				3109	-c "HTTP/1.0 200 OK" \
				3110	-C "received HelloRetryRequest message"
				3111
				3112	requires_config_enabled MBEDTLS_DEBUG_C
				3113	requires_config_enabled MBEDTLS_SSL_CLI_C
				3114	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3115	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3116	requires_gnutls_tls1_3
				3117	requires_gnutls_next_no_ticket
				3118	requires_gnutls_next_disable_tls13_compat
				3119	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
				3120	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3121	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3122	0 \
				3123	-s "Protocol is TLSv1.3" \
				3124	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3125	-s "received signature algorithm: 0x403" \
				3126	-s "got named group: x25519(001d)" \
				3127	-s "Verifying peer X.509 certificate... ok" \
				3128	-c "HTTP/1.0 200 OK" \
				3129	-C "received HelloRetryRequest message"
				3130
				3131	requires_config_enabled MBEDTLS_DEBUG_C
				3132	requires_config_enabled MBEDTLS_SSL_CLI_C
				3133	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3134	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3135	requires_gnutls_tls1_3
				3136	requires_gnutls_next_no_ticket
				3137	requires_gnutls_next_disable_tls13_compat
				3138	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
				3139	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3140	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3141	0 \
				3142	-s "Protocol is TLSv1.3" \
				3143	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3144	-s "received signature algorithm: 0x503" \
				3145	-s "got named group: x25519(001d)" \
				3146	-s "Verifying peer X.509 certificate... ok" \
				3147	-c "HTTP/1.0 200 OK" \
				3148	-C "received HelloRetryRequest message"
				3149
				3150	requires_config_enabled MBEDTLS_DEBUG_C
				3151	requires_config_enabled MBEDTLS_SSL_CLI_C
				3152	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3153	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3154	requires_gnutls_tls1_3
				3155	requires_gnutls_next_no_ticket
				3156	requires_gnutls_next_disable_tls13_compat
				3157	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
				3158	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3159	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3160	0 \
				3161	-s "Protocol is TLSv1.3" \
				3162	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3163	-s "received signature algorithm: 0x603" \
				3164	-s "got named group: x25519(001d)" \
				3165	-s "Verifying peer X.509 certificate... ok" \
				3166	-c "HTTP/1.0 200 OK" \
				3167	-C "received HelloRetryRequest message"
				3168
				3169	requires_config_enabled MBEDTLS_DEBUG_C
				3170	requires_config_enabled MBEDTLS_SSL_CLI_C
				3171	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3172	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3173	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				3174	requires_gnutls_tls1_3
				3175	requires_gnutls_next_no_ticket
				3176	requires_gnutls_next_disable_tls13_compat
				3177	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
				3178	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3179	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				3180	0 \
				3181	-s "Protocol is TLSv1.3" \
				3182	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3183	-s "received signature algorithm: 0x804" \
				3184	-s "got named group: x25519(001d)" \
				3185	-s "Verifying peer X.509 certificate... ok" \
				3186	-c "HTTP/1.0 200 OK" \
				3187	-C "received HelloRetryRequest message"
				3188
				3189	requires_config_enabled MBEDTLS_DEBUG_C
				3190	requires_config_enabled MBEDTLS_SSL_CLI_C
				3191	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3192	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3193	requires_gnutls_tls1_3
				3194	requires_gnutls_next_no_ticket
				3195	requires_gnutls_next_disable_tls13_compat
				3196	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
				3197	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3198	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3199	0 \
				3200	-s "Protocol is TLSv1.3" \
				3201	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3202	-s "received signature algorithm: 0x403" \
				3203	-s "got named group: x448(001e)" \
				3204	-s "Verifying peer X.509 certificate... ok" \
				3205	-c "HTTP/1.0 200 OK" \
				3206	-C "received HelloRetryRequest message"
				3207
				3208	requires_config_enabled MBEDTLS_DEBUG_C
				3209	requires_config_enabled MBEDTLS_SSL_CLI_C
				3210	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3211	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3212	requires_gnutls_tls1_3
				3213	requires_gnutls_next_no_ticket
				3214	requires_gnutls_next_disable_tls13_compat
				3215	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
				3216	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3217	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3218	0 \
				3219	-s "Protocol is TLSv1.3" \
				3220	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3221	-s "received signature algorithm: 0x503" \
				3222	-s "got named group: x448(001e)" \
				3223	-s "Verifying peer X.509 certificate... ok" \
				3224	-c "HTTP/1.0 200 OK" \
				3225	-C "received HelloRetryRequest message"
				3226
				3227	requires_config_enabled MBEDTLS_DEBUG_C
				3228	requires_config_enabled MBEDTLS_SSL_CLI_C
				3229	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3230	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3231	requires_gnutls_tls1_3
				3232	requires_gnutls_next_no_ticket
				3233	requires_gnutls_next_disable_tls13_compat
				3234	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
				3235	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3236	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3237	0 \
				3238	-s "Protocol is TLSv1.3" \
				3239	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3240	-s "received signature algorithm: 0x603" \
				3241	-s "got named group: x448(001e)" \
				3242	-s "Verifying peer X.509 certificate... ok" \
				3243	-c "HTTP/1.0 200 OK" \
				3244	-C "received HelloRetryRequest message"
				3245
				3246	requires_config_enabled MBEDTLS_DEBUG_C
				3247	requires_config_enabled MBEDTLS_SSL_CLI_C
				3248	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3249	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3250	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				3251	requires_gnutls_tls1_3
				3252	requires_gnutls_next_no_ticket
				3253	requires_gnutls_next_disable_tls13_compat
				3254	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
				3255	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3256	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				3257	0 \
				3258	-s "Protocol is TLSv1.3" \
				3259	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				3260	-s "received signature algorithm: 0x804" \
				3261	-s "got named group: x448(001e)" \
				3262	-s "Verifying peer X.509 certificate... ok" \
				3263	-c "HTTP/1.0 200 OK" \
				3264	-C "received HelloRetryRequest message"
				3265
				3266	requires_config_enabled MBEDTLS_DEBUG_C
				3267	requires_config_enabled MBEDTLS_SSL_CLI_C
				3268	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3269	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3270	requires_gnutls_tls1_3
				3271	requires_gnutls_next_no_ticket
				3272	requires_gnutls_next_disable_tls13_compat
				3273	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				3274	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3275	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3276	0 \
				3277	-s "Protocol is TLSv1.3" \
				3278	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3279	-s "received signature algorithm: 0x403" \
				3280	-s "got named group: secp256r1(0017)" \
				3281	-s "Verifying peer X.509 certificate... ok" \
				3282	-c "HTTP/1.0 200 OK" \
				3283	-C "received HelloRetryRequest message"
				3284
				3285	requires_config_enabled MBEDTLS_DEBUG_C
				3286	requires_config_enabled MBEDTLS_SSL_CLI_C
				3287	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3288	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3289	requires_gnutls_tls1_3
				3290	requires_gnutls_next_no_ticket
				3291	requires_gnutls_next_disable_tls13_compat
				3292	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				3293	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3294	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3295	0 \
				3296	-s "Protocol is TLSv1.3" \
				3297	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3298	-s "received signature algorithm: 0x503" \
				3299	-s "got named group: secp256r1(0017)" \
				3300	-s "Verifying peer X.509 certificate... ok" \
				3301	-c "HTTP/1.0 200 OK" \
				3302	-C "received HelloRetryRequest message"
				3303
				3304	requires_config_enabled MBEDTLS_DEBUG_C
				3305	requires_config_enabled MBEDTLS_SSL_CLI_C
				3306	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3307	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3308	requires_gnutls_tls1_3
				3309	requires_gnutls_next_no_ticket
				3310	requires_gnutls_next_disable_tls13_compat
				3311	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				3312	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3313	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3314	0 \
				3315	-s "Protocol is TLSv1.3" \
				3316	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3317	-s "received signature algorithm: 0x603" \
				3318	-s "got named group: secp256r1(0017)" \
				3319	-s "Verifying peer X.509 certificate... ok" \
				3320	-c "HTTP/1.0 200 OK" \
				3321	-C "received HelloRetryRequest message"
				3322
				3323	requires_config_enabled MBEDTLS_DEBUG_C
				3324	requires_config_enabled MBEDTLS_SSL_CLI_C
				3325	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3326	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3327	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				3328	requires_gnutls_tls1_3
				3329	requires_gnutls_next_no_ticket
				3330	requires_gnutls_next_disable_tls13_compat
				3331	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				3332	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3333	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				3334	0 \
				3335	-s "Protocol is TLSv1.3" \
				3336	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3337	-s "received signature algorithm: 0x804" \
				3338	-s "got named group: secp256r1(0017)" \
				3339	-s "Verifying peer X.509 certificate... ok" \
				3340	-c "HTTP/1.0 200 OK" \
				3341	-C "received HelloRetryRequest message"
				3342
				3343	requires_config_enabled MBEDTLS_DEBUG_C
				3344	requires_config_enabled MBEDTLS_SSL_CLI_C
				3345	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3346	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3347	requires_gnutls_tls1_3
				3348	requires_gnutls_next_no_ticket
				3349	requires_gnutls_next_disable_tls13_compat
				3350	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				3351	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3352	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3353	0 \
				3354	-s "Protocol is TLSv1.3" \
				3355	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3356	-s "received signature algorithm: 0x403" \
				3357	-s "got named group: secp384r1(0018)" \
				3358	-s "Verifying peer X.509 certificate... ok" \
				3359	-c "HTTP/1.0 200 OK" \
				3360	-C "received HelloRetryRequest message"
				3361
				3362	requires_config_enabled MBEDTLS_DEBUG_C
				3363	requires_config_enabled MBEDTLS_SSL_CLI_C
				3364	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3365	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3366	requires_gnutls_tls1_3
				3367	requires_gnutls_next_no_ticket
				3368	requires_gnutls_next_disable_tls13_compat
				3369	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				3370	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3371	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3372	0 \
				3373	-s "Protocol is TLSv1.3" \
				3374	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3375	-s "received signature algorithm: 0x503" \
				3376	-s "got named group: secp384r1(0018)" \
				3377	-s "Verifying peer X.509 certificate... ok" \
				3378	-c "HTTP/1.0 200 OK" \
				3379	-C "received HelloRetryRequest message"
				3380
				3381	requires_config_enabled MBEDTLS_DEBUG_C
				3382	requires_config_enabled MBEDTLS_SSL_CLI_C
				3383	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3384	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3385	requires_gnutls_tls1_3
				3386	requires_gnutls_next_no_ticket
				3387	requires_gnutls_next_disable_tls13_compat
				3388	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				3389	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3390	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3391	0 \
				3392	-s "Protocol is TLSv1.3" \
				3393	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3394	-s "received signature algorithm: 0x603" \
				3395	-s "got named group: secp384r1(0018)" \
				3396	-s "Verifying peer X.509 certificate... ok" \
				3397	-c "HTTP/1.0 200 OK" \
				3398	-C "received HelloRetryRequest message"
				3399
				3400	requires_config_enabled MBEDTLS_DEBUG_C
				3401	requires_config_enabled MBEDTLS_SSL_CLI_C
				3402	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3403	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3404	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				3405	requires_gnutls_tls1_3
				3406	requires_gnutls_next_no_ticket
				3407	requires_gnutls_next_disable_tls13_compat
				3408	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				3409	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3410	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				3411	0 \
				3412	-s "Protocol is TLSv1.3" \
				3413	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3414	-s "received signature algorithm: 0x804" \
				3415	-s "got named group: secp384r1(0018)" \
				3416	-s "Verifying peer X.509 certificate... ok" \
				3417	-c "HTTP/1.0 200 OK" \
				3418	-C "received HelloRetryRequest message"
				3419
				3420	requires_config_enabled MBEDTLS_DEBUG_C
				3421	requires_config_enabled MBEDTLS_SSL_CLI_C
				3422	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3423	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3424	requires_gnutls_tls1_3
				3425	requires_gnutls_next_no_ticket
				3426	requires_gnutls_next_disable_tls13_compat
				3427	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				3428	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3429	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3430	0 \
				3431	-s "Protocol is TLSv1.3" \
				3432	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3433	-s "received signature algorithm: 0x403" \
				3434	-s "got named group: secp521r1(0019)" \
				3435	-s "Verifying peer X.509 certificate... ok" \
				3436	-c "HTTP/1.0 200 OK" \
				3437	-C "received HelloRetryRequest message"
				3438
				3439	requires_config_enabled MBEDTLS_DEBUG_C
				3440	requires_config_enabled MBEDTLS_SSL_CLI_C
				3441	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3442	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3443	requires_gnutls_tls1_3
				3444	requires_gnutls_next_no_ticket
				3445	requires_gnutls_next_disable_tls13_compat
				3446	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				3447	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3448	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3449	0 \
				3450	-s "Protocol is TLSv1.3" \
				3451	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3452	-s "received signature algorithm: 0x503" \
				3453	-s "got named group: secp521r1(0019)" \
				3454	-s "Verifying peer X.509 certificate... ok" \
				3455	-c "HTTP/1.0 200 OK" \
				3456	-C "received HelloRetryRequest message"
				3457
				3458	requires_config_enabled MBEDTLS_DEBUG_C
				3459	requires_config_enabled MBEDTLS_SSL_CLI_C
				3460	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3461	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3462	requires_gnutls_tls1_3
				3463	requires_gnutls_next_no_ticket
				3464	requires_gnutls_next_disable_tls13_compat
				3465	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				3466	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3467	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3468	0 \
				3469	-s "Protocol is TLSv1.3" \
				3470	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3471	-s "received signature algorithm: 0x603" \
				3472	-s "got named group: secp521r1(0019)" \
				3473	-s "Verifying peer X.509 certificate... ok" \
				3474	-c "HTTP/1.0 200 OK" \
				3475	-C "received HelloRetryRequest message"
				3476
				3477	requires_config_enabled MBEDTLS_DEBUG_C
				3478	requires_config_enabled MBEDTLS_SSL_CLI_C
				3479	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3480	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3481	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				3482	requires_gnutls_tls1_3
				3483	requires_gnutls_next_no_ticket
				3484	requires_gnutls_next_disable_tls13_compat
				3485	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				3486	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3487	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				3488	0 \
				3489	-s "Protocol is TLSv1.3" \
				3490	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3491	-s "received signature algorithm: 0x804" \
				3492	-s "got named group: secp521r1(0019)" \
				3493	-s "Verifying peer X.509 certificate... ok" \
				3494	-c "HTTP/1.0 200 OK" \
				3495	-C "received HelloRetryRequest message"
				3496
				3497	requires_config_enabled MBEDTLS_DEBUG_C
				3498	requires_config_enabled MBEDTLS_SSL_CLI_C
				3499	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3500	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3501	requires_gnutls_tls1_3
				3502	requires_gnutls_next_no_ticket
				3503	requires_gnutls_next_disable_tls13_compat
				3504	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
				3505	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3506	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3507	0 \
				3508	-s "Protocol is TLSv1.3" \
				3509	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3510	-s "received signature algorithm: 0x403" \
				3511	-s "got named group: x25519(001d)" \
				3512	-s "Verifying peer X.509 certificate... ok" \
				3513	-c "HTTP/1.0 200 OK" \
				3514	-C "received HelloRetryRequest message"
				3515
				3516	requires_config_enabled MBEDTLS_DEBUG_C
				3517	requires_config_enabled MBEDTLS_SSL_CLI_C
				3518	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3519	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3520	requires_gnutls_tls1_3
				3521	requires_gnutls_next_no_ticket
				3522	requires_gnutls_next_disable_tls13_compat
				3523	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
				3524	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3525	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3526	0 \
				3527	-s "Protocol is TLSv1.3" \
				3528	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3529	-s "received signature algorithm: 0x503" \
				3530	-s "got named group: x25519(001d)" \
				3531	-s "Verifying peer X.509 certificate... ok" \
				3532	-c "HTTP/1.0 200 OK" \
				3533	-C "received HelloRetryRequest message"
				3534
				3535	requires_config_enabled MBEDTLS_DEBUG_C
				3536	requires_config_enabled MBEDTLS_SSL_CLI_C
				3537	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3538	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3539	requires_gnutls_tls1_3
				3540	requires_gnutls_next_no_ticket
				3541	requires_gnutls_next_disable_tls13_compat
				3542	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
				3543	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3544	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3545	0 \
				3546	-s "Protocol is TLSv1.3" \
				3547	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3548	-s "received signature algorithm: 0x603" \
				3549	-s "got named group: x25519(001d)" \
				3550	-s "Verifying peer X.509 certificate... ok" \
				3551	-c "HTTP/1.0 200 OK" \
				3552	-C "received HelloRetryRequest message"
				3553
				3554	requires_config_enabled MBEDTLS_DEBUG_C
				3555	requires_config_enabled MBEDTLS_SSL_CLI_C
				3556	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3557	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3558	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				3559	requires_gnutls_tls1_3
				3560	requires_gnutls_next_no_ticket
				3561	requires_gnutls_next_disable_tls13_compat
				3562	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
				3563	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3564	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				3565	0 \
				3566	-s "Protocol is TLSv1.3" \
				3567	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3568	-s "received signature algorithm: 0x804" \
				3569	-s "got named group: x25519(001d)" \
				3570	-s "Verifying peer X.509 certificate... ok" \
				3571	-c "HTTP/1.0 200 OK" \
				3572	-C "received HelloRetryRequest message"
				3573
				3574	requires_config_enabled MBEDTLS_DEBUG_C
				3575	requires_config_enabled MBEDTLS_SSL_CLI_C
				3576	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3577	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3578	requires_gnutls_tls1_3
				3579	requires_gnutls_next_no_ticket
				3580	requires_gnutls_next_disable_tls13_compat
				3581	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
				3582	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3583	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3584	0 \
				3585	-s "Protocol is TLSv1.3" \
				3586	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3587	-s "received signature algorithm: 0x403" \
				3588	-s "got named group: x448(001e)" \
				3589	-s "Verifying peer X.509 certificate... ok" \
				3590	-c "HTTP/1.0 200 OK" \
				3591	-C "received HelloRetryRequest message"
				3592
				3593	requires_config_enabled MBEDTLS_DEBUG_C
				3594	requires_config_enabled MBEDTLS_SSL_CLI_C
				3595	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3596	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3597	requires_gnutls_tls1_3
				3598	requires_gnutls_next_no_ticket
				3599	requires_gnutls_next_disable_tls13_compat
				3600	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
				3601	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3602	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3603	0 \
				3604	-s "Protocol is TLSv1.3" \
				3605	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3606	-s "received signature algorithm: 0x503" \
				3607	-s "got named group: x448(001e)" \
				3608	-s "Verifying peer X.509 certificate... ok" \
				3609	-c "HTTP/1.0 200 OK" \
				3610	-C "received HelloRetryRequest message"
				3611
				3612	requires_config_enabled MBEDTLS_DEBUG_C
				3613	requires_config_enabled MBEDTLS_SSL_CLI_C
				3614	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3615	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3616	requires_gnutls_tls1_3
				3617	requires_gnutls_next_no_ticket
				3618	requires_gnutls_next_disable_tls13_compat
				3619	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
				3620	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3621	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				3622	0 \
				3623	-s "Protocol is TLSv1.3" \
				3624	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3625	-s "received signature algorithm: 0x603" \
				3626	-s "got named group: x448(001e)" \
				3627	-s "Verifying peer X.509 certificate... ok" \
				3628	-c "HTTP/1.0 200 OK" \
				3629	-C "received HelloRetryRequest message"
				3630
				3631	requires_config_enabled MBEDTLS_DEBUG_C
				3632	requires_config_enabled MBEDTLS_SSL_CLI_C
				3633	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3634	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3635	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				3636	requires_gnutls_tls1_3
				3637	requires_gnutls_next_no_ticket
				3638	requires_gnutls_next_disable_tls13_compat
				3639	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
				3640	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3641	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \
				3642	0 \
				3643	-s "Protocol is TLSv1.3" \
				3644	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				3645	-s "received signature algorithm: 0x804" \
				3646	-s "got named group: x448(001e)" \
				3647	-s "Verifying peer X.509 certificate... ok" \
				3648	-c "HTTP/1.0 200 OK" \
				3649	-C "received HelloRetryRequest message"
				3650
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3651	requires_openssl_tls1_3
				3652	requires_config_enabled MBEDTLS_DEBUG_C
				3653	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3654	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3655	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	3656	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3657	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3658	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3659	0 \
				3660	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3661	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3662	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3663	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3664	-c "NamedGroup: secp256r1 ( 17 )" \
				3665	-c "Verifying peer X.509 certificate... ok" \
				3666	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3667
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3668	requires_openssl_tls1_3
				3669	requires_config_enabled MBEDTLS_DEBUG_C
				3670	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3671	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3672	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	3673	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3674	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3675	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3676	0 \
				3677	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3678	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3679	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3680	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3681	-c "NamedGroup: secp256r1 ( 17 )" \
				3682	-c "Verifying peer X.509 certificate... ok" \
				3683	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3684
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3685	requires_openssl_tls1_3
				3686	requires_config_enabled MBEDTLS_DEBUG_C
				3687	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3688	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3689	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	3690	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3691	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3692	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3693	0 \
				3694	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3695	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3696	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3697	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3698	-c "NamedGroup: secp256r1 ( 17 )" \
				3699	-c "Verifying peer X.509 certificate... ok" \
				3700	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3701
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3702	requires_openssl_tls1_3
				3703	requires_config_enabled MBEDTLS_DEBUG_C
				3704	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3705	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3706	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3707	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	3708	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3709	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3710	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3711	0 \
				3712	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3713	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3714	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3715	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3716	-c "NamedGroup: secp256r1 ( 17 )" \
				3717	-c "Verifying peer X.509 certificate... ok" \
				3718	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3719
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3720	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3721	requires_config_enabled MBEDTLS_DEBUG_C
				3722	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3723	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3724	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3725	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3726	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3727	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3728	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3729	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3730	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3731	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3732	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				3733	-c "NamedGroup: secp384r1 ( 18 )" \
				3734	-c "Verifying peer X.509 certificate... ok" \
				3735	-C "received HelloRetryRequest message"
				3736
				3737	requires_openssl_tls1_3
				3738	requires_config_enabled MBEDTLS_DEBUG_C
				3739	requires_config_enabled MBEDTLS_SSL_CLI_C
				3740	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3741	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3742	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3743	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3744	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				3745	0 \
				3746	-c "HTTP/1.0 200 ok" \
				3747	-c "Protocol is TLSv1.3" \
				3748	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3749	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				3750	-c "NamedGroup: secp384r1 ( 18 )" \
				3751	-c "Verifying peer X.509 certificate... ok" \
				3752	-C "received HelloRetryRequest message"
				3753
				3754	requires_openssl_tls1_3
				3755	requires_config_enabled MBEDTLS_DEBUG_C
				3756	requires_config_enabled MBEDTLS_SSL_CLI_C
				3757	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3758	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3759	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3760	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3761	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				3762	0 \
				3763	-c "HTTP/1.0 200 ok" \
				3764	-c "Protocol is TLSv1.3" \
				3765	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3766	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				3767	-c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3768	-c "Verifying peer X.509 certificate... ok" \
				3769	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3770
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3771	requires_openssl_tls1_3
				3772	requires_config_enabled MBEDTLS_DEBUG_C
				3773	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3774	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3775	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3776	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	3777	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3778	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3779	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3780	0 \
				3781	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3782	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3783	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3784	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3785	-c "NamedGroup: secp384r1 ( 18 )" \
				3786	-c "Verifying peer X.509 certificate... ok" \
				3787	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3788
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3789	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3790	requires_config_enabled MBEDTLS_DEBUG_C
				3791	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3792	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3793	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3794	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3795	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3796	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3797	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3798	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3799	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3800	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3801	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				3802	-c "NamedGroup: secp521r1 ( 19 )" \
				3803	-c "Verifying peer X.509 certificate... ok" \
				3804	-C "received HelloRetryRequest message"
				3805
				3806	requires_openssl_tls1_3
				3807	requires_config_enabled MBEDTLS_DEBUG_C
				3808	requires_config_enabled MBEDTLS_SSL_CLI_C
				3809	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3810	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3811	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3812	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3813	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				3814	0 \
				3815	-c "HTTP/1.0 200 ok" \
				3816	-c "Protocol is TLSv1.3" \
				3817	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3818	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				3819	-c "NamedGroup: secp521r1 ( 19 )" \
				3820	-c "Verifying peer X.509 certificate... ok" \
				3821	-C "received HelloRetryRequest message"
				3822
				3823	requires_openssl_tls1_3
				3824	requires_config_enabled MBEDTLS_DEBUG_C
				3825	requires_config_enabled MBEDTLS_SSL_CLI_C
				3826	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3827	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3828	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3829	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3830	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				3831	0 \
				3832	-c "HTTP/1.0 200 ok" \
				3833	-c "Protocol is TLSv1.3" \
				3834	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3835	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				3836	-c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3837	-c "Verifying peer X.509 certificate... ok" \
				3838	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3839
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3840	requires_openssl_tls1_3
				3841	requires_config_enabled MBEDTLS_DEBUG_C
				3842	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3843	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3844	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3845	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	3846	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3847	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3848	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3849	0 \
				3850	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3851	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3852	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3853	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3854	-c "NamedGroup: secp521r1 ( 19 )" \
				3855	-c "Verifying peer X.509 certificate... ok" \
				3856	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3857
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3858	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3859	requires_config_enabled MBEDTLS_DEBUG_C
				3860	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3861	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3862	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3863	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3864	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3865	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3866	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3867	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3868	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3869	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3870	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				3871	-c "NamedGroup: x25519 ( 1d )" \
				3872	-c "Verifying peer X.509 certificate... ok" \
				3873	-C "received HelloRetryRequest message"
				3874
				3875	requires_openssl_tls1_3
				3876	requires_config_enabled MBEDTLS_DEBUG_C
				3877	requires_config_enabled MBEDTLS_SSL_CLI_C
				3878	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3879	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3880	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3881	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3882	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				3883	0 \
				3884	-c "HTTP/1.0 200 ok" \
				3885	-c "Protocol is TLSv1.3" \
				3886	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3887	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				3888	-c "NamedGroup: x25519 ( 1d )" \
				3889	-c "Verifying peer X.509 certificate... ok" \
				3890	-C "received HelloRetryRequest message"
				3891
				3892	requires_openssl_tls1_3
				3893	requires_config_enabled MBEDTLS_DEBUG_C
				3894	requires_config_enabled MBEDTLS_SSL_CLI_C
				3895	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3896	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3897	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3898	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3899	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				3900	0 \
				3901	-c "HTTP/1.0 200 ok" \
				3902	-c "Protocol is TLSv1.3" \
				3903	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3904	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				3905	-c "NamedGroup: x25519 ( 1d )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3906	-c "Verifying peer X.509 certificate... ok" \
				3907	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3908
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3909	requires_openssl_tls1_3
				3910	requires_config_enabled MBEDTLS_DEBUG_C
				3911	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3912	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3913	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3914	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	3915	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3916	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3917	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3918	0 \
				3919	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3920	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3921	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3922	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3923	-c "NamedGroup: x25519 ( 1d )" \
				3924	-c "Verifying peer X.509 certificate... ok" \
				3925	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3926
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3927	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3928	requires_config_enabled MBEDTLS_DEBUG_C
				3929	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3930	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3931	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3932	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3933	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3934	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3935	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3936	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3937	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3938	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3939	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				3940	-c "NamedGroup: x448 ( 1e )" \
				3941	-c "Verifying peer X.509 certificate... ok" \
				3942	-C "received HelloRetryRequest message"
				3943
				3944	requires_openssl_tls1_3
				3945	requires_config_enabled MBEDTLS_DEBUG_C
				3946	requires_config_enabled MBEDTLS_SSL_CLI_C
				3947	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3948	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3949	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3950	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3951	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				3952	0 \
				3953	-c "HTTP/1.0 200 ok" \
				3954	-c "Protocol is TLSv1.3" \
				3955	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3956	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				3957	-c "NamedGroup: x448 ( 1e )" \
				3958	-c "Verifying peer X.509 certificate... ok" \
				3959	-C "received HelloRetryRequest message"
				3960
				3961	requires_openssl_tls1_3
				3962	requires_config_enabled MBEDTLS_DEBUG_C
				3963	requires_config_enabled MBEDTLS_SSL_CLI_C
				3964	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				3965	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3966	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3967	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	3968	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				3969	0 \
				3970	-c "HTTP/1.0 200 ok" \
				3971	-c "Protocol is TLSv1.3" \
				3972	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3973	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				3974	-c "NamedGroup: x448 ( 1e )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3975	-c "Verifying peer X.509 certificate... ok" \
				3976	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3977
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3978	requires_openssl_tls1_3
				3979	requires_config_enabled MBEDTLS_DEBUG_C
				3980	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3981	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	3982	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3983	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	3984	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	3985	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3986	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3987	0 \
				3988	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	3989	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	3990	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				3991	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	3992	-c "NamedGroup: x448 ( 1e )" \
				3993	-c "Verifying peer X.509 certificate... ok" \
				3994	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	3995
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	3996	requires_openssl_tls1_3
				3997	requires_config_enabled MBEDTLS_DEBUG_C
				3998	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	3999	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4000	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4001	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4002	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4003	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4004	0 \
				4005	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4006	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4007	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4008	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4009	-c "NamedGroup: secp256r1 ( 17 )" \
				4010	-c "Verifying peer X.509 certificate... ok" \
				4011	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4012
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4013	requires_openssl_tls1_3
				4014	requires_config_enabled MBEDTLS_DEBUG_C
				4015	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4016	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4017	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4018	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4019	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4020	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4021	0 \
				4022	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4023	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4024	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4025	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4026	-c "NamedGroup: secp256r1 ( 17 )" \
				4027	-c "Verifying peer X.509 certificate... ok" \
				4028	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4029
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4030	requires_openssl_tls1_3
				4031	requires_config_enabled MBEDTLS_DEBUG_C
				4032	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4033	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4034	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4035	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4036	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4037	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4038	0 \
				4039	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4040	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4041	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4042	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4043	-c "NamedGroup: secp256r1 ( 17 )" \
				4044	-c "Verifying peer X.509 certificate... ok" \
				4045	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4046
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4047	requires_openssl_tls1_3
				4048	requires_config_enabled MBEDTLS_DEBUG_C
				4049	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4050	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4051	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4052	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4053	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4054	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4055	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4056	0 \
				4057	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4058	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4059	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4060	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4061	-c "NamedGroup: secp256r1 ( 17 )" \
				4062	-c "Verifying peer X.509 certificate... ok" \
				4063	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4064
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4065	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4066	requires_config_enabled MBEDTLS_DEBUG_C
				4067	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4068	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4069	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4070	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4071	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4072	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4073	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4074	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4075	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4076	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4077	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4078	-c "NamedGroup: secp384r1 ( 18 )" \
				4079	-c "Verifying peer X.509 certificate... ok" \
				4080	-C "received HelloRetryRequest message"
				4081
				4082	requires_openssl_tls1_3
				4083	requires_config_enabled MBEDTLS_DEBUG_C
				4084	requires_config_enabled MBEDTLS_SSL_CLI_C
				4085	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4086	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4087	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4088	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4089	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				4090	0 \
				4091	-c "HTTP/1.0 200 ok" \
				4092	-c "Protocol is TLSv1.3" \
				4093	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4094	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4095	-c "NamedGroup: secp384r1 ( 18 )" \
				4096	-c "Verifying peer X.509 certificate... ok" \
				4097	-C "received HelloRetryRequest message"
				4098
				4099	requires_openssl_tls1_3
				4100	requires_config_enabled MBEDTLS_DEBUG_C
				4101	requires_config_enabled MBEDTLS_SSL_CLI_C
				4102	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4103	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4104	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4105	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4106	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				4107	0 \
				4108	-c "HTTP/1.0 200 ok" \
				4109	-c "Protocol is TLSv1.3" \
				4110	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4111	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4112	-c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4113	-c "Verifying peer X.509 certificate... ok" \
				4114	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4115
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4116	requires_openssl_tls1_3
				4117	requires_config_enabled MBEDTLS_DEBUG_C
				4118	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4119	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4120	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4121	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4122	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4123	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4124	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4125	0 \
				4126	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4127	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4128	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4129	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4130	-c "NamedGroup: secp384r1 ( 18 )" \
				4131	-c "Verifying peer X.509 certificate... ok" \
				4132	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4133
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4134	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4135	requires_config_enabled MBEDTLS_DEBUG_C
				4136	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4137	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4138	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4139	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4140	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4141	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4142	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4143	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4144	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4145	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4146	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4147	-c "NamedGroup: secp521r1 ( 19 )" \
				4148	-c "Verifying peer X.509 certificate... ok" \
				4149	-C "received HelloRetryRequest message"
				4150
				4151	requires_openssl_tls1_3
				4152	requires_config_enabled MBEDTLS_DEBUG_C
				4153	requires_config_enabled MBEDTLS_SSL_CLI_C
				4154	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4155	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4156	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4157	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4158	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				4159	0 \
				4160	-c "HTTP/1.0 200 ok" \
				4161	-c "Protocol is TLSv1.3" \
				4162	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4163	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4164	-c "NamedGroup: secp521r1 ( 19 )" \
				4165	-c "Verifying peer X.509 certificate... ok" \
				4166	-C "received HelloRetryRequest message"
				4167
				4168	requires_openssl_tls1_3
				4169	requires_config_enabled MBEDTLS_DEBUG_C
				4170	requires_config_enabled MBEDTLS_SSL_CLI_C
				4171	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4172	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4173	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4174	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4175	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				4176	0 \
				4177	-c "HTTP/1.0 200 ok" \
				4178	-c "Protocol is TLSv1.3" \
				4179	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4180	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4181	-c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4182	-c "Verifying peer X.509 certificate... ok" \
				4183	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4184
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4185	requires_openssl_tls1_3
				4186	requires_config_enabled MBEDTLS_DEBUG_C
				4187	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4188	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4189	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4190	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4191	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4192	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4193	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4194	0 \
				4195	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4196	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4197	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4198	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4199	-c "NamedGroup: secp521r1 ( 19 )" \
				4200	-c "Verifying peer X.509 certificate... ok" \
				4201	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4202
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4203	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4204	requires_config_enabled MBEDTLS_DEBUG_C
				4205	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4206	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4207	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4208	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4209	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4210	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4211	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4212	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4213	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4214	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4215	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4216	-c "NamedGroup: x25519 ( 1d )" \
				4217	-c "Verifying peer X.509 certificate... ok" \
				4218	-C "received HelloRetryRequest message"
				4219
				4220	requires_openssl_tls1_3
				4221	requires_config_enabled MBEDTLS_DEBUG_C
				4222	requires_config_enabled MBEDTLS_SSL_CLI_C
				4223	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4224	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4225	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4226	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4227	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				4228	0 \
				4229	-c "HTTP/1.0 200 ok" \
				4230	-c "Protocol is TLSv1.3" \
				4231	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4232	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4233	-c "NamedGroup: x25519 ( 1d )" \
				4234	-c "Verifying peer X.509 certificate... ok" \
				4235	-C "received HelloRetryRequest message"
				4236
				4237	requires_openssl_tls1_3
				4238	requires_config_enabled MBEDTLS_DEBUG_C
				4239	requires_config_enabled MBEDTLS_SSL_CLI_C
				4240	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4241	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4242	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4243	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4244	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				4245	0 \
				4246	-c "HTTP/1.0 200 ok" \
				4247	-c "Protocol is TLSv1.3" \
				4248	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4249	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4250	-c "NamedGroup: x25519 ( 1d )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4251	-c "Verifying peer X.509 certificate... ok" \
				4252	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4253
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4254	requires_openssl_tls1_3
				4255	requires_config_enabled MBEDTLS_DEBUG_C
				4256	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4257	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4258	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4259	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4260	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4261	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4262	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4263	0 \
				4264	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4265	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4266	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4267	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4268	-c "NamedGroup: x25519 ( 1d )" \
				4269	-c "Verifying peer X.509 certificate... ok" \
				4270	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4271
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4272	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4273	requires_config_enabled MBEDTLS_DEBUG_C
				4274	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4275	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4276	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4277	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4278	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4279	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4280	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4281	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4282	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4283	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4284	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4285	-c "NamedGroup: x448 ( 1e )" \
				4286	-c "Verifying peer X.509 certificate... ok" \
				4287	-C "received HelloRetryRequest message"
				4288
				4289	requires_openssl_tls1_3
				4290	requires_config_enabled MBEDTLS_DEBUG_C
				4291	requires_config_enabled MBEDTLS_SSL_CLI_C
				4292	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4293	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4294	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4295	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4296	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				4297	0 \
				4298	-c "HTTP/1.0 200 ok" \
				4299	-c "Protocol is TLSv1.3" \
				4300	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4301	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4302	-c "NamedGroup: x448 ( 1e )" \
				4303	-c "Verifying peer X.509 certificate... ok" \
				4304	-C "received HelloRetryRequest message"
				4305
				4306	requires_openssl_tls1_3
				4307	requires_config_enabled MBEDTLS_DEBUG_C
				4308	requires_config_enabled MBEDTLS_SSL_CLI_C
				4309	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4310	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4311	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4312	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4313	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				4314	0 \
				4315	-c "HTTP/1.0 200 ok" \
				4316	-c "Protocol is TLSv1.3" \
				4317	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4318	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4319	-c "NamedGroup: x448 ( 1e )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4320	-c "Verifying peer X.509 certificate... ok" \
				4321	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4322
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4323	requires_openssl_tls1_3
				4324	requires_config_enabled MBEDTLS_DEBUG_C
				4325	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4326	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4327	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4328	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4329	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4330	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4331	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4332	0 \
				4333	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4334	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4335	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				4336	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4337	-c "NamedGroup: x448 ( 1e )" \
				4338	-c "Verifying peer X.509 certificate... ok" \
				4339	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4340
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4341	requires_openssl_tls1_3
				4342	requires_config_enabled MBEDTLS_DEBUG_C
				4343	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4344	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4345	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4346	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4347	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4348	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4349	0 \
				4350	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4351	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4352	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4353	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4354	-c "NamedGroup: secp256r1 ( 17 )" \
				4355	-c "Verifying peer X.509 certificate... ok" \
				4356	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4357
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4358	requires_openssl_tls1_3
				4359	requires_config_enabled MBEDTLS_DEBUG_C
				4360	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4361	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4362	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4363	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4364	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4365	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4366	0 \
				4367	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4368	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4369	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4370	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4371	-c "NamedGroup: secp256r1 ( 17 )" \
				4372	-c "Verifying peer X.509 certificate... ok" \
				4373	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4374
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4375	requires_openssl_tls1_3
				4376	requires_config_enabled MBEDTLS_DEBUG_C
				4377	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4378	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4379	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4380	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4381	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4382	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4383	0 \
				4384	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4385	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4386	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4387	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4388	-c "NamedGroup: secp256r1 ( 17 )" \
				4389	-c "Verifying peer X.509 certificate... ok" \
				4390	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4391
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4392	requires_openssl_tls1_3
				4393	requires_config_enabled MBEDTLS_DEBUG_C
				4394	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4395	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4396	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4397	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4398	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4399	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4400	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4401	0 \
				4402	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4403	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4404	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4405	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4406	-c "NamedGroup: secp256r1 ( 17 )" \
				4407	-c "Verifying peer X.509 certificate... ok" \
				4408	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4409
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4410	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4411	requires_config_enabled MBEDTLS_DEBUG_C
				4412	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4413	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4414	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4415	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4416	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4417	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4418	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4419	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4420	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4421	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4422	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4423	-c "NamedGroup: secp384r1 ( 18 )" \
				4424	-c "Verifying peer X.509 certificate... ok" \
				4425	-C "received HelloRetryRequest message"
				4426
				4427	requires_openssl_tls1_3
				4428	requires_config_enabled MBEDTLS_DEBUG_C
				4429	requires_config_enabled MBEDTLS_SSL_CLI_C
				4430	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4431	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4432	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4433	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4434	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				4435	0 \
				4436	-c "HTTP/1.0 200 ok" \
				4437	-c "Protocol is TLSv1.3" \
				4438	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4439	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4440	-c "NamedGroup: secp384r1 ( 18 )" \
				4441	-c "Verifying peer X.509 certificate... ok" \
				4442	-C "received HelloRetryRequest message"
				4443
				4444	requires_openssl_tls1_3
				4445	requires_config_enabled MBEDTLS_DEBUG_C
				4446	requires_config_enabled MBEDTLS_SSL_CLI_C
				4447	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4448	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4449	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4450	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4451	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				4452	0 \
				4453	-c "HTTP/1.0 200 ok" \
				4454	-c "Protocol is TLSv1.3" \
				4455	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4456	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4457	-c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4458	-c "Verifying peer X.509 certificate... ok" \
				4459	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4460
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4461	requires_openssl_tls1_3
				4462	requires_config_enabled MBEDTLS_DEBUG_C
				4463	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4464	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4465	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4466	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4467	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4468	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4469	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4470	0 \
				4471	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4472	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4473	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4474	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4475	-c "NamedGroup: secp384r1 ( 18 )" \
				4476	-c "Verifying peer X.509 certificate... ok" \
				4477	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4478
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4479	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4480	requires_config_enabled MBEDTLS_DEBUG_C
				4481	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4482	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4483	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4484	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4485	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4486	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4487	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4488	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4489	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4490	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4491	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4492	-c "NamedGroup: secp521r1 ( 19 )" \
				4493	-c "Verifying peer X.509 certificate... ok" \
				4494	-C "received HelloRetryRequest message"
				4495
				4496	requires_openssl_tls1_3
				4497	requires_config_enabled MBEDTLS_DEBUG_C
				4498	requires_config_enabled MBEDTLS_SSL_CLI_C
				4499	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4500	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4501	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4502	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4503	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				4504	0 \
				4505	-c "HTTP/1.0 200 ok" \
				4506	-c "Protocol is TLSv1.3" \
				4507	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4508	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4509	-c "NamedGroup: secp521r1 ( 19 )" \
				4510	-c "Verifying peer X.509 certificate... ok" \
				4511	-C "received HelloRetryRequest message"
				4512
				4513	requires_openssl_tls1_3
				4514	requires_config_enabled MBEDTLS_DEBUG_C
				4515	requires_config_enabled MBEDTLS_SSL_CLI_C
				4516	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4517	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4518	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4519	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4520	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				4521	0 \
				4522	-c "HTTP/1.0 200 ok" \
				4523	-c "Protocol is TLSv1.3" \
				4524	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4525	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4526	-c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4527	-c "Verifying peer X.509 certificate... ok" \
				4528	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4529
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4530	requires_openssl_tls1_3
				4531	requires_config_enabled MBEDTLS_DEBUG_C
				4532	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4533	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4534	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4535	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4536	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4537	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4538	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4539	0 \
				4540	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4541	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4542	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4543	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4544	-c "NamedGroup: secp521r1 ( 19 )" \
				4545	-c "Verifying peer X.509 certificate... ok" \
				4546	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4547
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4548	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4549	requires_config_enabled MBEDTLS_DEBUG_C
				4550	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4551	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4552	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4553	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4554	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4555	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4556	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4557	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4558	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4559	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4560	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4561	-c "NamedGroup: x25519 ( 1d )" \
				4562	-c "Verifying peer X.509 certificate... ok" \
				4563	-C "received HelloRetryRequest message"
				4564
				4565	requires_openssl_tls1_3
				4566	requires_config_enabled MBEDTLS_DEBUG_C
				4567	requires_config_enabled MBEDTLS_SSL_CLI_C
				4568	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4569	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4570	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4571	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4572	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				4573	0 \
				4574	-c "HTTP/1.0 200 ok" \
				4575	-c "Protocol is TLSv1.3" \
				4576	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4577	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4578	-c "NamedGroup: x25519 ( 1d )" \
				4579	-c "Verifying peer X.509 certificate... ok" \
				4580	-C "received HelloRetryRequest message"
				4581
				4582	requires_openssl_tls1_3
				4583	requires_config_enabled MBEDTLS_DEBUG_C
				4584	requires_config_enabled MBEDTLS_SSL_CLI_C
				4585	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4586	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4587	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4588	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4589	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				4590	0 \
				4591	-c "HTTP/1.0 200 ok" \
				4592	-c "Protocol is TLSv1.3" \
				4593	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4594	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4595	-c "NamedGroup: x25519 ( 1d )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4596	-c "Verifying peer X.509 certificate... ok" \
				4597	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4598
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4599	requires_openssl_tls1_3
				4600	requires_config_enabled MBEDTLS_DEBUG_C
				4601	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4602	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4603	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4604	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4605	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4606	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4607	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4608	0 \
				4609	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4610	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4611	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4612	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4613	-c "NamedGroup: x25519 ( 1d )" \
				4614	-c "Verifying peer X.509 certificate... ok" \
				4615	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4616
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4617	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4618	requires_config_enabled MBEDTLS_DEBUG_C
				4619	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4620	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4621	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4622	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4623	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4624	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4625	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4626	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4627	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4628	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4629	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4630	-c "NamedGroup: x448 ( 1e )" \
				4631	-c "Verifying peer X.509 certificate... ok" \
				4632	-C "received HelloRetryRequest message"
				4633
				4634	requires_openssl_tls1_3
				4635	requires_config_enabled MBEDTLS_DEBUG_C
				4636	requires_config_enabled MBEDTLS_SSL_CLI_C
				4637	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4638	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4639	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4640	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4641	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				4642	0 \
				4643	-c "HTTP/1.0 200 ok" \
				4644	-c "Protocol is TLSv1.3" \
				4645	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4646	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4647	-c "NamedGroup: x448 ( 1e )" \
				4648	-c "Verifying peer X.509 certificate... ok" \
				4649	-C "received HelloRetryRequest message"
				4650
				4651	requires_openssl_tls1_3
				4652	requires_config_enabled MBEDTLS_DEBUG_C
				4653	requires_config_enabled MBEDTLS_SSL_CLI_C
				4654	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4655	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4656	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4657	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4658	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				4659	0 \
				4660	-c "HTTP/1.0 200 ok" \
				4661	-c "Protocol is TLSv1.3" \
				4662	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4663	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4664	-c "NamedGroup: x448 ( 1e )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4665	-c "Verifying peer X.509 certificate... ok" \
				4666	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4667
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4668	requires_openssl_tls1_3
				4669	requires_config_enabled MBEDTLS_DEBUG_C
				4670	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4671	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4672	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4673	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4674	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4675	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4676	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4677	0 \
				4678	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4679	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4680	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				4681	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4682	-c "NamedGroup: x448 ( 1e )" \
				4683	-c "Verifying peer X.509 certificate... ok" \
				4684	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4685
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4686	requires_openssl_tls1_3
				4687	requires_config_enabled MBEDTLS_DEBUG_C
				4688	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4689	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4690	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4691	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4692	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4693	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4694	0 \
				4695	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4696	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4697	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4698	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4699	-c "NamedGroup: secp256r1 ( 17 )" \
				4700	-c "Verifying peer X.509 certificate... ok" \
				4701	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4702
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4703	requires_openssl_tls1_3
				4704	requires_config_enabled MBEDTLS_DEBUG_C
				4705	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4706	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4707	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4708	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4709	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4710	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4711	0 \
				4712	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4713	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4714	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4715	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4716	-c "NamedGroup: secp256r1 ( 17 )" \
				4717	-c "Verifying peer X.509 certificate... ok" \
				4718	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4719
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4720	requires_openssl_tls1_3
				4721	requires_config_enabled MBEDTLS_DEBUG_C
				4722	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4723	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4724	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4725	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4726	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4727	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4728	0 \
				4729	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4730	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4731	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4732	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4733	-c "NamedGroup: secp256r1 ( 17 )" \
				4734	-c "Verifying peer X.509 certificate... ok" \
				4735	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4736
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4737	requires_openssl_tls1_3
				4738	requires_config_enabled MBEDTLS_DEBUG_C
				4739	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4740	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4741	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4742	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4743	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4744	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4745	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4746	0 \
				4747	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4748	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4749	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4750	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4751	-c "NamedGroup: secp256r1 ( 17 )" \
				4752	-c "Verifying peer X.509 certificate... ok" \
				4753	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4754
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4755	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4756	requires_config_enabled MBEDTLS_DEBUG_C
				4757	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4758	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4759	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4760	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4761	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4762	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4763	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4764	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4765	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4766	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4767	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4768	-c "NamedGroup: secp384r1 ( 18 )" \
				4769	-c "Verifying peer X.509 certificate... ok" \
				4770	-C "received HelloRetryRequest message"
				4771
				4772	requires_openssl_tls1_3
				4773	requires_config_enabled MBEDTLS_DEBUG_C
				4774	requires_config_enabled MBEDTLS_SSL_CLI_C
				4775	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4776	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4777	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4778	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4779	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				4780	0 \
				4781	-c "HTTP/1.0 200 ok" \
				4782	-c "Protocol is TLSv1.3" \
				4783	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4784	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4785	-c "NamedGroup: secp384r1 ( 18 )" \
				4786	-c "Verifying peer X.509 certificate... ok" \
				4787	-C "received HelloRetryRequest message"
				4788
				4789	requires_openssl_tls1_3
				4790	requires_config_enabled MBEDTLS_DEBUG_C
				4791	requires_config_enabled MBEDTLS_SSL_CLI_C
				4792	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4793	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4794	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4795	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4796	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				4797	0 \
				4798	-c "HTTP/1.0 200 ok" \
				4799	-c "Protocol is TLSv1.3" \
				4800	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4801	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4802	-c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4803	-c "Verifying peer X.509 certificate... ok" \
				4804	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4805
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4806	requires_openssl_tls1_3
				4807	requires_config_enabled MBEDTLS_DEBUG_C
				4808	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4809	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4810	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4811	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4812	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4813	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4814	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4815	0 \
				4816	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4817	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4818	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4819	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4820	-c "NamedGroup: secp384r1 ( 18 )" \
				4821	-c "Verifying peer X.509 certificate... ok" \
				4822	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4823
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4824	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4825	requires_config_enabled MBEDTLS_DEBUG_C
				4826	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4827	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4828	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4829	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4830	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4831	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4832	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4833	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4834	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4835	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4836	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4837	-c "NamedGroup: secp521r1 ( 19 )" \
				4838	-c "Verifying peer X.509 certificate... ok" \
				4839	-C "received HelloRetryRequest message"
				4840
				4841	requires_openssl_tls1_3
				4842	requires_config_enabled MBEDTLS_DEBUG_C
				4843	requires_config_enabled MBEDTLS_SSL_CLI_C
				4844	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4845	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4846	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4847	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4848	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				4849	0 \
				4850	-c "HTTP/1.0 200 ok" \
				4851	-c "Protocol is TLSv1.3" \
				4852	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4853	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4854	-c "NamedGroup: secp521r1 ( 19 )" \
				4855	-c "Verifying peer X.509 certificate... ok" \
				4856	-C "received HelloRetryRequest message"
				4857
				4858	requires_openssl_tls1_3
				4859	requires_config_enabled MBEDTLS_DEBUG_C
				4860	requires_config_enabled MBEDTLS_SSL_CLI_C
				4861	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4862	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4863	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4864	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4865	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				4866	0 \
				4867	-c "HTTP/1.0 200 ok" \
				4868	-c "Protocol is TLSv1.3" \
				4869	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4870	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4871	-c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4872	-c "Verifying peer X.509 certificate... ok" \
				4873	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4874
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4875	requires_openssl_tls1_3
				4876	requires_config_enabled MBEDTLS_DEBUG_C
				4877	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4878	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4879	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4880	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4881	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4882	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4883	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4884	0 \
				4885	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4886	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4887	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4888	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4889	-c "NamedGroup: secp521r1 ( 19 )" \
				4890	-c "Verifying peer X.509 certificate... ok" \
				4891	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4892
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4893	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4894	requires_config_enabled MBEDTLS_DEBUG_C
				4895	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4896	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4897	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4898	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4899	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4900	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4901	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4902	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4903	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4904	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4905	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4906	-c "NamedGroup: x25519 ( 1d )" \
				4907	-c "Verifying peer X.509 certificate... ok" \
				4908	-C "received HelloRetryRequest message"
				4909
				4910	requires_openssl_tls1_3
				4911	requires_config_enabled MBEDTLS_DEBUG_C
				4912	requires_config_enabled MBEDTLS_SSL_CLI_C
				4913	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4914	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4915	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4916	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4917	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				4918	0 \
				4919	-c "HTTP/1.0 200 ok" \
				4920	-c "Protocol is TLSv1.3" \
				4921	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4922	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4923	-c "NamedGroup: x25519 ( 1d )" \
				4924	-c "Verifying peer X.509 certificate... ok" \
				4925	-C "received HelloRetryRequest message"
				4926
				4927	requires_openssl_tls1_3
				4928	requires_config_enabled MBEDTLS_DEBUG_C
				4929	requires_config_enabled MBEDTLS_SSL_CLI_C
				4930	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4931	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4932	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4933	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4934	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				4935	0 \
				4936	-c "HTTP/1.0 200 ok" \
				4937	-c "Protocol is TLSv1.3" \
				4938	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4939	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				4940	-c "NamedGroup: x25519 ( 1d )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4941	-c "Verifying peer X.509 certificate... ok" \
				4942	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4943
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4944	requires_openssl_tls1_3
				4945	requires_config_enabled MBEDTLS_DEBUG_C
				4946	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4947	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4948	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4949	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	4950	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4951	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4952	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4953	0 \
				4954	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4955	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4956	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4957	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	4958	-c "NamedGroup: x25519 ( 1d )" \
				4959	-c "Verifying peer X.509 certificate... ok" \
				4960	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	4961
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4962	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	4963	requires_config_enabled MBEDTLS_DEBUG_C
				4964	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	4965	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	4966	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4967	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4968	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4969	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4970	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4971	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	4972	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	4973	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4974	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				4975	-c "NamedGroup: x448 ( 1e )" \
				4976	-c "Verifying peer X.509 certificate... ok" \
				4977	-C "received HelloRetryRequest message"
				4978
				4979	requires_openssl_tls1_3
				4980	requires_config_enabled MBEDTLS_DEBUG_C
				4981	requires_config_enabled MBEDTLS_SSL_CLI_C
				4982	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				4983	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4984	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	4985	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	4986	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				4987	0 \
				4988	-c "HTTP/1.0 200 ok" \
				4989	-c "Protocol is TLSv1.3" \
				4990	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				4991	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				4992	-c "NamedGroup: x448 ( 1e )" \
				4993	-c "Verifying peer X.509 certificate... ok" \
				4994	-C "received HelloRetryRequest message"
				4995
				4996	requires_openssl_tls1_3
				4997	requires_config_enabled MBEDTLS_DEBUG_C
				4998	requires_config_enabled MBEDTLS_SSL_CLI_C
				4999	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5000	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5001	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5002	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5003	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				5004	0 \
				5005	-c "HTTP/1.0 200 ok" \
				5006	-c "Protocol is TLSv1.3" \
				5007	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				5008	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5009	-c "NamedGroup: x448 ( 1e )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5010	-c "Verifying peer X.509 certificate... ok" \
				5011	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5012
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5013	requires_openssl_tls1_3
				5014	requires_config_enabled MBEDTLS_DEBUG_C
				5015	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5016	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5017	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5018	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5019	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5020	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5021	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5022	0 \
				5023	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5024	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5025	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				5026	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5027	-c "NamedGroup: x448 ( 1e )" \
				5028	-c "Verifying peer X.509 certificate... ok" \
				5029	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5030
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5031	requires_openssl_tls1_3
				5032	requires_config_enabled MBEDTLS_DEBUG_C
				5033	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5034	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5035	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5036	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5037	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5038	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5039	0 \
				5040	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5041	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5042	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5043	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5044	-c "NamedGroup: secp256r1 ( 17 )" \
				5045	-c "Verifying peer X.509 certificate... ok" \
				5046	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5047
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5048	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5049	requires_config_enabled MBEDTLS_DEBUG_C
				5050	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5051	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5052	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5053	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5054	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5055	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5056	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5057	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5058	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5059	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5060	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5061	-c "NamedGroup: secp256r1 ( 17 )" \
				5062	-c "Verifying peer X.509 certificate... ok" \
				5063	-C "received HelloRetryRequest message"
				5064
				5065	requires_openssl_tls1_3
				5066	requires_config_enabled MBEDTLS_DEBUG_C
				5067	requires_config_enabled MBEDTLS_SSL_CLI_C
				5068	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5069	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5070	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5071	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5072	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
				5073	0 \
				5074	-c "HTTP/1.0 200 ok" \
				5075	-c "Protocol is TLSv1.3" \
				5076	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5077	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5078	-c "NamedGroup: secp256r1 ( 17 )" \
				5079	-c "Verifying peer X.509 certificate... ok" \
				5080	-C "received HelloRetryRequest message"
				5081
				5082	requires_openssl_tls1_3
				5083	requires_config_enabled MBEDTLS_DEBUG_C
				5084	requires_config_enabled MBEDTLS_SSL_CLI_C
				5085	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5086	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5087	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5088	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5089	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5090	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
				5091	0 \
				5092	-c "HTTP/1.0 200 ok" \
				5093	-c "Protocol is TLSv1.3" \
				5094	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5095	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5096	-c "NamedGroup: secp256r1 ( 17 )" \
				5097	-c "Verifying peer X.509 certificate... ok" \
				5098	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5099
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5100	requires_openssl_tls1_3
				5101	requires_config_enabled MBEDTLS_DEBUG_C
				5102	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5103	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5104	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5105	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5106	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5107	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5108	0 \
				5109	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5110	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5111	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5112	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5113	-c "NamedGroup: secp384r1 ( 18 )" \
				5114	-c "Verifying peer X.509 certificate... ok" \
				5115	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5116
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5117	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5118	requires_config_enabled MBEDTLS_DEBUG_C
				5119	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5120	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5121	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5122	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5123	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5124	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5125	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5126	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5127	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5128	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5129	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5130	-c "NamedGroup: secp384r1 ( 18 )" \
				5131	-c "Verifying peer X.509 certificate... ok" \
				5132	-C "received HelloRetryRequest message"
				5133
				5134	requires_openssl_tls1_3
				5135	requires_config_enabled MBEDTLS_DEBUG_C
				5136	requires_config_enabled MBEDTLS_SSL_CLI_C
				5137	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5138	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5139	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5140	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5141	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				5142	0 \
				5143	-c "HTTP/1.0 200 ok" \
				5144	-c "Protocol is TLSv1.3" \
				5145	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5146	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5147	-c "NamedGroup: secp384r1 ( 18 )" \
				5148	-c "Verifying peer X.509 certificate... ok" \
				5149	-C "received HelloRetryRequest message"
				5150
				5151	requires_openssl_tls1_3
				5152	requires_config_enabled MBEDTLS_DEBUG_C
				5153	requires_config_enabled MBEDTLS_SSL_CLI_C
				5154	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5155	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5156	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5157	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5158	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5159	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
				5160	0 \
				5161	-c "HTTP/1.0 200 ok" \
				5162	-c "Protocol is TLSv1.3" \
				5163	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5164	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5165	-c "NamedGroup: secp384r1 ( 18 )" \
				5166	-c "Verifying peer X.509 certificate... ok" \
				5167	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5168
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5169	requires_openssl_tls1_3
				5170	requires_config_enabled MBEDTLS_DEBUG_C
				5171	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5172	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5173	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5174	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5175	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5176	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5177	0 \
				5178	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5179	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5180	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5181	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5182	-c "NamedGroup: secp521r1 ( 19 )" \
				5183	-c "Verifying peer X.509 certificate... ok" \
				5184	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5185
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5186	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5187	requires_config_enabled MBEDTLS_DEBUG_C
				5188	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5189	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5190	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5191	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5192	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5193	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5194	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5195	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5196	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5197	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5198	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5199	-c "NamedGroup: secp521r1 ( 19 )" \
				5200	-c "Verifying peer X.509 certificate... ok" \
				5201	-C "received HelloRetryRequest message"
				5202
				5203	requires_openssl_tls1_3
				5204	requires_config_enabled MBEDTLS_DEBUG_C
				5205	requires_config_enabled MBEDTLS_SSL_CLI_C
				5206	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5207	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5208	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5209	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5210	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				5211	0 \
				5212	-c "HTTP/1.0 200 ok" \
				5213	-c "Protocol is TLSv1.3" \
				5214	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5215	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5216	-c "NamedGroup: secp521r1 ( 19 )" \
				5217	-c "Verifying peer X.509 certificate... ok" \
				5218	-C "received HelloRetryRequest message"
				5219
				5220	requires_openssl_tls1_3
				5221	requires_config_enabled MBEDTLS_DEBUG_C
				5222	requires_config_enabled MBEDTLS_SSL_CLI_C
				5223	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5224	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5225	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5226	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5227	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5228	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
				5229	0 \
				5230	-c "HTTP/1.0 200 ok" \
				5231	-c "Protocol is TLSv1.3" \
				5232	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5233	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5234	-c "NamedGroup: secp521r1 ( 19 )" \
				5235	-c "Verifying peer X.509 certificate... ok" \
				5236	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5237
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5238	requires_openssl_tls1_3
				5239	requires_config_enabled MBEDTLS_DEBUG_C
				5240	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5241	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5242	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5243	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5244	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5245	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5246	0 \
				5247	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5248	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5249	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5250	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5251	-c "NamedGroup: x25519 ( 1d )" \
				5252	-c "Verifying peer X.509 certificate... ok" \
				5253	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5254
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5255	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5256	requires_config_enabled MBEDTLS_DEBUG_C
				5257	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5258	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5259	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5260	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5261	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5262	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5263	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5264	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5265	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5266	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5267	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5268	-c "NamedGroup: x25519 ( 1d )" \
				5269	-c "Verifying peer X.509 certificate... ok" \
				5270	-C "received HelloRetryRequest message"
				5271
				5272	requires_openssl_tls1_3
				5273	requires_config_enabled MBEDTLS_DEBUG_C
				5274	requires_config_enabled MBEDTLS_SSL_CLI_C
				5275	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5276	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5277	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5278	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5279	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				5280	0 \
				5281	-c "HTTP/1.0 200 ok" \
				5282	-c "Protocol is TLSv1.3" \
				5283	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5284	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5285	-c "NamedGroup: x25519 ( 1d )" \
				5286	-c "Verifying peer X.509 certificate... ok" \
				5287	-C "received HelloRetryRequest message"
				5288
				5289	requires_openssl_tls1_3
				5290	requires_config_enabled MBEDTLS_DEBUG_C
				5291	requires_config_enabled MBEDTLS_SSL_CLI_C
				5292	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5293	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5294	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5295	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5296	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5297	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
				5298	0 \
				5299	-c "HTTP/1.0 200 ok" \
				5300	-c "Protocol is TLSv1.3" \
				5301	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5302	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5303	-c "NamedGroup: x25519 ( 1d )" \
				5304	-c "Verifying peer X.509 certificate... ok" \
				5305	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5306
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5307	requires_openssl_tls1_3
				5308	requires_config_enabled MBEDTLS_DEBUG_C
				5309	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5310	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5311	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5312	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5313	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5314	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5315	0 \
				5316	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5317	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5318	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5319	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5320	-c "NamedGroup: x448 ( 1e )" \
				5321	-c "Verifying peer X.509 certificate... ok" \
				5322	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5323
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5324	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5325	requires_config_enabled MBEDTLS_DEBUG_C
				5326	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5327	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5328	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5329	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5330	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5331	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5332	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5333	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5334	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5335	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5336	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5337	-c "NamedGroup: x448 ( 1e )" \
				5338	-c "Verifying peer X.509 certificate... ok" \
				5339	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5340
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5341	requires_openssl_tls1_3
				5342	requires_config_enabled MBEDTLS_DEBUG_C
				5343	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5344	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5345	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5346	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5347	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5348	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5349	0 \
				5350	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5351	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5352	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5353	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5354	-c "NamedGroup: x448 ( 1e )" \
				5355	-c "Verifying peer X.509 certificate... ok" \
				5356	-C "received HelloRetryRequest message"
				5357
				5358	requires_openssl_tls1_3
				5359	requires_config_enabled MBEDTLS_DEBUG_C
				5360	requires_config_enabled MBEDTLS_SSL_CLI_C
				5361	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5362	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5363	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5364	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5365	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5366	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
				5367	0 \
				5368	-c "HTTP/1.0 200 ok" \
				5369	-c "Protocol is TLSv1.3" \
				5370	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				5371	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5372	-c "NamedGroup: x448 ( 1e )" \
				5373	-c "Verifying peer X.509 certificate... ok" \
				5374	-C "received HelloRetryRequest message"
				5375
				5376	requires_gnutls_tls1_3
				5377	requires_gnutls_next_no_ticket
				5378	requires_gnutls_next_disable_tls13_compat
				5379	requires_config_enabled MBEDTLS_DEBUG_C
				5380	requires_config_enabled MBEDTLS_SSL_CLI_C
				5381	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5382	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5383	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5384	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5385	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
				5386	0 \
				5387	-c "HTTP/1.0 200 OK" \
				5388	-c "Protocol is TLSv1.3" \
				5389	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5390	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5391	-c "NamedGroup: secp256r1 ( 17 )" \
				5392	-c "Verifying peer X.509 certificate... ok" \
				5393	-C "received HelloRetryRequest message"
				5394
				5395	requires_gnutls_tls1_3
				5396	requires_gnutls_next_no_ticket
				5397	requires_gnutls_next_disable_tls13_compat
				5398	requires_config_enabled MBEDTLS_DEBUG_C
				5399	requires_config_enabled MBEDTLS_SSL_CLI_C
				5400	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5401	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5402	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5403	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5404	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
				5405	0 \
				5406	-c "HTTP/1.0 200 OK" \
				5407	-c "Protocol is TLSv1.3" \
				5408	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5409	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5410	-c "NamedGroup: secp256r1 ( 17 )" \
				5411	-c "Verifying peer X.509 certificate... ok" \
				5412	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5413
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5414	requires_gnutls_tls1_3
				5415	requires_gnutls_next_no_ticket
				5416	requires_gnutls_next_disable_tls13_compat
				5417	requires_config_enabled MBEDTLS_DEBUG_C
				5418	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	5419	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5420	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5421	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5422	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5423	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
				5424	0 \
				5425	-c "HTTP/1.0 200 OK" \
				5426	-c "Protocol is TLSv1.3" \
				5427	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5428	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5429	-c "NamedGroup: secp256r1 ( 17 )" \
				5430	-c "Verifying peer X.509 certificate... ok" \
				5431	-C "received HelloRetryRequest message"
				5432
				5433	requires_gnutls_tls1_3
				5434	requires_gnutls_next_no_ticket
				5435	requires_gnutls_next_disable_tls13_compat
				5436	requires_config_enabled MBEDTLS_DEBUG_C
				5437	requires_config_enabled MBEDTLS_SSL_CLI_C
				5438	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5439	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5440	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5441	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5442	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5443	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
				5444	0 \
				5445	-c "HTTP/1.0 200 OK" \
				5446	-c "Protocol is TLSv1.3" \
				5447	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5448	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5449	-c "NamedGroup: secp256r1 ( 17 )" \
				5450	-c "Verifying peer X.509 certificate... ok" \
				5451	-C "received HelloRetryRequest message"
				5452
				5453	requires_gnutls_tls1_3
				5454	requires_gnutls_next_no_ticket
				5455	requires_gnutls_next_disable_tls13_compat
				5456	requires_config_enabled MBEDTLS_DEBUG_C
				5457	requires_config_enabled MBEDTLS_SSL_CLI_C
				5458	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5459	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5460	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5461	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5462	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
				5463	0 \
				5464	-c "HTTP/1.0 200 OK" \
				5465	-c "Protocol is TLSv1.3" \
				5466	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5467	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5468	-c "NamedGroup: secp384r1 ( 18 )" \
				5469	-c "Verifying peer X.509 certificate... ok" \
				5470	-C "received HelloRetryRequest message"
				5471
				5472	requires_gnutls_tls1_3
				5473	requires_gnutls_next_no_ticket
				5474	requires_gnutls_next_disable_tls13_compat
				5475	requires_config_enabled MBEDTLS_DEBUG_C
				5476	requires_config_enabled MBEDTLS_SSL_CLI_C
				5477	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5478	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5479	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5480	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5481	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				5482	0 \
				5483	-c "HTTP/1.0 200 OK" \
				5484	-c "Protocol is TLSv1.3" \
				5485	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5486	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5487	-c "NamedGroup: secp384r1 ( 18 )" \
				5488	-c "Verifying peer X.509 certificate... ok" \
				5489	-C "received HelloRetryRequest message"
				5490
				5491	requires_gnutls_tls1_3
				5492	requires_gnutls_next_no_ticket
				5493	requires_gnutls_next_disable_tls13_compat
				5494	requires_config_enabled MBEDTLS_DEBUG_C
				5495	requires_config_enabled MBEDTLS_SSL_CLI_C
				5496	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5497	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5498	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5499	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5500	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				5501	0 \
				5502	-c "HTTP/1.0 200 OK" \
				5503	-c "Protocol is TLSv1.3" \
				5504	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5505	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5506	-c "NamedGroup: secp384r1 ( 18 )" \
				5507	-c "Verifying peer X.509 certificate... ok" \
				5508	-C "received HelloRetryRequest message"
				5509
				5510	requires_gnutls_tls1_3
				5511	requires_gnutls_next_no_ticket
				5512	requires_gnutls_next_disable_tls13_compat
				5513	requires_config_enabled MBEDTLS_DEBUG_C
				5514	requires_config_enabled MBEDTLS_SSL_CLI_C
				5515	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5516	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5517	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5518	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5519	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5520	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
				5521	0 \
				5522	-c "HTTP/1.0 200 OK" \
				5523	-c "Protocol is TLSv1.3" \
				5524	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5525	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5526	-c "NamedGroup: secp384r1 ( 18 )" \
				5527	-c "Verifying peer X.509 certificate... ok" \
				5528	-C "received HelloRetryRequest message"
				5529
				5530	requires_gnutls_tls1_3
				5531	requires_gnutls_next_no_ticket
				5532	requires_gnutls_next_disable_tls13_compat
				5533	requires_config_enabled MBEDTLS_DEBUG_C
				5534	requires_config_enabled MBEDTLS_SSL_CLI_C
				5535	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5536	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5537	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5538	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5539	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
				5540	0 \
				5541	-c "HTTP/1.0 200 OK" \
				5542	-c "Protocol is TLSv1.3" \
				5543	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5544	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5545	-c "NamedGroup: secp521r1 ( 19 )" \
				5546	-c "Verifying peer X.509 certificate... ok" \
				5547	-C "received HelloRetryRequest message"
				5548
				5549	requires_gnutls_tls1_3
				5550	requires_gnutls_next_no_ticket
				5551	requires_gnutls_next_disable_tls13_compat
				5552	requires_config_enabled MBEDTLS_DEBUG_C
				5553	requires_config_enabled MBEDTLS_SSL_CLI_C
				5554	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5555	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5556	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5557	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5558	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				5559	0 \
				5560	-c "HTTP/1.0 200 OK" \
				5561	-c "Protocol is TLSv1.3" \
				5562	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5563	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5564	-c "NamedGroup: secp521r1 ( 19 )" \
				5565	-c "Verifying peer X.509 certificate... ok" \
				5566	-C "received HelloRetryRequest message"
				5567
				5568	requires_gnutls_tls1_3
				5569	requires_gnutls_next_no_ticket
				5570	requires_gnutls_next_disable_tls13_compat
				5571	requires_config_enabled MBEDTLS_DEBUG_C
				5572	requires_config_enabled MBEDTLS_SSL_CLI_C
				5573	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5574	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5575	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5576	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5577	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				5578	0 \
				5579	-c "HTTP/1.0 200 OK" \
				5580	-c "Protocol is TLSv1.3" \
				5581	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5582	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5583	-c "NamedGroup: secp521r1 ( 19 )" \
				5584	-c "Verifying peer X.509 certificate... ok" \
				5585	-C "received HelloRetryRequest message"
				5586
				5587	requires_gnutls_tls1_3
				5588	requires_gnutls_next_no_ticket
				5589	requires_gnutls_next_disable_tls13_compat
				5590	requires_config_enabled MBEDTLS_DEBUG_C
				5591	requires_config_enabled MBEDTLS_SSL_CLI_C
				5592	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5593	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5594	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5595	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5596	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5597	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
				5598	0 \
				5599	-c "HTTP/1.0 200 OK" \
				5600	-c "Protocol is TLSv1.3" \
				5601	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5602	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5603	-c "NamedGroup: secp521r1 ( 19 )" \
				5604	-c "Verifying peer X.509 certificate... ok" \
				5605	-C "received HelloRetryRequest message"
				5606
				5607	requires_gnutls_tls1_3
				5608	requires_gnutls_next_no_ticket
				5609	requires_gnutls_next_disable_tls13_compat
				5610	requires_config_enabled MBEDTLS_DEBUG_C
				5611	requires_config_enabled MBEDTLS_SSL_CLI_C
				5612	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5613	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5614	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5615	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5616	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
				5617	0 \
				5618	-c "HTTP/1.0 200 OK" \
				5619	-c "Protocol is TLSv1.3" \
				5620	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5621	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5622	-c "NamedGroup: x25519 ( 1d )" \
				5623	-c "Verifying peer X.509 certificate... ok" \
				5624	-C "received HelloRetryRequest message"
				5625
				5626	requires_gnutls_tls1_3
				5627	requires_gnutls_next_no_ticket
				5628	requires_gnutls_next_disable_tls13_compat
				5629	requires_config_enabled MBEDTLS_DEBUG_C
				5630	requires_config_enabled MBEDTLS_SSL_CLI_C
				5631	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5632	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5633	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5634	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5635	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				5636	0 \
				5637	-c "HTTP/1.0 200 OK" \
				5638	-c "Protocol is TLSv1.3" \
				5639	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5640	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5641	-c "NamedGroup: x25519 ( 1d )" \
				5642	-c "Verifying peer X.509 certificate... ok" \
				5643	-C "received HelloRetryRequest message"
				5644
				5645	requires_gnutls_tls1_3
				5646	requires_gnutls_next_no_ticket
				5647	requires_gnutls_next_disable_tls13_compat
				5648	requires_config_enabled MBEDTLS_DEBUG_C
				5649	requires_config_enabled MBEDTLS_SSL_CLI_C
				5650	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5651	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5652	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5653	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5654	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				5655	0 \
				5656	-c "HTTP/1.0 200 OK" \
				5657	-c "Protocol is TLSv1.3" \
				5658	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5659	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5660	-c "NamedGroup: x25519 ( 1d )" \
				5661	-c "Verifying peer X.509 certificate... ok" \
				5662	-C "received HelloRetryRequest message"
				5663
				5664	requires_gnutls_tls1_3
				5665	requires_gnutls_next_no_ticket
				5666	requires_gnutls_next_disable_tls13_compat
				5667	requires_config_enabled MBEDTLS_DEBUG_C
				5668	requires_config_enabled MBEDTLS_SSL_CLI_C
				5669	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5670	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5671	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5672	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5673	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5674	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
				5675	0 \
				5676	-c "HTTP/1.0 200 OK" \
				5677	-c "Protocol is TLSv1.3" \
				5678	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5679	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5680	-c "NamedGroup: x25519 ( 1d )" \
				5681	-c "Verifying peer X.509 certificate... ok" \
				5682	-C "received HelloRetryRequest message"
				5683
				5684	requires_gnutls_tls1_3
				5685	requires_gnutls_next_no_ticket
				5686	requires_gnutls_next_disable_tls13_compat
				5687	requires_config_enabled MBEDTLS_DEBUG_C
				5688	requires_config_enabled MBEDTLS_SSL_CLI_C
				5689	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5690	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5691	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5692	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5693	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
				5694	0 \
				5695	-c "HTTP/1.0 200 OK" \
				5696	-c "Protocol is TLSv1.3" \
				5697	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5698	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5699	-c "NamedGroup: x448 ( 1e )" \
				5700	-c "Verifying peer X.509 certificate... ok" \
				5701	-C "received HelloRetryRequest message"
				5702
				5703	requires_gnutls_tls1_3
				5704	requires_gnutls_next_no_ticket
				5705	requires_gnutls_next_disable_tls13_compat
				5706	requires_config_enabled MBEDTLS_DEBUG_C
				5707	requires_config_enabled MBEDTLS_SSL_CLI_C
				5708	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5709	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5710	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5711	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5712	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				5713	0 \
				5714	-c "HTTP/1.0 200 OK" \
				5715	-c "Protocol is TLSv1.3" \
				5716	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5717	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5718	-c "NamedGroup: x448 ( 1e )" \
				5719	-c "Verifying peer X.509 certificate... ok" \
				5720	-C "received HelloRetryRequest message"
				5721
				5722	requires_gnutls_tls1_3
				5723	requires_gnutls_next_no_ticket
				5724	requires_gnutls_next_disable_tls13_compat
				5725	requires_config_enabled MBEDTLS_DEBUG_C
				5726	requires_config_enabled MBEDTLS_SSL_CLI_C
				5727	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5728	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5729	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5730	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5731	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				5732	0 \
				5733	-c "HTTP/1.0 200 OK" \
				5734	-c "Protocol is TLSv1.3" \
				5735	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5736	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5737	-c "NamedGroup: x448 ( 1e )" \
				5738	-c "Verifying peer X.509 certificate... ok" \
				5739	-C "received HelloRetryRequest message"
				5740
				5741	requires_gnutls_tls1_3
				5742	requires_gnutls_next_no_ticket
				5743	requires_gnutls_next_disable_tls13_compat
				5744	requires_config_enabled MBEDTLS_DEBUG_C
				5745	requires_config_enabled MBEDTLS_SSL_CLI_C
				5746	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5747	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5748	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5749	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5750	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5751	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
				5752	0 \
				5753	-c "HTTP/1.0 200 OK" \
				5754	-c "Protocol is TLSv1.3" \
				5755	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5756	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5757	-c "NamedGroup: x448 ( 1e )" \
				5758	-c "Verifying peer X.509 certificate... ok" \
				5759	-C "received HelloRetryRequest message"
				5760
				5761	requires_gnutls_tls1_3
				5762	requires_gnutls_next_no_ticket
				5763	requires_gnutls_next_disable_tls13_compat
				5764	requires_config_enabled MBEDTLS_DEBUG_C
				5765	requires_config_enabled MBEDTLS_SSL_CLI_C
				5766	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5767	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5768	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5769	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5770	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
				5771	0 \
				5772	-c "HTTP/1.0 200 OK" \
				5773	-c "Protocol is TLSv1.3" \
				5774	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5775	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5776	-c "NamedGroup: secp256r1 ( 17 )" \
				5777	-c "Verifying peer X.509 certificate... ok" \
				5778	-C "received HelloRetryRequest message"
				5779
				5780	requires_gnutls_tls1_3
				5781	requires_gnutls_next_no_ticket
				5782	requires_gnutls_next_disable_tls13_compat
				5783	requires_config_enabled MBEDTLS_DEBUG_C
				5784	requires_config_enabled MBEDTLS_SSL_CLI_C
				5785	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5786	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5787	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5788	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5789	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
				5790	0 \
				5791	-c "HTTP/1.0 200 OK" \
				5792	-c "Protocol is TLSv1.3" \
				5793	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5794	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5795	-c "NamedGroup: secp256r1 ( 17 )" \
				5796	-c "Verifying peer X.509 certificate... ok" \
				5797	-C "received HelloRetryRequest message"
				5798
				5799	requires_gnutls_tls1_3
				5800	requires_gnutls_next_no_ticket
				5801	requires_gnutls_next_disable_tls13_compat
				5802	requires_config_enabled MBEDTLS_DEBUG_C
				5803	requires_config_enabled MBEDTLS_SSL_CLI_C
				5804	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5805	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5806	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5807	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5808	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
				5809	0 \
				5810	-c "HTTP/1.0 200 OK" \
				5811	-c "Protocol is TLSv1.3" \
				5812	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5813	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5814	-c "NamedGroup: secp256r1 ( 17 )" \
				5815	-c "Verifying peer X.509 certificate... ok" \
				5816	-C "received HelloRetryRequest message"
				5817
				5818	requires_gnutls_tls1_3
				5819	requires_gnutls_next_no_ticket
				5820	requires_gnutls_next_disable_tls13_compat
				5821	requires_config_enabled MBEDTLS_DEBUG_C
				5822	requires_config_enabled MBEDTLS_SSL_CLI_C
				5823	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5824	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5825	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5826	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5827	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5828	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
				5829	0 \
				5830	-c "HTTP/1.0 200 OK" \
				5831	-c "Protocol is TLSv1.3" \
				5832	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5833	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5834	-c "NamedGroup: secp256r1 ( 17 )" \
				5835	-c "Verifying peer X.509 certificate... ok" \
				5836	-C "received HelloRetryRequest message"
				5837
				5838	requires_gnutls_tls1_3
				5839	requires_gnutls_next_no_ticket
				5840	requires_gnutls_next_disable_tls13_compat
				5841	requires_config_enabled MBEDTLS_DEBUG_C
				5842	requires_config_enabled MBEDTLS_SSL_CLI_C
				5843	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5844	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5845	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5846	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5847	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
				5848	0 \
				5849	-c "HTTP/1.0 200 OK" \
				5850	-c "Protocol is TLSv1.3" \
				5851	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5852	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5853	-c "NamedGroup: secp384r1 ( 18 )" \
				5854	-c "Verifying peer X.509 certificate... ok" \
				5855	-C "received HelloRetryRequest message"
				5856
				5857	requires_gnutls_tls1_3
				5858	requires_gnutls_next_no_ticket
				5859	requires_gnutls_next_disable_tls13_compat
				5860	requires_config_enabled MBEDTLS_DEBUG_C
				5861	requires_config_enabled MBEDTLS_SSL_CLI_C
				5862	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5863	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5864	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5865	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5866	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				5867	0 \
				5868	-c "HTTP/1.0 200 OK" \
				5869	-c "Protocol is TLSv1.3" \
				5870	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5871	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5872	-c "NamedGroup: secp384r1 ( 18 )" \
				5873	-c "Verifying peer X.509 certificate... ok" \
				5874	-C "received HelloRetryRequest message"
				5875
				5876	requires_gnutls_tls1_3
				5877	requires_gnutls_next_no_ticket
				5878	requires_gnutls_next_disable_tls13_compat
				5879	requires_config_enabled MBEDTLS_DEBUG_C
				5880	requires_config_enabled MBEDTLS_SSL_CLI_C
				5881	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5882	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5883	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5884	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5885	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				5886	0 \
				5887	-c "HTTP/1.0 200 OK" \
				5888	-c "Protocol is TLSv1.3" \
				5889	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5890	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5891	-c "NamedGroup: secp384r1 ( 18 )" \
				5892	-c "Verifying peer X.509 certificate... ok" \
				5893	-C "received HelloRetryRequest message"
				5894
				5895	requires_gnutls_tls1_3
				5896	requires_gnutls_next_no_ticket
				5897	requires_gnutls_next_disable_tls13_compat
				5898	requires_config_enabled MBEDTLS_DEBUG_C
				5899	requires_config_enabled MBEDTLS_SSL_CLI_C
				5900	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5901	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5902	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5903	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5904	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5905	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
				5906	0 \
				5907	-c "HTTP/1.0 200 OK" \
				5908	-c "Protocol is TLSv1.3" \
				5909	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5910	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5911	-c "NamedGroup: secp384r1 ( 18 )" \
				5912	-c "Verifying peer X.509 certificate... ok" \
				5913	-C "received HelloRetryRequest message"
				5914
				5915	requires_gnutls_tls1_3
				5916	requires_gnutls_next_no_ticket
				5917	requires_gnutls_next_disable_tls13_compat
				5918	requires_config_enabled MBEDTLS_DEBUG_C
				5919	requires_config_enabled MBEDTLS_SSL_CLI_C
				5920	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5921	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5922	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5923	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5924	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
				5925	0 \
				5926	-c "HTTP/1.0 200 OK" \
				5927	-c "Protocol is TLSv1.3" \
				5928	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5929	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5930	-c "NamedGroup: secp521r1 ( 19 )" \
				5931	-c "Verifying peer X.509 certificate... ok" \
				5932	-C "received HelloRetryRequest message"
				5933
				5934	requires_gnutls_tls1_3
				5935	requires_gnutls_next_no_ticket
				5936	requires_gnutls_next_disable_tls13_compat
				5937	requires_config_enabled MBEDTLS_DEBUG_C
				5938	requires_config_enabled MBEDTLS_SSL_CLI_C
				5939	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5940	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5941	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5942	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5943	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				5944	0 \
				5945	-c "HTTP/1.0 200 OK" \
				5946	-c "Protocol is TLSv1.3" \
				5947	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5948	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5949	-c "NamedGroup: secp521r1 ( 19 )" \
				5950	-c "Verifying peer X.509 certificate... ok" \
				5951	-C "received HelloRetryRequest message"
				5952
				5953	requires_gnutls_tls1_3
				5954	requires_gnutls_next_no_ticket
				5955	requires_gnutls_next_disable_tls13_compat
				5956	requires_config_enabled MBEDTLS_DEBUG_C
				5957	requires_config_enabled MBEDTLS_SSL_CLI_C
				5958	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5959	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5960	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5961	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5962	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				5963	0 \
				5964	-c "HTTP/1.0 200 OK" \
				5965	-c "Protocol is TLSv1.3" \
				5966	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5967	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5968	-c "NamedGroup: secp521r1 ( 19 )" \
				5969	-c "Verifying peer X.509 certificate... ok" \
				5970	-C "received HelloRetryRequest message"
				5971
				5972	requires_gnutls_tls1_3
				5973	requires_gnutls_next_no_ticket
				5974	requires_gnutls_next_disable_tls13_compat
				5975	requires_config_enabled MBEDTLS_DEBUG_C
				5976	requires_config_enabled MBEDTLS_SSL_CLI_C
				5977	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5978	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5979	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				5980	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	5981	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5982	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
				5983	0 \
				5984	-c "HTTP/1.0 200 OK" \
				5985	-c "Protocol is TLSv1.3" \
				5986	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5987	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5988	-c "NamedGroup: secp521r1 ( 19 )" \
				5989	-c "Verifying peer X.509 certificate... ok" \
				5990	-C "received HelloRetryRequest message"
				5991
				5992	requires_gnutls_tls1_3
				5993	requires_gnutls_next_no_ticket
				5994	requires_gnutls_next_disable_tls13_compat
				5995	requires_config_enabled MBEDTLS_DEBUG_C
				5996	requires_config_enabled MBEDTLS_SSL_CLI_C
				5997	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				5998	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5999	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6000	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6001	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
				6002	0 \
				6003	-c "HTTP/1.0 200 OK" \
				6004	-c "Protocol is TLSv1.3" \
				6005	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6006	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6007	-c "NamedGroup: x25519 ( 1d )" \
				6008	-c "Verifying peer X.509 certificate... ok" \
				6009	-C "received HelloRetryRequest message"
				6010
				6011	requires_gnutls_tls1_3
				6012	requires_gnutls_next_no_ticket
				6013	requires_gnutls_next_disable_tls13_compat
				6014	requires_config_enabled MBEDTLS_DEBUG_C
				6015	requires_config_enabled MBEDTLS_SSL_CLI_C
				6016	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6017	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6018	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6019	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6020	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				6021	0 \
				6022	-c "HTTP/1.0 200 OK" \
				6023	-c "Protocol is TLSv1.3" \
				6024	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6025	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6026	-c "NamedGroup: x25519 ( 1d )" \
				6027	-c "Verifying peer X.509 certificate... ok" \
				6028	-C "received HelloRetryRequest message"
				6029
				6030	requires_gnutls_tls1_3
				6031	requires_gnutls_next_no_ticket
				6032	requires_gnutls_next_disable_tls13_compat
				6033	requires_config_enabled MBEDTLS_DEBUG_C
				6034	requires_config_enabled MBEDTLS_SSL_CLI_C
				6035	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6036	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6037	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6038	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6039	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				6040	0 \
				6041	-c "HTTP/1.0 200 OK" \
				6042	-c "Protocol is TLSv1.3" \
				6043	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6044	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6045	-c "NamedGroup: x25519 ( 1d )" \
				6046	-c "Verifying peer X.509 certificate... ok" \
				6047	-C "received HelloRetryRequest message"
				6048
				6049	requires_gnutls_tls1_3
				6050	requires_gnutls_next_no_ticket
				6051	requires_gnutls_next_disable_tls13_compat
				6052	requires_config_enabled MBEDTLS_DEBUG_C
				6053	requires_config_enabled MBEDTLS_SSL_CLI_C
				6054	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6055	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6056	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6057	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6058	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6059	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
				6060	0 \
				6061	-c "HTTP/1.0 200 OK" \
				6062	-c "Protocol is TLSv1.3" \
				6063	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6064	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6065	-c "NamedGroup: x25519 ( 1d )" \
				6066	-c "Verifying peer X.509 certificate... ok" \
				6067	-C "received HelloRetryRequest message"
				6068
				6069	requires_gnutls_tls1_3
				6070	requires_gnutls_next_no_ticket
				6071	requires_gnutls_next_disable_tls13_compat
				6072	requires_config_enabled MBEDTLS_DEBUG_C
				6073	requires_config_enabled MBEDTLS_SSL_CLI_C
				6074	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6075	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6076	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6077	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6078	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
				6079	0 \
				6080	-c "HTTP/1.0 200 OK" \
				6081	-c "Protocol is TLSv1.3" \
				6082	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6083	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6084	-c "NamedGroup: x448 ( 1e )" \
				6085	-c "Verifying peer X.509 certificate... ok" \
				6086	-C "received HelloRetryRequest message"
				6087
				6088	requires_gnutls_tls1_3
				6089	requires_gnutls_next_no_ticket
				6090	requires_gnutls_next_disable_tls13_compat
				6091	requires_config_enabled MBEDTLS_DEBUG_C
				6092	requires_config_enabled MBEDTLS_SSL_CLI_C
				6093	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6094	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6095	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6096	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6097	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				6098	0 \
				6099	-c "HTTP/1.0 200 OK" \
				6100	-c "Protocol is TLSv1.3" \
				6101	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6102	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6103	-c "NamedGroup: x448 ( 1e )" \
				6104	-c "Verifying peer X.509 certificate... ok" \
				6105	-C "received HelloRetryRequest message"
				6106
				6107	requires_gnutls_tls1_3
				6108	requires_gnutls_next_no_ticket
				6109	requires_gnutls_next_disable_tls13_compat
				6110	requires_config_enabled MBEDTLS_DEBUG_C
				6111	requires_config_enabled MBEDTLS_SSL_CLI_C
				6112	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6113	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6114	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6115	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6116	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				6117	0 \
				6118	-c "HTTP/1.0 200 OK" \
				6119	-c "Protocol is TLSv1.3" \
				6120	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6121	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6122	-c "NamedGroup: x448 ( 1e )" \
				6123	-c "Verifying peer X.509 certificate... ok" \
				6124	-C "received HelloRetryRequest message"
				6125
				6126	requires_gnutls_tls1_3
				6127	requires_gnutls_next_no_ticket
				6128	requires_gnutls_next_disable_tls13_compat
				6129	requires_config_enabled MBEDTLS_DEBUG_C
				6130	requires_config_enabled MBEDTLS_SSL_CLI_C
				6131	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6132	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6133	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6134	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6135	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6136	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
				6137	0 \
				6138	-c "HTTP/1.0 200 OK" \
				6139	-c "Protocol is TLSv1.3" \
				6140	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6141	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6142	-c "NamedGroup: x448 ( 1e )" \
				6143	-c "Verifying peer X.509 certificate... ok" \
				6144	-C "received HelloRetryRequest message"
				6145
				6146	requires_gnutls_tls1_3
				6147	requires_gnutls_next_no_ticket
				6148	requires_gnutls_next_disable_tls13_compat
				6149	requires_config_enabled MBEDTLS_DEBUG_C
				6150	requires_config_enabled MBEDTLS_SSL_CLI_C
				6151	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6152	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6153	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6154	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6155	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
				6156	0 \
				6157	-c "HTTP/1.0 200 OK" \
				6158	-c "Protocol is TLSv1.3" \
				6159	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6160	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6161	-c "NamedGroup: secp256r1 ( 17 )" \
				6162	-c "Verifying peer X.509 certificate... ok" \
				6163	-C "received HelloRetryRequest message"
				6164
				6165	requires_gnutls_tls1_3
				6166	requires_gnutls_next_no_ticket
				6167	requires_gnutls_next_disable_tls13_compat
				6168	requires_config_enabled MBEDTLS_DEBUG_C
				6169	requires_config_enabled MBEDTLS_SSL_CLI_C
				6170	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6171	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6172	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6173	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6174	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
				6175	0 \
				6176	-c "HTTP/1.0 200 OK" \
				6177	-c "Protocol is TLSv1.3" \
				6178	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6179	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6180	-c "NamedGroup: secp256r1 ( 17 )" \
				6181	-c "Verifying peer X.509 certificate... ok" \
				6182	-C "received HelloRetryRequest message"
				6183
				6184	requires_gnutls_tls1_3
				6185	requires_gnutls_next_no_ticket
				6186	requires_gnutls_next_disable_tls13_compat
				6187	requires_config_enabled MBEDTLS_DEBUG_C
				6188	requires_config_enabled MBEDTLS_SSL_CLI_C
				6189	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6190	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6191	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6192	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6193	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
				6194	0 \
				6195	-c "HTTP/1.0 200 OK" \
				6196	-c "Protocol is TLSv1.3" \
				6197	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6198	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6199	-c "NamedGroup: secp256r1 ( 17 )" \
				6200	-c "Verifying peer X.509 certificate... ok" \
				6201	-C "received HelloRetryRequest message"
				6202
				6203	requires_gnutls_tls1_3
				6204	requires_gnutls_next_no_ticket
				6205	requires_gnutls_next_disable_tls13_compat
				6206	requires_config_enabled MBEDTLS_DEBUG_C
				6207	requires_config_enabled MBEDTLS_SSL_CLI_C
				6208	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6209	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6210	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6211	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6212	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6213	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
				6214	0 \
				6215	-c "HTTP/1.0 200 OK" \
				6216	-c "Protocol is TLSv1.3" \
				6217	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6218	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6219	-c "NamedGroup: secp256r1 ( 17 )" \
				6220	-c "Verifying peer X.509 certificate... ok" \
				6221	-C "received HelloRetryRequest message"
				6222
				6223	requires_gnutls_tls1_3
				6224	requires_gnutls_next_no_ticket
				6225	requires_gnutls_next_disable_tls13_compat
				6226	requires_config_enabled MBEDTLS_DEBUG_C
				6227	requires_config_enabled MBEDTLS_SSL_CLI_C
				6228	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6229	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6230	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6231	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6232	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
				6233	0 \
				6234	-c "HTTP/1.0 200 OK" \
				6235	-c "Protocol is TLSv1.3" \
				6236	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6237	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6238	-c "NamedGroup: secp384r1 ( 18 )" \
				6239	-c "Verifying peer X.509 certificate... ok" \
				6240	-C "received HelloRetryRequest message"
				6241
				6242	requires_gnutls_tls1_3
				6243	requires_gnutls_next_no_ticket
				6244	requires_gnutls_next_disable_tls13_compat
				6245	requires_config_enabled MBEDTLS_DEBUG_C
				6246	requires_config_enabled MBEDTLS_SSL_CLI_C
				6247	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6248	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6249	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6250	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6251	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				6252	0 \
				6253	-c "HTTP/1.0 200 OK" \
				6254	-c "Protocol is TLSv1.3" \
				6255	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6256	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6257	-c "NamedGroup: secp384r1 ( 18 )" \
				6258	-c "Verifying peer X.509 certificate... ok" \
				6259	-C "received HelloRetryRequest message"
				6260
				6261	requires_gnutls_tls1_3
				6262	requires_gnutls_next_no_ticket
				6263	requires_gnutls_next_disable_tls13_compat
				6264	requires_config_enabled MBEDTLS_DEBUG_C
				6265	requires_config_enabled MBEDTLS_SSL_CLI_C
				6266	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6267	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6268	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6269	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6270	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				6271	0 \
				6272	-c "HTTP/1.0 200 OK" \
				6273	-c "Protocol is TLSv1.3" \
				6274	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6275	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6276	-c "NamedGroup: secp384r1 ( 18 )" \
				6277	-c "Verifying peer X.509 certificate... ok" \
				6278	-C "received HelloRetryRequest message"
				6279
				6280	requires_gnutls_tls1_3
				6281	requires_gnutls_next_no_ticket
				6282	requires_gnutls_next_disable_tls13_compat
				6283	requires_config_enabled MBEDTLS_DEBUG_C
				6284	requires_config_enabled MBEDTLS_SSL_CLI_C
				6285	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6286	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6287	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6288	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6289	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6290	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
				6291	0 \
				6292	-c "HTTP/1.0 200 OK" \
				6293	-c "Protocol is TLSv1.3" \
				6294	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6295	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6296	-c "NamedGroup: secp384r1 ( 18 )" \
				6297	-c "Verifying peer X.509 certificate... ok" \
				6298	-C "received HelloRetryRequest message"
				6299
				6300	requires_gnutls_tls1_3
				6301	requires_gnutls_next_no_ticket
				6302	requires_gnutls_next_disable_tls13_compat
				6303	requires_config_enabled MBEDTLS_DEBUG_C
				6304	requires_config_enabled MBEDTLS_SSL_CLI_C
				6305	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6306	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6307	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6308	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6309	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
				6310	0 \
				6311	-c "HTTP/1.0 200 OK" \
				6312	-c "Protocol is TLSv1.3" \
				6313	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6314	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6315	-c "NamedGroup: secp521r1 ( 19 )" \
				6316	-c "Verifying peer X.509 certificate... ok" \
				6317	-C "received HelloRetryRequest message"
				6318
				6319	requires_gnutls_tls1_3
				6320	requires_gnutls_next_no_ticket
				6321	requires_gnutls_next_disable_tls13_compat
				6322	requires_config_enabled MBEDTLS_DEBUG_C
				6323	requires_config_enabled MBEDTLS_SSL_CLI_C
				6324	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6325	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6326	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6327	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6328	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				6329	0 \
				6330	-c "HTTP/1.0 200 OK" \
				6331	-c "Protocol is TLSv1.3" \
				6332	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6333	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6334	-c "NamedGroup: secp521r1 ( 19 )" \
				6335	-c "Verifying peer X.509 certificate... ok" \
				6336	-C "received HelloRetryRequest message"
				6337
				6338	requires_gnutls_tls1_3
				6339	requires_gnutls_next_no_ticket
				6340	requires_gnutls_next_disable_tls13_compat
				6341	requires_config_enabled MBEDTLS_DEBUG_C
				6342	requires_config_enabled MBEDTLS_SSL_CLI_C
				6343	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6344	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6345	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6346	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6347	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				6348	0 \
				6349	-c "HTTP/1.0 200 OK" \
				6350	-c "Protocol is TLSv1.3" \
				6351	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6352	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6353	-c "NamedGroup: secp521r1 ( 19 )" \
				6354	-c "Verifying peer X.509 certificate... ok" \
				6355	-C "received HelloRetryRequest message"
				6356
				6357	requires_gnutls_tls1_3
				6358	requires_gnutls_next_no_ticket
				6359	requires_gnutls_next_disable_tls13_compat
				6360	requires_config_enabled MBEDTLS_DEBUG_C
				6361	requires_config_enabled MBEDTLS_SSL_CLI_C
				6362	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6363	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6364	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6365	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6366	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6367	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
				6368	0 \
				6369	-c "HTTP/1.0 200 OK" \
				6370	-c "Protocol is TLSv1.3" \
				6371	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6372	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6373	-c "NamedGroup: secp521r1 ( 19 )" \
				6374	-c "Verifying peer X.509 certificate... ok" \
				6375	-C "received HelloRetryRequest message"
				6376
				6377	requires_gnutls_tls1_3
				6378	requires_gnutls_next_no_ticket
				6379	requires_gnutls_next_disable_tls13_compat
				6380	requires_config_enabled MBEDTLS_DEBUG_C
				6381	requires_config_enabled MBEDTLS_SSL_CLI_C
				6382	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6383	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6384	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6385	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6386	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
				6387	0 \
				6388	-c "HTTP/1.0 200 OK" \
				6389	-c "Protocol is TLSv1.3" \
				6390	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6391	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6392	-c "NamedGroup: x25519 ( 1d )" \
				6393	-c "Verifying peer X.509 certificate... ok" \
				6394	-C "received HelloRetryRequest message"
				6395
				6396	requires_gnutls_tls1_3
				6397	requires_gnutls_next_no_ticket
				6398	requires_gnutls_next_disable_tls13_compat
				6399	requires_config_enabled MBEDTLS_DEBUG_C
				6400	requires_config_enabled MBEDTLS_SSL_CLI_C
				6401	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6402	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6403	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6404	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6405	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				6406	0 \
				6407	-c "HTTP/1.0 200 OK" \
				6408	-c "Protocol is TLSv1.3" \
				6409	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6410	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6411	-c "NamedGroup: x25519 ( 1d )" \
				6412	-c "Verifying peer X.509 certificate... ok" \
				6413	-C "received HelloRetryRequest message"
				6414
				6415	requires_gnutls_tls1_3
				6416	requires_gnutls_next_no_ticket
				6417	requires_gnutls_next_disable_tls13_compat
				6418	requires_config_enabled MBEDTLS_DEBUG_C
				6419	requires_config_enabled MBEDTLS_SSL_CLI_C
				6420	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6421	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6422	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6423	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6424	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				6425	0 \
				6426	-c "HTTP/1.0 200 OK" \
				6427	-c "Protocol is TLSv1.3" \
				6428	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6429	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6430	-c "NamedGroup: x25519 ( 1d )" \
				6431	-c "Verifying peer X.509 certificate... ok" \
				6432	-C "received HelloRetryRequest message"
				6433
				6434	requires_gnutls_tls1_3
				6435	requires_gnutls_next_no_ticket
				6436	requires_gnutls_next_disable_tls13_compat
				6437	requires_config_enabled MBEDTLS_DEBUG_C
				6438	requires_config_enabled MBEDTLS_SSL_CLI_C
				6439	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6440	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6441	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6442	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6443	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6444	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
				6445	0 \
				6446	-c "HTTP/1.0 200 OK" \
				6447	-c "Protocol is TLSv1.3" \
				6448	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6449	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6450	-c "NamedGroup: x25519 ( 1d )" \
				6451	-c "Verifying peer X.509 certificate... ok" \
				6452	-C "received HelloRetryRequest message"
				6453
				6454	requires_gnutls_tls1_3
				6455	requires_gnutls_next_no_ticket
				6456	requires_gnutls_next_disable_tls13_compat
				6457	requires_config_enabled MBEDTLS_DEBUG_C
				6458	requires_config_enabled MBEDTLS_SSL_CLI_C
				6459	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6460	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6461	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6462	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6463	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
				6464	0 \
				6465	-c "HTTP/1.0 200 OK" \
				6466	-c "Protocol is TLSv1.3" \
				6467	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6468	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6469	-c "NamedGroup: x448 ( 1e )" \
				6470	-c "Verifying peer X.509 certificate... ok" \
				6471	-C "received HelloRetryRequest message"
				6472
				6473	requires_gnutls_tls1_3
				6474	requires_gnutls_next_no_ticket
				6475	requires_gnutls_next_disable_tls13_compat
				6476	requires_config_enabled MBEDTLS_DEBUG_C
				6477	requires_config_enabled MBEDTLS_SSL_CLI_C
				6478	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6479	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6480	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6481	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6482	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				6483	0 \
				6484	-c "HTTP/1.0 200 OK" \
				6485	-c "Protocol is TLSv1.3" \
				6486	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6487	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6488	-c "NamedGroup: x448 ( 1e )" \
				6489	-c "Verifying peer X.509 certificate... ok" \
				6490	-C "received HelloRetryRequest message"
				6491
				6492	requires_gnutls_tls1_3
				6493	requires_gnutls_next_no_ticket
				6494	requires_gnutls_next_disable_tls13_compat
				6495	requires_config_enabled MBEDTLS_DEBUG_C
				6496	requires_config_enabled MBEDTLS_SSL_CLI_C
				6497	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6498	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6499	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6500	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6501	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				6502	0 \
				6503	-c "HTTP/1.0 200 OK" \
				6504	-c "Protocol is TLSv1.3" \
				6505	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6506	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6507	-c "NamedGroup: x448 ( 1e )" \
				6508	-c "Verifying peer X.509 certificate... ok" \
				6509	-C "received HelloRetryRequest message"
				6510
				6511	requires_gnutls_tls1_3
				6512	requires_gnutls_next_no_ticket
				6513	requires_gnutls_next_disable_tls13_compat
				6514	requires_config_enabled MBEDTLS_DEBUG_C
				6515	requires_config_enabled MBEDTLS_SSL_CLI_C
				6516	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6517	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6518	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6519	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6520	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6521	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
				6522	0 \
				6523	-c "HTTP/1.0 200 OK" \
				6524	-c "Protocol is TLSv1.3" \
				6525	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6526	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6527	-c "NamedGroup: x448 ( 1e )" \
				6528	-c "Verifying peer X.509 certificate... ok" \
				6529	-C "received HelloRetryRequest message"
				6530
				6531	requires_gnutls_tls1_3
				6532	requires_gnutls_next_no_ticket
				6533	requires_gnutls_next_disable_tls13_compat
				6534	requires_config_enabled MBEDTLS_DEBUG_C
				6535	requires_config_enabled MBEDTLS_SSL_CLI_C
				6536	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6537	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6538	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6539	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6540	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
				6541	0 \
				6542	-c "HTTP/1.0 200 OK" \
				6543	-c "Protocol is TLSv1.3" \
				6544	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6545	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6546	-c "NamedGroup: secp256r1 ( 17 )" \
				6547	-c "Verifying peer X.509 certificate... ok" \
				6548	-C "received HelloRetryRequest message"
				6549
				6550	requires_gnutls_tls1_3
				6551	requires_gnutls_next_no_ticket
				6552	requires_gnutls_next_disable_tls13_compat
				6553	requires_config_enabled MBEDTLS_DEBUG_C
				6554	requires_config_enabled MBEDTLS_SSL_CLI_C
				6555	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6556	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6557	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6558	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6559	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
				6560	0 \
				6561	-c "HTTP/1.0 200 OK" \
				6562	-c "Protocol is TLSv1.3" \
				6563	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6564	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6565	-c "NamedGroup: secp256r1 ( 17 )" \
				6566	-c "Verifying peer X.509 certificate... ok" \
				6567	-C "received HelloRetryRequest message"
				6568
				6569	requires_gnutls_tls1_3
				6570	requires_gnutls_next_no_ticket
				6571	requires_gnutls_next_disable_tls13_compat
				6572	requires_config_enabled MBEDTLS_DEBUG_C
				6573	requires_config_enabled MBEDTLS_SSL_CLI_C
				6574	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6575	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6576	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6577	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6578	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
				6579	0 \
				6580	-c "HTTP/1.0 200 OK" \
				6581	-c "Protocol is TLSv1.3" \
				6582	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6583	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6584	-c "NamedGroup: secp256r1 ( 17 )" \
				6585	-c "Verifying peer X.509 certificate... ok" \
				6586	-C "received HelloRetryRequest message"
				6587
				6588	requires_gnutls_tls1_3
				6589	requires_gnutls_next_no_ticket
				6590	requires_gnutls_next_disable_tls13_compat
				6591	requires_config_enabled MBEDTLS_DEBUG_C
				6592	requires_config_enabled MBEDTLS_SSL_CLI_C
				6593	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6594	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6595	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6596	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6597	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6598	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
				6599	0 \
				6600	-c "HTTP/1.0 200 OK" \
				6601	-c "Protocol is TLSv1.3" \
				6602	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6603	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6604	-c "NamedGroup: secp256r1 ( 17 )" \
				6605	-c "Verifying peer X.509 certificate... ok" \
				6606	-C "received HelloRetryRequest message"
				6607
				6608	requires_gnutls_tls1_3
				6609	requires_gnutls_next_no_ticket
				6610	requires_gnutls_next_disable_tls13_compat
				6611	requires_config_enabled MBEDTLS_DEBUG_C
				6612	requires_config_enabled MBEDTLS_SSL_CLI_C
				6613	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6614	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6615	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6616	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6617	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
				6618	0 \
				6619	-c "HTTP/1.0 200 OK" \
				6620	-c "Protocol is TLSv1.3" \
				6621	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6622	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6623	-c "NamedGroup: secp384r1 ( 18 )" \
				6624	-c "Verifying peer X.509 certificate... ok" \
				6625	-C "received HelloRetryRequest message"
				6626
				6627	requires_gnutls_tls1_3
				6628	requires_gnutls_next_no_ticket
				6629	requires_gnutls_next_disable_tls13_compat
				6630	requires_config_enabled MBEDTLS_DEBUG_C
				6631	requires_config_enabled MBEDTLS_SSL_CLI_C
				6632	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6633	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6634	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6635	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6636	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				6637	0 \
				6638	-c "HTTP/1.0 200 OK" \
				6639	-c "Protocol is TLSv1.3" \
				6640	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6641	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6642	-c "NamedGroup: secp384r1 ( 18 )" \
				6643	-c "Verifying peer X.509 certificate... ok" \
				6644	-C "received HelloRetryRequest message"
				6645
				6646	requires_gnutls_tls1_3
				6647	requires_gnutls_next_no_ticket
				6648	requires_gnutls_next_disable_tls13_compat
				6649	requires_config_enabled MBEDTLS_DEBUG_C
				6650	requires_config_enabled MBEDTLS_SSL_CLI_C
				6651	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6652	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6653	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6654	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6655	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				6656	0 \
				6657	-c "HTTP/1.0 200 OK" \
				6658	-c "Protocol is TLSv1.3" \
				6659	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6660	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6661	-c "NamedGroup: secp384r1 ( 18 )" \
				6662	-c "Verifying peer X.509 certificate... ok" \
				6663	-C "received HelloRetryRequest message"
				6664
				6665	requires_gnutls_tls1_3
				6666	requires_gnutls_next_no_ticket
				6667	requires_gnutls_next_disable_tls13_compat
				6668	requires_config_enabled MBEDTLS_DEBUG_C
				6669	requires_config_enabled MBEDTLS_SSL_CLI_C
				6670	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6671	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6672	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6673	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6674	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6675	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
				6676	0 \
				6677	-c "HTTP/1.0 200 OK" \
				6678	-c "Protocol is TLSv1.3" \
				6679	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6680	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6681	-c "NamedGroup: secp384r1 ( 18 )" \
				6682	-c "Verifying peer X.509 certificate... ok" \
				6683	-C "received HelloRetryRequest message"
				6684
				6685	requires_gnutls_tls1_3
				6686	requires_gnutls_next_no_ticket
				6687	requires_gnutls_next_disable_tls13_compat
				6688	requires_config_enabled MBEDTLS_DEBUG_C
				6689	requires_config_enabled MBEDTLS_SSL_CLI_C
				6690	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6691	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6692	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6693	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6694	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
				6695	0 \
				6696	-c "HTTP/1.0 200 OK" \
				6697	-c "Protocol is TLSv1.3" \
				6698	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6699	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6700	-c "NamedGroup: secp521r1 ( 19 )" \
				6701	-c "Verifying peer X.509 certificate... ok" \
				6702	-C "received HelloRetryRequest message"
				6703
				6704	requires_gnutls_tls1_3
				6705	requires_gnutls_next_no_ticket
				6706	requires_gnutls_next_disable_tls13_compat
				6707	requires_config_enabled MBEDTLS_DEBUG_C
				6708	requires_config_enabled MBEDTLS_SSL_CLI_C
				6709	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6710	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6711	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6712	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6713	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				6714	0 \
				6715	-c "HTTP/1.0 200 OK" \
				6716	-c "Protocol is TLSv1.3" \
				6717	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6718	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6719	-c "NamedGroup: secp521r1 ( 19 )" \
				6720	-c "Verifying peer X.509 certificate... ok" \
				6721	-C "received HelloRetryRequest message"
				6722
				6723	requires_gnutls_tls1_3
				6724	requires_gnutls_next_no_ticket
				6725	requires_gnutls_next_disable_tls13_compat
				6726	requires_config_enabled MBEDTLS_DEBUG_C
				6727	requires_config_enabled MBEDTLS_SSL_CLI_C
				6728	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6729	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6730	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6731	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6732	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				6733	0 \
				6734	-c "HTTP/1.0 200 OK" \
				6735	-c "Protocol is TLSv1.3" \
				6736	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6737	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6738	-c "NamedGroup: secp521r1 ( 19 )" \
				6739	-c "Verifying peer X.509 certificate... ok" \
				6740	-C "received HelloRetryRequest message"
				6741
				6742	requires_gnutls_tls1_3
				6743	requires_gnutls_next_no_ticket
				6744	requires_gnutls_next_disable_tls13_compat
				6745	requires_config_enabled MBEDTLS_DEBUG_C
				6746	requires_config_enabled MBEDTLS_SSL_CLI_C
				6747	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6748	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6749	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6750	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6751	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6752	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
				6753	0 \
				6754	-c "HTTP/1.0 200 OK" \
				6755	-c "Protocol is TLSv1.3" \
				6756	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6757	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6758	-c "NamedGroup: secp521r1 ( 19 )" \
				6759	-c "Verifying peer X.509 certificate... ok" \
				6760	-C "received HelloRetryRequest message"
				6761
				6762	requires_gnutls_tls1_3
				6763	requires_gnutls_next_no_ticket
				6764	requires_gnutls_next_disable_tls13_compat
				6765	requires_config_enabled MBEDTLS_DEBUG_C
				6766	requires_config_enabled MBEDTLS_SSL_CLI_C
				6767	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6768	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6769	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6770	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6771	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
				6772	0 \
				6773	-c "HTTP/1.0 200 OK" \
				6774	-c "Protocol is TLSv1.3" \
				6775	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6776	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6777	-c "NamedGroup: x25519 ( 1d )" \
				6778	-c "Verifying peer X.509 certificate... ok" \
				6779	-C "received HelloRetryRequest message"
				6780
				6781	requires_gnutls_tls1_3
				6782	requires_gnutls_next_no_ticket
				6783	requires_gnutls_next_disable_tls13_compat
				6784	requires_config_enabled MBEDTLS_DEBUG_C
				6785	requires_config_enabled MBEDTLS_SSL_CLI_C
				6786	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6787	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6788	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6789	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6790	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				6791	0 \
				6792	-c "HTTP/1.0 200 OK" \
				6793	-c "Protocol is TLSv1.3" \
				6794	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6795	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6796	-c "NamedGroup: x25519 ( 1d )" \
				6797	-c "Verifying peer X.509 certificate... ok" \
				6798	-C "received HelloRetryRequest message"
				6799
				6800	requires_gnutls_tls1_3
				6801	requires_gnutls_next_no_ticket
				6802	requires_gnutls_next_disable_tls13_compat
				6803	requires_config_enabled MBEDTLS_DEBUG_C
				6804	requires_config_enabled MBEDTLS_SSL_CLI_C
				6805	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6806	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6807	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6808	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6809	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				6810	0 \
				6811	-c "HTTP/1.0 200 OK" \
				6812	-c "Protocol is TLSv1.3" \
				6813	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6814	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6815	-c "NamedGroup: x25519 ( 1d )" \
				6816	-c "Verifying peer X.509 certificate... ok" \
				6817	-C "received HelloRetryRequest message"
				6818
				6819	requires_gnutls_tls1_3
				6820	requires_gnutls_next_no_ticket
				6821	requires_gnutls_next_disable_tls13_compat
				6822	requires_config_enabled MBEDTLS_DEBUG_C
				6823	requires_config_enabled MBEDTLS_SSL_CLI_C
				6824	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6825	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6826	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6827	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6828	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6829	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
				6830	0 \
				6831	-c "HTTP/1.0 200 OK" \
				6832	-c "Protocol is TLSv1.3" \
				6833	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6834	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6835	-c "NamedGroup: x25519 ( 1d )" \
				6836	-c "Verifying peer X.509 certificate... ok" \
				6837	-C "received HelloRetryRequest message"
				6838
				6839	requires_gnutls_tls1_3
				6840	requires_gnutls_next_no_ticket
				6841	requires_gnutls_next_disable_tls13_compat
				6842	requires_config_enabled MBEDTLS_DEBUG_C
				6843	requires_config_enabled MBEDTLS_SSL_CLI_C
				6844	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6845	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6846	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6847	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6848	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
				6849	0 \
				6850	-c "HTTP/1.0 200 OK" \
				6851	-c "Protocol is TLSv1.3" \
				6852	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6853	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6854	-c "NamedGroup: x448 ( 1e )" \
				6855	-c "Verifying peer X.509 certificate... ok" \
				6856	-C "received HelloRetryRequest message"
				6857
				6858	requires_gnutls_tls1_3
				6859	requires_gnutls_next_no_ticket
				6860	requires_gnutls_next_disable_tls13_compat
				6861	requires_config_enabled MBEDTLS_DEBUG_C
				6862	requires_config_enabled MBEDTLS_SSL_CLI_C
				6863	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6864	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6865	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6866	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6867	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				6868	0 \
				6869	-c "HTTP/1.0 200 OK" \
				6870	-c "Protocol is TLSv1.3" \
				6871	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6872	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6873	-c "NamedGroup: x448 ( 1e )" \
				6874	-c "Verifying peer X.509 certificate... ok" \
				6875	-C "received HelloRetryRequest message"
				6876
				6877	requires_gnutls_tls1_3
				6878	requires_gnutls_next_no_ticket
				6879	requires_gnutls_next_disable_tls13_compat
				6880	requires_config_enabled MBEDTLS_DEBUG_C
				6881	requires_config_enabled MBEDTLS_SSL_CLI_C
				6882	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6883	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6884	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6885	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6886	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				6887	0 \
				6888	-c "HTTP/1.0 200 OK" \
				6889	-c "Protocol is TLSv1.3" \
				6890	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6891	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6892	-c "NamedGroup: x448 ( 1e )" \
				6893	-c "Verifying peer X.509 certificate... ok" \
				6894	-C "received HelloRetryRequest message"
				6895
				6896	requires_gnutls_tls1_3
				6897	requires_gnutls_next_no_ticket
				6898	requires_gnutls_next_disable_tls13_compat
				6899	requires_config_enabled MBEDTLS_DEBUG_C
				6900	requires_config_enabled MBEDTLS_SSL_CLI_C
				6901	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6902	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6903	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				6904	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6905	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6906	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
				6907	0 \
				6908	-c "HTTP/1.0 200 OK" \
				6909	-c "Protocol is TLSv1.3" \
				6910	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6911	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6912	-c "NamedGroup: x448 ( 1e )" \
				6913	-c "Verifying peer X.509 certificate... ok" \
				6914	-C "received HelloRetryRequest message"
				6915
				6916	requires_gnutls_tls1_3
				6917	requires_gnutls_next_no_ticket
				6918	requires_gnutls_next_disable_tls13_compat
				6919	requires_config_enabled MBEDTLS_DEBUG_C
				6920	requires_config_enabled MBEDTLS_SSL_CLI_C
				6921	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6922	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6923	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6924	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6925	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
				6926	0 \
				6927	-c "HTTP/1.0 200 OK" \
				6928	-c "Protocol is TLSv1.3" \
				6929	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				6930	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6931	-c "NamedGroup: secp256r1 ( 17 )" \
				6932	-c "Verifying peer X.509 certificate... ok" \
				6933	-C "received HelloRetryRequest message"
				6934
				6935	requires_gnutls_tls1_3
				6936	requires_gnutls_next_no_ticket
				6937	requires_gnutls_next_disable_tls13_compat
				6938	requires_config_enabled MBEDTLS_DEBUG_C
				6939	requires_config_enabled MBEDTLS_SSL_CLI_C
				6940	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				6941	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6942	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6943	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6944	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6945	0 \
				6946	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6947	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6948	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				6949	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6950	-c "NamedGroup: secp256r1 ( 17 )" \
				6951	-c "Verifying peer X.509 certificate... ok" \
				6952	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6953
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6954	requires_gnutls_tls1_3
				6955	requires_gnutls_next_no_ticket
				6956	requires_gnutls_next_disable_tls13_compat
				6957	requires_config_enabled MBEDTLS_DEBUG_C
				6958	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	6959	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6960	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6961	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6962	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6963	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6964	0 \
				6965	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6966	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6967	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				6968	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6969	-c "NamedGroup: secp256r1 ( 17 )" \
				6970	-c "Verifying peer X.509 certificate... ok" \
				6971	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6972
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6973	requires_gnutls_tls1_3
				6974	requires_gnutls_next_no_ticket
				6975	requires_gnutls_next_disable_tls13_compat
				6976	requires_config_enabled MBEDTLS_DEBUG_C
				6977	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	6978	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6979	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6980	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6981	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	6982	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6983	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6984	0 \
				6985	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6986	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6987	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				6988	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6989	-c "NamedGroup: secp256r1 ( 17 )" \
				6990	-c "Verifying peer X.509 certificate... ok" \
				6991	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6992
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6993	requires_gnutls_tls1_3
				6994	requires_gnutls_next_no_ticket
				6995	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6996	requires_config_enabled MBEDTLS_DEBUG_C
				6997	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	6998	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6999	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7000	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7001	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7002	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7003	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7004	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7005	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7006	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7007	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7008	-c "NamedGroup: secp384r1 ( 18 )" \
				7009	-c "Verifying peer X.509 certificate... ok" \
				7010	-C "received HelloRetryRequest message"
				7011
				7012	requires_gnutls_tls1_3
				7013	requires_gnutls_next_no_ticket
				7014	requires_gnutls_next_disable_tls13_compat
				7015	requires_config_enabled MBEDTLS_DEBUG_C
				7016	requires_config_enabled MBEDTLS_SSL_CLI_C
				7017	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7018	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7019	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7020	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7021	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				7022	0 \
				7023	-c "HTTP/1.0 200 OK" \
				7024	-c "Protocol is TLSv1.3" \
				7025	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7026	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7027	-c "NamedGroup: secp384r1 ( 18 )" \
				7028	-c "Verifying peer X.509 certificate... ok" \
				7029	-C "received HelloRetryRequest message"
				7030
				7031	requires_gnutls_tls1_3
				7032	requires_gnutls_next_no_ticket
				7033	requires_gnutls_next_disable_tls13_compat
				7034	requires_config_enabled MBEDTLS_DEBUG_C
				7035	requires_config_enabled MBEDTLS_SSL_CLI_C
				7036	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7037	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7038	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7039	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7040	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				7041	0 \
				7042	-c "HTTP/1.0 200 OK" \
				7043	-c "Protocol is TLSv1.3" \
				7044	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7045	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7046	-c "NamedGroup: secp384r1 ( 18 )" \
				7047	-c "Verifying peer X.509 certificate... ok" \
				7048	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7049
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7050	requires_gnutls_tls1_3
				7051	requires_gnutls_next_no_ticket
				7052	requires_gnutls_next_disable_tls13_compat
				7053	requires_config_enabled MBEDTLS_DEBUG_C
				7054	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	7055	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7056	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7057	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	7058	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7059	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7060	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7061	0 \
				7062	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7063	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7064	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7065	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7066	-c "NamedGroup: secp384r1 ( 18 )" \
				7067	-c "Verifying peer X.509 certificate... ok" \
				7068	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7069
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7070	requires_gnutls_tls1_3
				7071	requires_gnutls_next_no_ticket
				7072	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7073	requires_config_enabled MBEDTLS_DEBUG_C
				7074	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	7075	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7076	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7077	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7078	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7079	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7080	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7081	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7082	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7083	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7084	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7085	-c "NamedGroup: secp521r1 ( 19 )" \
				7086	-c "Verifying peer X.509 certificate... ok" \
				7087	-C "received HelloRetryRequest message"
				7088
				7089	requires_gnutls_tls1_3
				7090	requires_gnutls_next_no_ticket
				7091	requires_gnutls_next_disable_tls13_compat
				7092	requires_config_enabled MBEDTLS_DEBUG_C
				7093	requires_config_enabled MBEDTLS_SSL_CLI_C
				7094	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7095	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7096	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7097	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7098	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				7099	0 \
				7100	-c "HTTP/1.0 200 OK" \
				7101	-c "Protocol is TLSv1.3" \
				7102	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7103	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7104	-c "NamedGroup: secp521r1 ( 19 )" \
				7105	-c "Verifying peer X.509 certificate... ok" \
				7106	-C "received HelloRetryRequest message"
				7107
				7108	requires_gnutls_tls1_3
				7109	requires_gnutls_next_no_ticket
				7110	requires_gnutls_next_disable_tls13_compat
				7111	requires_config_enabled MBEDTLS_DEBUG_C
				7112	requires_config_enabled MBEDTLS_SSL_CLI_C
				7113	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7114	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7115	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7116	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7117	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				7118	0 \
				7119	-c "HTTP/1.0 200 OK" \
				7120	-c "Protocol is TLSv1.3" \
				7121	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7122	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7123	-c "NamedGroup: secp521r1 ( 19 )" \
				7124	-c "Verifying peer X.509 certificate... ok" \
				7125	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7126
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7127	requires_gnutls_tls1_3
				7128	requires_gnutls_next_no_ticket
				7129	requires_gnutls_next_disable_tls13_compat
				7130	requires_config_enabled MBEDTLS_DEBUG_C
				7131	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	7132	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7133	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7134	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	7135	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7136	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7137	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7138	0 \
				7139	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7140	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7141	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7142	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7143	-c "NamedGroup: secp521r1 ( 19 )" \
				7144	-c "Verifying peer X.509 certificate... ok" \
				7145	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7146
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7147	requires_gnutls_tls1_3
				7148	requires_gnutls_next_no_ticket
				7149	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7150	requires_config_enabled MBEDTLS_DEBUG_C
				7151	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	7152	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7153	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7154	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7155	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7156	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7157	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7158	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7159	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7160	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7161	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7162	-c "NamedGroup: x25519 ( 1d )" \
				7163	-c "Verifying peer X.509 certificate... ok" \
				7164	-C "received HelloRetryRequest message"
				7165
				7166	requires_gnutls_tls1_3
				7167	requires_gnutls_next_no_ticket
				7168	requires_gnutls_next_disable_tls13_compat
				7169	requires_config_enabled MBEDTLS_DEBUG_C
				7170	requires_config_enabled MBEDTLS_SSL_CLI_C
				7171	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7172	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7173	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7174	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7175	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				7176	0 \
				7177	-c "HTTP/1.0 200 OK" \
				7178	-c "Protocol is TLSv1.3" \
				7179	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7180	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7181	-c "NamedGroup: x25519 ( 1d )" \
				7182	-c "Verifying peer X.509 certificate... ok" \
				7183	-C "received HelloRetryRequest message"
				7184
				7185	requires_gnutls_tls1_3
				7186	requires_gnutls_next_no_ticket
				7187	requires_gnutls_next_disable_tls13_compat
				7188	requires_config_enabled MBEDTLS_DEBUG_C
				7189	requires_config_enabled MBEDTLS_SSL_CLI_C
				7190	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7191	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7192	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7193	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7194	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				7195	0 \
				7196	-c "HTTP/1.0 200 OK" \
				7197	-c "Protocol is TLSv1.3" \
				7198	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7199	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7200	-c "NamedGroup: x25519 ( 1d )" \
				7201	-c "Verifying peer X.509 certificate... ok" \
				7202	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7203
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7204	requires_gnutls_tls1_3
				7205	requires_gnutls_next_no_ticket
				7206	requires_gnutls_next_disable_tls13_compat
				7207	requires_config_enabled MBEDTLS_DEBUG_C
				7208	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	7209	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7210	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7211	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	7212	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7213	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7214	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7215	0 \
				7216	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7217	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7218	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7219	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7220	-c "NamedGroup: x25519 ( 1d )" \
				7221	-c "Verifying peer X.509 certificate... ok" \
				7222	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7223
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7224	requires_gnutls_tls1_3
				7225	requires_gnutls_next_no_ticket
				7226	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7227	requires_config_enabled MBEDTLS_DEBUG_C
				7228	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	7229	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7230	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7231	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7232	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7233	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7234	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7235	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7236	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7237	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7238	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7239	-c "NamedGroup: x448 ( 1e )" \
				7240	-c "Verifying peer X.509 certificate... ok" \
				7241	-C "received HelloRetryRequest message"
				7242
				7243	requires_gnutls_tls1_3
				7244	requires_gnutls_next_no_ticket
				7245	requires_gnutls_next_disable_tls13_compat
				7246	requires_config_enabled MBEDTLS_DEBUG_C
				7247	requires_config_enabled MBEDTLS_SSL_CLI_C
				7248	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7249	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7250	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7251	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7252	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				7253	0 \
				7254	-c "HTTP/1.0 200 OK" \
				7255	-c "Protocol is TLSv1.3" \
				7256	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7257	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7258	-c "NamedGroup: x448 ( 1e )" \
				7259	-c "Verifying peer X.509 certificate... ok" \
				7260	-C "received HelloRetryRequest message"
				7261
				7262	requires_gnutls_tls1_3
				7263	requires_gnutls_next_no_ticket
				7264	requires_gnutls_next_disable_tls13_compat
				7265	requires_config_enabled MBEDTLS_DEBUG_C
				7266	requires_config_enabled MBEDTLS_SSL_CLI_C
				7267	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7268	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7269	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7270	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7271	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				7272	0 \
				7273	-c "HTTP/1.0 200 OK" \
				7274	-c "Protocol is TLSv1.3" \
				7275	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7276	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7277	-c "NamedGroup: x448 ( 1e )" \
				7278	-c "Verifying peer X.509 certificate... ok" \
				7279	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7280
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7281	requires_gnutls_tls1_3
				7282	requires_gnutls_next_no_ticket
				7283	requires_gnutls_next_disable_tls13_compat
				7284	requires_config_enabled MBEDTLS_DEBUG_C
				7285	requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	7286	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7287	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7288	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	7289	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7290	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7291	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7292	0 \
				7293	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7294	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7295	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	7296	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7297	-c "NamedGroup: x448 ( 1e )" \
				7298	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	7299	-C "received HelloRetryRequest message"
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	7300
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	7301	requires_config_enabled MBEDTLS_DEBUG_C
				7302	requires_config_enabled MBEDTLS_SSL_CLI_C
				7303	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7304	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7305	requires_config_enabled MBEDTLS_DEBUG_C
				7306	requires_config_enabled MBEDTLS_SSL_CLI_C
				7307	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7308	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7309	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				7310	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7311	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
				7312	0 \
				7313	-s "Protocol is TLSv1.3" \
				7314	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7315	-s "received signature algorithm: 0x403" \
				7316	-s "got named group: secp256r1(0017)" \
				7317	-s "Verifying peer X.509 certificate... ok" \
				7318	-c "Protocol is TLSv1.3" \
				7319	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7320	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7321	-c "NamedGroup: secp256r1 ( 17 )" \
				7322	-c "Verifying peer X.509 certificate... ok" \
				7323	-C "received HelloRetryRequest message"
				7324
				7325	requires_config_enabled MBEDTLS_DEBUG_C
				7326	requires_config_enabled MBEDTLS_SSL_CLI_C
				7327	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7328	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7329	requires_config_enabled MBEDTLS_DEBUG_C
				7330	requires_config_enabled MBEDTLS_SSL_CLI_C
				7331	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7332	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7333	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				7334	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7335	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
				7336	0 \
				7337	-s "Protocol is TLSv1.3" \
				7338	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7339	-s "received signature algorithm: 0x503" \
				7340	-s "got named group: secp256r1(0017)" \
				7341	-s "Verifying peer X.509 certificate... ok" \
				7342	-c "Protocol is TLSv1.3" \
				7343	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7344	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7345	-c "NamedGroup: secp256r1 ( 17 )" \
				7346	-c "Verifying peer X.509 certificate... ok" \
				7347	-C "received HelloRetryRequest message"
				7348
				7349	requires_config_enabled MBEDTLS_DEBUG_C
				7350	requires_config_enabled MBEDTLS_SSL_CLI_C
				7351	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7352	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7353	requires_config_enabled MBEDTLS_DEBUG_C
				7354	requires_config_enabled MBEDTLS_SSL_CLI_C
				7355	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7356	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7357	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				7358	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7359	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
				7360	0 \
				7361	-s "Protocol is TLSv1.3" \
				7362	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7363	-s "received signature algorithm: 0x603" \
				7364	-s "got named group: secp256r1(0017)" \
				7365	-s "Verifying peer X.509 certificate... ok" \
				7366	-c "Protocol is TLSv1.3" \
				7367	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7368	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7369	-c "NamedGroup: secp256r1 ( 17 )" \
				7370	-c "Verifying peer X.509 certificate... ok" \
				7371	-C "received HelloRetryRequest message"
				7372
				7373	requires_config_enabled MBEDTLS_DEBUG_C
				7374	requires_config_enabled MBEDTLS_SSL_CLI_C
				7375	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7376	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7377	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7378	requires_config_enabled MBEDTLS_DEBUG_C
				7379	requires_config_enabled MBEDTLS_SSL_CLI_C
				7380	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7381	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7382	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7383	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				7384	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7385	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
				7386	0 \
				7387	-s "Protocol is TLSv1.3" \
				7388	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7389	-s "received signature algorithm: 0x804" \
				7390	-s "got named group: secp256r1(0017)" \
				7391	-s "Verifying peer X.509 certificate... ok" \
				7392	-c "Protocol is TLSv1.3" \
				7393	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7394	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7395	-c "NamedGroup: secp256r1 ( 17 )" \
				7396	-c "Verifying peer X.509 certificate... ok" \
				7397	-C "received HelloRetryRequest message"
				7398
				7399	requires_config_enabled MBEDTLS_DEBUG_C
				7400	requires_config_enabled MBEDTLS_SSL_CLI_C
				7401	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7402	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7403	requires_config_enabled MBEDTLS_DEBUG_C
				7404	requires_config_enabled MBEDTLS_SSL_CLI_C
				7405	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7406	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7407	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				7408	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7409	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
				7410	0 \
				7411	-s "Protocol is TLSv1.3" \
				7412	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7413	-s "received signature algorithm: 0x403" \
				7414	-s "got named group: secp384r1(0018)" \
				7415	-s "Verifying peer X.509 certificate... ok" \
				7416	-c "Protocol is TLSv1.3" \
				7417	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7418	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7419	-c "NamedGroup: secp384r1 ( 18 )" \
				7420	-c "Verifying peer X.509 certificate... ok" \
				7421	-C "received HelloRetryRequest message"
				7422
				7423	requires_config_enabled MBEDTLS_DEBUG_C
				7424	requires_config_enabled MBEDTLS_SSL_CLI_C
				7425	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7426	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7427	requires_config_enabled MBEDTLS_DEBUG_C
				7428	requires_config_enabled MBEDTLS_SSL_CLI_C
				7429	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7430	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7431	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				7432	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7433	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				7434	0 \
				7435	-s "Protocol is TLSv1.3" \
				7436	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7437	-s "received signature algorithm: 0x503" \
				7438	-s "got named group: secp384r1(0018)" \
				7439	-s "Verifying peer X.509 certificate... ok" \
				7440	-c "Protocol is TLSv1.3" \
				7441	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7442	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7443	-c "NamedGroup: secp384r1 ( 18 )" \
				7444	-c "Verifying peer X.509 certificate... ok" \
				7445	-C "received HelloRetryRequest message"
				7446
				7447	requires_config_enabled MBEDTLS_DEBUG_C
				7448	requires_config_enabled MBEDTLS_SSL_CLI_C
				7449	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7450	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7451	requires_config_enabled MBEDTLS_DEBUG_C
				7452	requires_config_enabled MBEDTLS_SSL_CLI_C
				7453	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7454	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7455	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				7456	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7457	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				7458	0 \
				7459	-s "Protocol is TLSv1.3" \
				7460	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7461	-s "received signature algorithm: 0x603" \
				7462	-s "got named group: secp384r1(0018)" \
				7463	-s "Verifying peer X.509 certificate... ok" \
				7464	-c "Protocol is TLSv1.3" \
				7465	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7466	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7467	-c "NamedGroup: secp384r1 ( 18 )" \
				7468	-c "Verifying peer X.509 certificate... ok" \
				7469	-C "received HelloRetryRequest message"
				7470
				7471	requires_config_enabled MBEDTLS_DEBUG_C
				7472	requires_config_enabled MBEDTLS_SSL_CLI_C
				7473	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7474	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7475	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7476	requires_config_enabled MBEDTLS_DEBUG_C
				7477	requires_config_enabled MBEDTLS_SSL_CLI_C
				7478	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7479	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7480	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7481	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				7482	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7483	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
				7484	0 \
				7485	-s "Protocol is TLSv1.3" \
				7486	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7487	-s "received signature algorithm: 0x804" \
				7488	-s "got named group: secp384r1(0018)" \
				7489	-s "Verifying peer X.509 certificate... ok" \
				7490	-c "Protocol is TLSv1.3" \
				7491	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7492	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7493	-c "NamedGroup: secp384r1 ( 18 )" \
				7494	-c "Verifying peer X.509 certificate... ok" \
				7495	-C "received HelloRetryRequest message"
				7496
				7497	requires_config_enabled MBEDTLS_DEBUG_C
				7498	requires_config_enabled MBEDTLS_SSL_CLI_C
				7499	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7500	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7501	requires_config_enabled MBEDTLS_DEBUG_C
				7502	requires_config_enabled MBEDTLS_SSL_CLI_C
				7503	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7504	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7505	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				7506	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7507	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
				7508	0 \
				7509	-s "Protocol is TLSv1.3" \
				7510	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7511	-s "received signature algorithm: 0x403" \
				7512	-s "got named group: secp521r1(0019)" \
				7513	-s "Verifying peer X.509 certificate... ok" \
				7514	-c "Protocol is TLSv1.3" \
				7515	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7516	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7517	-c "NamedGroup: secp521r1 ( 19 )" \
				7518	-c "Verifying peer X.509 certificate... ok" \
				7519	-C "received HelloRetryRequest message"
				7520
				7521	requires_config_enabled MBEDTLS_DEBUG_C
				7522	requires_config_enabled MBEDTLS_SSL_CLI_C
				7523	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7524	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7525	requires_config_enabled MBEDTLS_DEBUG_C
				7526	requires_config_enabled MBEDTLS_SSL_CLI_C
				7527	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7528	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7529	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				7530	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7531	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				7532	0 \
				7533	-s "Protocol is TLSv1.3" \
				7534	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7535	-s "received signature algorithm: 0x503" \
				7536	-s "got named group: secp521r1(0019)" \
				7537	-s "Verifying peer X.509 certificate... ok" \
				7538	-c "Protocol is TLSv1.3" \
				7539	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7540	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7541	-c "NamedGroup: secp521r1 ( 19 )" \
				7542	-c "Verifying peer X.509 certificate... ok" \
				7543	-C "received HelloRetryRequest message"
				7544
				7545	requires_config_enabled MBEDTLS_DEBUG_C
				7546	requires_config_enabled MBEDTLS_SSL_CLI_C
				7547	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7548	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7549	requires_config_enabled MBEDTLS_DEBUG_C
				7550	requires_config_enabled MBEDTLS_SSL_CLI_C
				7551	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7552	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7553	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				7554	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7555	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				7556	0 \
				7557	-s "Protocol is TLSv1.3" \
				7558	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7559	-s "received signature algorithm: 0x603" \
				7560	-s "got named group: secp521r1(0019)" \
				7561	-s "Verifying peer X.509 certificate... ok" \
				7562	-c "Protocol is TLSv1.3" \
				7563	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7564	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7565	-c "NamedGroup: secp521r1 ( 19 )" \
				7566	-c "Verifying peer X.509 certificate... ok" \
				7567	-C "received HelloRetryRequest message"
				7568
				7569	requires_config_enabled MBEDTLS_DEBUG_C
				7570	requires_config_enabled MBEDTLS_SSL_CLI_C
				7571	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7572	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7573	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7574	requires_config_enabled MBEDTLS_DEBUG_C
				7575	requires_config_enabled MBEDTLS_SSL_CLI_C
				7576	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7577	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7578	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7579	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				7580	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7581	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
				7582	0 \
				7583	-s "Protocol is TLSv1.3" \
				7584	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7585	-s "received signature algorithm: 0x804" \
				7586	-s "got named group: secp521r1(0019)" \
				7587	-s "Verifying peer X.509 certificate... ok" \
				7588	-c "Protocol is TLSv1.3" \
				7589	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7590	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7591	-c "NamedGroup: secp521r1 ( 19 )" \
				7592	-c "Verifying peer X.509 certificate... ok" \
				7593	-C "received HelloRetryRequest message"
				7594
				7595	requires_config_enabled MBEDTLS_DEBUG_C
				7596	requires_config_enabled MBEDTLS_SSL_CLI_C
				7597	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7598	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7599	requires_config_enabled MBEDTLS_DEBUG_C
				7600	requires_config_enabled MBEDTLS_SSL_CLI_C
				7601	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7602	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7603	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
				7604	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7605	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
				7606	0 \
				7607	-s "Protocol is TLSv1.3" \
				7608	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7609	-s "received signature algorithm: 0x403" \
				7610	-s "got named group: x25519(001d)" \
				7611	-s "Verifying peer X.509 certificate... ok" \
				7612	-c "Protocol is TLSv1.3" \
				7613	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7614	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7615	-c "NamedGroup: x25519 ( 1d )" \
				7616	-c "Verifying peer X.509 certificate... ok" \
				7617	-C "received HelloRetryRequest message"
				7618
				7619	requires_config_enabled MBEDTLS_DEBUG_C
				7620	requires_config_enabled MBEDTLS_SSL_CLI_C
				7621	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7622	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7623	requires_config_enabled MBEDTLS_DEBUG_C
				7624	requires_config_enabled MBEDTLS_SSL_CLI_C
				7625	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7626	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7627	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
				7628	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7629	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				7630	0 \
				7631	-s "Protocol is TLSv1.3" \
				7632	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7633	-s "received signature algorithm: 0x503" \
				7634	-s "got named group: x25519(001d)" \
				7635	-s "Verifying peer X.509 certificate... ok" \
				7636	-c "Protocol is TLSv1.3" \
				7637	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7638	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7639	-c "NamedGroup: x25519 ( 1d )" \
				7640	-c "Verifying peer X.509 certificate... ok" \
				7641	-C "received HelloRetryRequest message"
				7642
				7643	requires_config_enabled MBEDTLS_DEBUG_C
				7644	requires_config_enabled MBEDTLS_SSL_CLI_C
				7645	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7646	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7647	requires_config_enabled MBEDTLS_DEBUG_C
				7648	requires_config_enabled MBEDTLS_SSL_CLI_C
				7649	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7650	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7651	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
				7652	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7653	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				7654	0 \
				7655	-s "Protocol is TLSv1.3" \
				7656	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7657	-s "received signature algorithm: 0x603" \
				7658	-s "got named group: x25519(001d)" \
				7659	-s "Verifying peer X.509 certificate... ok" \
				7660	-c "Protocol is TLSv1.3" \
				7661	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7662	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7663	-c "NamedGroup: x25519 ( 1d )" \
				7664	-c "Verifying peer X.509 certificate... ok" \
				7665	-C "received HelloRetryRequest message"
				7666
				7667	requires_config_enabled MBEDTLS_DEBUG_C
				7668	requires_config_enabled MBEDTLS_SSL_CLI_C
				7669	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7670	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7671	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7672	requires_config_enabled MBEDTLS_DEBUG_C
				7673	requires_config_enabled MBEDTLS_SSL_CLI_C
				7674	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7675	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7676	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7677	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
				7678	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7679	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
				7680	0 \
				7681	-s "Protocol is TLSv1.3" \
				7682	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7683	-s "received signature algorithm: 0x804" \
				7684	-s "got named group: x25519(001d)" \
				7685	-s "Verifying peer X.509 certificate... ok" \
				7686	-c "Protocol is TLSv1.3" \
				7687	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7688	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7689	-c "NamedGroup: x25519 ( 1d )" \
				7690	-c "Verifying peer X.509 certificate... ok" \
				7691	-C "received HelloRetryRequest message"
				7692
				7693	requires_config_enabled MBEDTLS_DEBUG_C
				7694	requires_config_enabled MBEDTLS_SSL_CLI_C
				7695	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7696	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7697	requires_config_enabled MBEDTLS_DEBUG_C
				7698	requires_config_enabled MBEDTLS_SSL_CLI_C
				7699	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7700	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7701	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
				7702	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7703	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
				7704	0 \
				7705	-s "Protocol is TLSv1.3" \
				7706	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7707	-s "received signature algorithm: 0x403" \
				7708	-s "got named group: x448(001e)" \
				7709	-s "Verifying peer X.509 certificate... ok" \
				7710	-c "Protocol is TLSv1.3" \
				7711	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7712	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7713	-c "NamedGroup: x448 ( 1e )" \
				7714	-c "Verifying peer X.509 certificate... ok" \
				7715	-C "received HelloRetryRequest message"
				7716
				7717	requires_config_enabled MBEDTLS_DEBUG_C
				7718	requires_config_enabled MBEDTLS_SSL_CLI_C
				7719	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7720	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7721	requires_config_enabled MBEDTLS_DEBUG_C
				7722	requires_config_enabled MBEDTLS_SSL_CLI_C
				7723	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7724	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7725	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
				7726	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7727	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				7728	0 \
				7729	-s "Protocol is TLSv1.3" \
				7730	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7731	-s "received signature algorithm: 0x503" \
				7732	-s "got named group: x448(001e)" \
				7733	-s "Verifying peer X.509 certificate... ok" \
				7734	-c "Protocol is TLSv1.3" \
				7735	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7736	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7737	-c "NamedGroup: x448 ( 1e )" \
				7738	-c "Verifying peer X.509 certificate... ok" \
				7739	-C "received HelloRetryRequest message"
				7740
				7741	requires_config_enabled MBEDTLS_DEBUG_C
				7742	requires_config_enabled MBEDTLS_SSL_CLI_C
				7743	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7744	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7745	requires_config_enabled MBEDTLS_DEBUG_C
				7746	requires_config_enabled MBEDTLS_SSL_CLI_C
				7747	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7748	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7749	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
				7750	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7751	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				7752	0 \
				7753	-s "Protocol is TLSv1.3" \
				7754	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7755	-s "received signature algorithm: 0x603" \
				7756	-s "got named group: x448(001e)" \
				7757	-s "Verifying peer X.509 certificate... ok" \
				7758	-c "Protocol is TLSv1.3" \
				7759	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7760	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7761	-c "NamedGroup: x448 ( 1e )" \
				7762	-c "Verifying peer X.509 certificate... ok" \
				7763	-C "received HelloRetryRequest message"
				7764
				7765	requires_config_enabled MBEDTLS_DEBUG_C
				7766	requires_config_enabled MBEDTLS_SSL_CLI_C
				7767	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7768	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7769	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7770	requires_config_enabled MBEDTLS_DEBUG_C
				7771	requires_config_enabled MBEDTLS_SSL_CLI_C
				7772	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7773	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7774	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7775	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
				7776	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7777	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
				7778	0 \
				7779	-s "Protocol is TLSv1.3" \
				7780	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				7781	-s "received signature algorithm: 0x804" \
				7782	-s "got named group: x448(001e)" \
				7783	-s "Verifying peer X.509 certificate... ok" \
				7784	-c "Protocol is TLSv1.3" \
				7785	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7786	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7787	-c "NamedGroup: x448 ( 1e )" \
				7788	-c "Verifying peer X.509 certificate... ok" \
				7789	-C "received HelloRetryRequest message"
				7790
				7791	requires_config_enabled MBEDTLS_DEBUG_C
				7792	requires_config_enabled MBEDTLS_SSL_CLI_C
				7793	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7794	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7795	requires_config_enabled MBEDTLS_DEBUG_C
				7796	requires_config_enabled MBEDTLS_SSL_CLI_C
				7797	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7798	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7799	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
				7800	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7801	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
				7802	0 \
				7803	-s "Protocol is TLSv1.3" \
				7804	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				7805	-s "received signature algorithm: 0x403" \
				7806	-s "got named group: secp256r1(0017)" \
				7807	-s "Verifying peer X.509 certificate... ok" \
				7808	-c "Protocol is TLSv1.3" \
				7809	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				7810	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7811	-c "NamedGroup: secp256r1 ( 17 )" \
				7812	-c "Verifying peer X.509 certificate... ok" \
				7813	-C "received HelloRetryRequest message"
				7814
				7815	requires_config_enabled MBEDTLS_DEBUG_C
				7816	requires_config_enabled MBEDTLS_SSL_CLI_C
				7817	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7818	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7819	requires_config_enabled MBEDTLS_DEBUG_C
				7820	requires_config_enabled MBEDTLS_SSL_CLI_C
				7821	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7822	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7823	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
				7824	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7825	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
				7826	0 \
				7827	-s "Protocol is TLSv1.3" \
				7828	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				7829	-s "received signature algorithm: 0x503" \
				7830	-s "got named group: secp256r1(0017)" \
				7831	-s "Verifying peer X.509 certificate... ok" \
				7832	-c "Protocol is TLSv1.3" \
				7833	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				7834	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7835	-c "NamedGroup: secp256r1 ( 17 )" \
				7836	-c "Verifying peer X.509 certificate... ok" \
				7837	-C "received HelloRetryRequest message"
				7838
				7839	requires_config_enabled MBEDTLS_DEBUG_C
				7840	requires_config_enabled MBEDTLS_SSL_CLI_C
				7841	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7842	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7843	requires_config_enabled MBEDTLS_DEBUG_C
				7844	requires_config_enabled MBEDTLS_SSL_CLI_C
				7845	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7846	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7847	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
				7848	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7849	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
				7850	0 \
				7851	-s "Protocol is TLSv1.3" \
				7852	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				7853	-s "received signature algorithm: 0x603" \
				7854	-s "got named group: secp256r1(0017)" \
				7855	-s "Verifying peer X.509 certificate... ok" \
				7856	-c "Protocol is TLSv1.3" \
				7857	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				7858	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7859	-c "NamedGroup: secp256r1 ( 17 )" \
				7860	-c "Verifying peer X.509 certificate... ok" \
				7861	-C "received HelloRetryRequest message"
				7862
				7863	requires_config_enabled MBEDTLS_DEBUG_C
				7864	requires_config_enabled MBEDTLS_SSL_CLI_C
				7865	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7866	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7867	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7868	requires_config_enabled MBEDTLS_DEBUG_C
				7869	requires_config_enabled MBEDTLS_SSL_CLI_C
				7870	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7871	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7872	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7873	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
				7874	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7875	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
				7876	0 \
				7877	-s "Protocol is TLSv1.3" \
				7878	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				7879	-s "received signature algorithm: 0x804" \
				7880	-s "got named group: secp256r1(0017)" \
				7881	-s "Verifying peer X.509 certificate... ok" \
				7882	-c "Protocol is TLSv1.3" \
				7883	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				7884	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7885	-c "NamedGroup: secp256r1 ( 17 )" \
				7886	-c "Verifying peer X.509 certificate... ok" \
				7887	-C "received HelloRetryRequest message"
				7888
				7889	requires_config_enabled MBEDTLS_DEBUG_C
				7890	requires_config_enabled MBEDTLS_SSL_CLI_C
				7891	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7892	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7893	requires_config_enabled MBEDTLS_DEBUG_C
				7894	requires_config_enabled MBEDTLS_SSL_CLI_C
				7895	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7896	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7897	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
				7898	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7899	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
				7900	0 \
				7901	-s "Protocol is TLSv1.3" \
				7902	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				7903	-s "received signature algorithm: 0x403" \
				7904	-s "got named group: secp384r1(0018)" \
				7905	-s "Verifying peer X.509 certificate... ok" \
				7906	-c "Protocol is TLSv1.3" \
				7907	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				7908	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7909	-c "NamedGroup: secp384r1 ( 18 )" \
				7910	-c "Verifying peer X.509 certificate... ok" \
				7911	-C "received HelloRetryRequest message"
				7912
				7913	requires_config_enabled MBEDTLS_DEBUG_C
				7914	requires_config_enabled MBEDTLS_SSL_CLI_C
				7915	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7916	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7917	requires_config_enabled MBEDTLS_DEBUG_C
				7918	requires_config_enabled MBEDTLS_SSL_CLI_C
				7919	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7920	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7921	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
				7922	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7923	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				7924	0 \
				7925	-s "Protocol is TLSv1.3" \
				7926	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				7927	-s "received signature algorithm: 0x503" \
				7928	-s "got named group: secp384r1(0018)" \
				7929	-s "Verifying peer X.509 certificate... ok" \
				7930	-c "Protocol is TLSv1.3" \
				7931	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				7932	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7933	-c "NamedGroup: secp384r1 ( 18 )" \
				7934	-c "Verifying peer X.509 certificate... ok" \
				7935	-C "received HelloRetryRequest message"
				7936
				7937	requires_config_enabled MBEDTLS_DEBUG_C
				7938	requires_config_enabled MBEDTLS_SSL_CLI_C
				7939	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7940	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7941	requires_config_enabled MBEDTLS_DEBUG_C
				7942	requires_config_enabled MBEDTLS_SSL_CLI_C
				7943	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7944	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7945	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
				7946	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7947	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				7948	0 \
				7949	-s "Protocol is TLSv1.3" \
				7950	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				7951	-s "received signature algorithm: 0x603" \
				7952	-s "got named group: secp384r1(0018)" \
				7953	-s "Verifying peer X.509 certificate... ok" \
				7954	-c "Protocol is TLSv1.3" \
				7955	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				7956	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7957	-c "NamedGroup: secp384r1 ( 18 )" \
				7958	-c "Verifying peer X.509 certificate... ok" \
				7959	-C "received HelloRetryRequest message"
				7960
				7961	requires_config_enabled MBEDTLS_DEBUG_C
				7962	requires_config_enabled MBEDTLS_SSL_CLI_C
				7963	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7964	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7965	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7966	requires_config_enabled MBEDTLS_DEBUG_C
				7967	requires_config_enabled MBEDTLS_SSL_CLI_C
				7968	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7969	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7970	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				7971	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
				7972	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7973	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
				7974	0 \
				7975	-s "Protocol is TLSv1.3" \
				7976	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				7977	-s "received signature algorithm: 0x804" \
				7978	-s "got named group: secp384r1(0018)" \
				7979	-s "Verifying peer X.509 certificate... ok" \
				7980	-c "Protocol is TLSv1.3" \
				7981	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				7982	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7983	-c "NamedGroup: secp384r1 ( 18 )" \
				7984	-c "Verifying peer X.509 certificate... ok" \
				7985	-C "received HelloRetryRequest message"
				7986
				7987	requires_config_enabled MBEDTLS_DEBUG_C
				7988	requires_config_enabled MBEDTLS_SSL_CLI_C
				7989	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7990	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7991	requires_config_enabled MBEDTLS_DEBUG_C
				7992	requires_config_enabled MBEDTLS_SSL_CLI_C
				7993	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				7994	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7995	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
				7996	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				7997	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
				7998	0 \
				7999	-s "Protocol is TLSv1.3" \
				8000	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8001	-s "received signature algorithm: 0x403" \
				8002	-s "got named group: secp521r1(0019)" \
				8003	-s "Verifying peer X.509 certificate... ok" \
				8004	-c "Protocol is TLSv1.3" \
				8005	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8006	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8007	-c "NamedGroup: secp521r1 ( 19 )" \
				8008	-c "Verifying peer X.509 certificate... ok" \
				8009	-C "received HelloRetryRequest message"
				8010
				8011	requires_config_enabled MBEDTLS_DEBUG_C
				8012	requires_config_enabled MBEDTLS_SSL_CLI_C
				8013	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8014	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8015	requires_config_enabled MBEDTLS_DEBUG_C
				8016	requires_config_enabled MBEDTLS_SSL_CLI_C
				8017	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8018	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8019	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
				8020	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8021	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				8022	0 \
				8023	-s "Protocol is TLSv1.3" \
				8024	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8025	-s "received signature algorithm: 0x503" \
				8026	-s "got named group: secp521r1(0019)" \
				8027	-s "Verifying peer X.509 certificate... ok" \
				8028	-c "Protocol is TLSv1.3" \
				8029	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8030	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8031	-c "NamedGroup: secp521r1 ( 19 )" \
				8032	-c "Verifying peer X.509 certificate... ok" \
				8033	-C "received HelloRetryRequest message"
				8034
				8035	requires_config_enabled MBEDTLS_DEBUG_C
				8036	requires_config_enabled MBEDTLS_SSL_CLI_C
				8037	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8038	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8039	requires_config_enabled MBEDTLS_DEBUG_C
				8040	requires_config_enabled MBEDTLS_SSL_CLI_C
				8041	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8042	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8043	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
				8044	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8045	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				8046	0 \
				8047	-s "Protocol is TLSv1.3" \
				8048	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8049	-s "received signature algorithm: 0x603" \
				8050	-s "got named group: secp521r1(0019)" \
				8051	-s "Verifying peer X.509 certificate... ok" \
				8052	-c "Protocol is TLSv1.3" \
				8053	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8054	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8055	-c "NamedGroup: secp521r1 ( 19 )" \
				8056	-c "Verifying peer X.509 certificate... ok" \
				8057	-C "received HelloRetryRequest message"
				8058
				8059	requires_config_enabled MBEDTLS_DEBUG_C
				8060	requires_config_enabled MBEDTLS_SSL_CLI_C
				8061	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8062	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8063	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8064	requires_config_enabled MBEDTLS_DEBUG_C
				8065	requires_config_enabled MBEDTLS_SSL_CLI_C
				8066	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8067	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8068	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8069	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
				8070	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8071	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
				8072	0 \
				8073	-s "Protocol is TLSv1.3" \
				8074	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8075	-s "received signature algorithm: 0x804" \
				8076	-s "got named group: secp521r1(0019)" \
				8077	-s "Verifying peer X.509 certificate... ok" \
				8078	-c "Protocol is TLSv1.3" \
				8079	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8080	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8081	-c "NamedGroup: secp521r1 ( 19 )" \
				8082	-c "Verifying peer X.509 certificate... ok" \
				8083	-C "received HelloRetryRequest message"
				8084
				8085	requires_config_enabled MBEDTLS_DEBUG_C
				8086	requires_config_enabled MBEDTLS_SSL_CLI_C
				8087	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8088	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8089	requires_config_enabled MBEDTLS_DEBUG_C
				8090	requires_config_enabled MBEDTLS_SSL_CLI_C
				8091	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8092	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8093	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
				8094	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8095	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
				8096	0 \
				8097	-s "Protocol is TLSv1.3" \
				8098	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8099	-s "received signature algorithm: 0x403" \
				8100	-s "got named group: x25519(001d)" \
				8101	-s "Verifying peer X.509 certificate... ok" \
				8102	-c "Protocol is TLSv1.3" \
				8103	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8104	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8105	-c "NamedGroup: x25519 ( 1d )" \
				8106	-c "Verifying peer X.509 certificate... ok" \
				8107	-C "received HelloRetryRequest message"
				8108
				8109	requires_config_enabled MBEDTLS_DEBUG_C
				8110	requires_config_enabled MBEDTLS_SSL_CLI_C
				8111	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8112	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8113	requires_config_enabled MBEDTLS_DEBUG_C
				8114	requires_config_enabled MBEDTLS_SSL_CLI_C
				8115	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8116	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8117	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
				8118	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8119	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				8120	0 \
				8121	-s "Protocol is TLSv1.3" \
				8122	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8123	-s "received signature algorithm: 0x503" \
				8124	-s "got named group: x25519(001d)" \
				8125	-s "Verifying peer X.509 certificate... ok" \
				8126	-c "Protocol is TLSv1.3" \
				8127	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8128	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8129	-c "NamedGroup: x25519 ( 1d )" \
				8130	-c "Verifying peer X.509 certificate... ok" \
				8131	-C "received HelloRetryRequest message"
				8132
				8133	requires_config_enabled MBEDTLS_DEBUG_C
				8134	requires_config_enabled MBEDTLS_SSL_CLI_C
				8135	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8136	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8137	requires_config_enabled MBEDTLS_DEBUG_C
				8138	requires_config_enabled MBEDTLS_SSL_CLI_C
				8139	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8140	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8141	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
				8142	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8143	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				8144	0 \
				8145	-s "Protocol is TLSv1.3" \
				8146	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8147	-s "received signature algorithm: 0x603" \
				8148	-s "got named group: x25519(001d)" \
				8149	-s "Verifying peer X.509 certificate... ok" \
				8150	-c "Protocol is TLSv1.3" \
				8151	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8152	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8153	-c "NamedGroup: x25519 ( 1d )" \
				8154	-c "Verifying peer X.509 certificate... ok" \
				8155	-C "received HelloRetryRequest message"
				8156
				8157	requires_config_enabled MBEDTLS_DEBUG_C
				8158	requires_config_enabled MBEDTLS_SSL_CLI_C
				8159	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8160	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8161	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8162	requires_config_enabled MBEDTLS_DEBUG_C
				8163	requires_config_enabled MBEDTLS_SSL_CLI_C
				8164	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8165	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8166	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8167	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
				8168	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8169	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
				8170	0 \
				8171	-s "Protocol is TLSv1.3" \
				8172	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8173	-s "received signature algorithm: 0x804" \
				8174	-s "got named group: x25519(001d)" \
				8175	-s "Verifying peer X.509 certificate... ok" \
				8176	-c "Protocol is TLSv1.3" \
				8177	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8178	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8179	-c "NamedGroup: x25519 ( 1d )" \
				8180	-c "Verifying peer X.509 certificate... ok" \
				8181	-C "received HelloRetryRequest message"
				8182
				8183	requires_config_enabled MBEDTLS_DEBUG_C
				8184	requires_config_enabled MBEDTLS_SSL_CLI_C
				8185	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8186	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8187	requires_config_enabled MBEDTLS_DEBUG_C
				8188	requires_config_enabled MBEDTLS_SSL_CLI_C
				8189	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8190	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8191	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
				8192	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8193	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
				8194	0 \
				8195	-s "Protocol is TLSv1.3" \
				8196	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8197	-s "received signature algorithm: 0x403" \
				8198	-s "got named group: x448(001e)" \
				8199	-s "Verifying peer X.509 certificate... ok" \
				8200	-c "Protocol is TLSv1.3" \
				8201	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8202	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8203	-c "NamedGroup: x448 ( 1e )" \
				8204	-c "Verifying peer X.509 certificate... ok" \
				8205	-C "received HelloRetryRequest message"
				8206
				8207	requires_config_enabled MBEDTLS_DEBUG_C
				8208	requires_config_enabled MBEDTLS_SSL_CLI_C
				8209	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8210	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8211	requires_config_enabled MBEDTLS_DEBUG_C
				8212	requires_config_enabled MBEDTLS_SSL_CLI_C
				8213	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8214	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8215	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
				8216	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8217	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				8218	0 \
				8219	-s "Protocol is TLSv1.3" \
				8220	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8221	-s "received signature algorithm: 0x503" \
				8222	-s "got named group: x448(001e)" \
				8223	-s "Verifying peer X.509 certificate... ok" \
				8224	-c "Protocol is TLSv1.3" \
				8225	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8226	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8227	-c "NamedGroup: x448 ( 1e )" \
				8228	-c "Verifying peer X.509 certificate... ok" \
				8229	-C "received HelloRetryRequest message"
				8230
				8231	requires_config_enabled MBEDTLS_DEBUG_C
				8232	requires_config_enabled MBEDTLS_SSL_CLI_C
				8233	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8234	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8235	requires_config_enabled MBEDTLS_DEBUG_C
				8236	requires_config_enabled MBEDTLS_SSL_CLI_C
				8237	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8238	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8239	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
				8240	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8241	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				8242	0 \
				8243	-s "Protocol is TLSv1.3" \
				8244	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8245	-s "received signature algorithm: 0x603" \
				8246	-s "got named group: x448(001e)" \
				8247	-s "Verifying peer X.509 certificate... ok" \
				8248	-c "Protocol is TLSv1.3" \
				8249	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8250	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8251	-c "NamedGroup: x448 ( 1e )" \
				8252	-c "Verifying peer X.509 certificate... ok" \
				8253	-C "received HelloRetryRequest message"
				8254
				8255	requires_config_enabled MBEDTLS_DEBUG_C
				8256	requires_config_enabled MBEDTLS_SSL_CLI_C
				8257	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8258	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8259	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8260	requires_config_enabled MBEDTLS_DEBUG_C
				8261	requires_config_enabled MBEDTLS_SSL_CLI_C
				8262	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8263	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8264	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8265	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
				8266	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8267	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
				8268	0 \
				8269	-s "Protocol is TLSv1.3" \
				8270	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				8271	-s "received signature algorithm: 0x804" \
				8272	-s "got named group: x448(001e)" \
				8273	-s "Verifying peer X.509 certificate... ok" \
				8274	-c "Protocol is TLSv1.3" \
				8275	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8276	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8277	-c "NamedGroup: x448 ( 1e )" \
				8278	-c "Verifying peer X.509 certificate... ok" \
				8279	-C "received HelloRetryRequest message"
				8280
				8281	requires_config_enabled MBEDTLS_DEBUG_C
				8282	requires_config_enabled MBEDTLS_SSL_CLI_C
				8283	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8284	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8285	requires_config_enabled MBEDTLS_DEBUG_C
				8286	requires_config_enabled MBEDTLS_SSL_CLI_C
				8287	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8288	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8289	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				8290	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8291	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
				8292	0 \
				8293	-s "Protocol is TLSv1.3" \
				8294	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8295	-s "received signature algorithm: 0x403" \
				8296	-s "got named group: secp256r1(0017)" \
				8297	-s "Verifying peer X.509 certificate... ok" \
				8298	-c "Protocol is TLSv1.3" \
				8299	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8300	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8301	-c "NamedGroup: secp256r1 ( 17 )" \
				8302	-c "Verifying peer X.509 certificate... ok" \
				8303	-C "received HelloRetryRequest message"
				8304
				8305	requires_config_enabled MBEDTLS_DEBUG_C
				8306	requires_config_enabled MBEDTLS_SSL_CLI_C
				8307	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8308	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8309	requires_config_enabled MBEDTLS_DEBUG_C
				8310	requires_config_enabled MBEDTLS_SSL_CLI_C
				8311	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8312	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8313	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				8314	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8315	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
				8316	0 \
				8317	-s "Protocol is TLSv1.3" \
				8318	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8319	-s "received signature algorithm: 0x503" \
				8320	-s "got named group: secp256r1(0017)" \
				8321	-s "Verifying peer X.509 certificate... ok" \
				8322	-c "Protocol is TLSv1.3" \
				8323	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8324	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8325	-c "NamedGroup: secp256r1 ( 17 )" \
				8326	-c "Verifying peer X.509 certificate... ok" \
				8327	-C "received HelloRetryRequest message"
				8328
				8329	requires_config_enabled MBEDTLS_DEBUG_C
				8330	requires_config_enabled MBEDTLS_SSL_CLI_C
				8331	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8332	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8333	requires_config_enabled MBEDTLS_DEBUG_C
				8334	requires_config_enabled MBEDTLS_SSL_CLI_C
				8335	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8336	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8337	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				8338	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8339	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
				8340	0 \
				8341	-s "Protocol is TLSv1.3" \
				8342	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8343	-s "received signature algorithm: 0x603" \
				8344	-s "got named group: secp256r1(0017)" \
				8345	-s "Verifying peer X.509 certificate... ok" \
				8346	-c "Protocol is TLSv1.3" \
				8347	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8348	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8349	-c "NamedGroup: secp256r1 ( 17 )" \
				8350	-c "Verifying peer X.509 certificate... ok" \
				8351	-C "received HelloRetryRequest message"
				8352
				8353	requires_config_enabled MBEDTLS_DEBUG_C
				8354	requires_config_enabled MBEDTLS_SSL_CLI_C
				8355	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8356	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8357	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8358	requires_config_enabled MBEDTLS_DEBUG_C
				8359	requires_config_enabled MBEDTLS_SSL_CLI_C
				8360	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8361	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8362	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8363	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				8364	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8365	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
				8366	0 \
				8367	-s "Protocol is TLSv1.3" \
				8368	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8369	-s "received signature algorithm: 0x804" \
				8370	-s "got named group: secp256r1(0017)" \
				8371	-s "Verifying peer X.509 certificate... ok" \
				8372	-c "Protocol is TLSv1.3" \
				8373	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8374	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8375	-c "NamedGroup: secp256r1 ( 17 )" \
				8376	-c "Verifying peer X.509 certificate... ok" \
				8377	-C "received HelloRetryRequest message"
				8378
				8379	requires_config_enabled MBEDTLS_DEBUG_C
				8380	requires_config_enabled MBEDTLS_SSL_CLI_C
				8381	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8382	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8383	requires_config_enabled MBEDTLS_DEBUG_C
				8384	requires_config_enabled MBEDTLS_SSL_CLI_C
				8385	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8386	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8387	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				8388	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8389	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
				8390	0 \
				8391	-s "Protocol is TLSv1.3" \
				8392	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8393	-s "received signature algorithm: 0x403" \
				8394	-s "got named group: secp384r1(0018)" \
				8395	-s "Verifying peer X.509 certificate... ok" \
				8396	-c "Protocol is TLSv1.3" \
				8397	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8398	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8399	-c "NamedGroup: secp384r1 ( 18 )" \
				8400	-c "Verifying peer X.509 certificate... ok" \
				8401	-C "received HelloRetryRequest message"
				8402
				8403	requires_config_enabled MBEDTLS_DEBUG_C
				8404	requires_config_enabled MBEDTLS_SSL_CLI_C
				8405	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8406	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8407	requires_config_enabled MBEDTLS_DEBUG_C
				8408	requires_config_enabled MBEDTLS_SSL_CLI_C
				8409	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8410	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8411	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				8412	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8413	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				8414	0 \
				8415	-s "Protocol is TLSv1.3" \
				8416	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8417	-s "received signature algorithm: 0x503" \
				8418	-s "got named group: secp384r1(0018)" \
				8419	-s "Verifying peer X.509 certificate... ok" \
				8420	-c "Protocol is TLSv1.3" \
				8421	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8422	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8423	-c "NamedGroup: secp384r1 ( 18 )" \
				8424	-c "Verifying peer X.509 certificate... ok" \
				8425	-C "received HelloRetryRequest message"
				8426
				8427	requires_config_enabled MBEDTLS_DEBUG_C
				8428	requires_config_enabled MBEDTLS_SSL_CLI_C
				8429	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8430	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8431	requires_config_enabled MBEDTLS_DEBUG_C
				8432	requires_config_enabled MBEDTLS_SSL_CLI_C
				8433	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8434	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8435	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				8436	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8437	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				8438	0 \
				8439	-s "Protocol is TLSv1.3" \
				8440	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8441	-s "received signature algorithm: 0x603" \
				8442	-s "got named group: secp384r1(0018)" \
				8443	-s "Verifying peer X.509 certificate... ok" \
				8444	-c "Protocol is TLSv1.3" \
				8445	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8446	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8447	-c "NamedGroup: secp384r1 ( 18 )" \
				8448	-c "Verifying peer X.509 certificate... ok" \
				8449	-C "received HelloRetryRequest message"
				8450
				8451	requires_config_enabled MBEDTLS_DEBUG_C
				8452	requires_config_enabled MBEDTLS_SSL_CLI_C
				8453	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8454	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8455	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8456	requires_config_enabled MBEDTLS_DEBUG_C
				8457	requires_config_enabled MBEDTLS_SSL_CLI_C
				8458	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8459	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8460	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8461	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				8462	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8463	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
				8464	0 \
				8465	-s "Protocol is TLSv1.3" \
				8466	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8467	-s "received signature algorithm: 0x804" \
				8468	-s "got named group: secp384r1(0018)" \
				8469	-s "Verifying peer X.509 certificate... ok" \
				8470	-c "Protocol is TLSv1.3" \
				8471	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8472	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8473	-c "NamedGroup: secp384r1 ( 18 )" \
				8474	-c "Verifying peer X.509 certificate... ok" \
				8475	-C "received HelloRetryRequest message"
				8476
				8477	requires_config_enabled MBEDTLS_DEBUG_C
				8478	requires_config_enabled MBEDTLS_SSL_CLI_C
				8479	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8480	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8481	requires_config_enabled MBEDTLS_DEBUG_C
				8482	requires_config_enabled MBEDTLS_SSL_CLI_C
				8483	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8484	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8485	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				8486	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8487	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
				8488	0 \
				8489	-s "Protocol is TLSv1.3" \
				8490	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8491	-s "received signature algorithm: 0x403" \
				8492	-s "got named group: secp521r1(0019)" \
				8493	-s "Verifying peer X.509 certificate... ok" \
				8494	-c "Protocol is TLSv1.3" \
				8495	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8496	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8497	-c "NamedGroup: secp521r1 ( 19 )" \
				8498	-c "Verifying peer X.509 certificate... ok" \
				8499	-C "received HelloRetryRequest message"
				8500
				8501	requires_config_enabled MBEDTLS_DEBUG_C
				8502	requires_config_enabled MBEDTLS_SSL_CLI_C
				8503	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8504	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8505	requires_config_enabled MBEDTLS_DEBUG_C
				8506	requires_config_enabled MBEDTLS_SSL_CLI_C
				8507	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8508	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8509	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				8510	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8511	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				8512	0 \
				8513	-s "Protocol is TLSv1.3" \
				8514	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8515	-s "received signature algorithm: 0x503" \
				8516	-s "got named group: secp521r1(0019)" \
				8517	-s "Verifying peer X.509 certificate... ok" \
				8518	-c "Protocol is TLSv1.3" \
				8519	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8520	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8521	-c "NamedGroup: secp521r1 ( 19 )" \
				8522	-c "Verifying peer X.509 certificate... ok" \
				8523	-C "received HelloRetryRequest message"
				8524
				8525	requires_config_enabled MBEDTLS_DEBUG_C
				8526	requires_config_enabled MBEDTLS_SSL_CLI_C
				8527	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8528	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8529	requires_config_enabled MBEDTLS_DEBUG_C
				8530	requires_config_enabled MBEDTLS_SSL_CLI_C
				8531	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8532	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8533	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				8534	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8535	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				8536	0 \
				8537	-s "Protocol is TLSv1.3" \
				8538	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8539	-s "received signature algorithm: 0x603" \
				8540	-s "got named group: secp521r1(0019)" \
				8541	-s "Verifying peer X.509 certificate... ok" \
				8542	-c "Protocol is TLSv1.3" \
				8543	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8544	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8545	-c "NamedGroup: secp521r1 ( 19 )" \
				8546	-c "Verifying peer X.509 certificate... ok" \
				8547	-C "received HelloRetryRequest message"
				8548
				8549	requires_config_enabled MBEDTLS_DEBUG_C
				8550	requires_config_enabled MBEDTLS_SSL_CLI_C
				8551	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8552	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8553	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8554	requires_config_enabled MBEDTLS_DEBUG_C
				8555	requires_config_enabled MBEDTLS_SSL_CLI_C
				8556	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8557	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8558	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8559	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				8560	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8561	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
				8562	0 \
				8563	-s "Protocol is TLSv1.3" \
				8564	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8565	-s "received signature algorithm: 0x804" \
				8566	-s "got named group: secp521r1(0019)" \
				8567	-s "Verifying peer X.509 certificate... ok" \
				8568	-c "Protocol is TLSv1.3" \
				8569	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8570	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8571	-c "NamedGroup: secp521r1 ( 19 )" \
				8572	-c "Verifying peer X.509 certificate... ok" \
				8573	-C "received HelloRetryRequest message"
				8574
				8575	requires_config_enabled MBEDTLS_DEBUG_C
				8576	requires_config_enabled MBEDTLS_SSL_CLI_C
				8577	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8578	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8579	requires_config_enabled MBEDTLS_DEBUG_C
				8580	requires_config_enabled MBEDTLS_SSL_CLI_C
				8581	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8582	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8583	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
				8584	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8585	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
				8586	0 \
				8587	-s "Protocol is TLSv1.3" \
				8588	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8589	-s "received signature algorithm: 0x403" \
				8590	-s "got named group: x25519(001d)" \
				8591	-s "Verifying peer X.509 certificate... ok" \
				8592	-c "Protocol is TLSv1.3" \
				8593	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8594	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8595	-c "NamedGroup: x25519 ( 1d )" \
				8596	-c "Verifying peer X.509 certificate... ok" \
				8597	-C "received HelloRetryRequest message"
				8598
				8599	requires_config_enabled MBEDTLS_DEBUG_C
				8600	requires_config_enabled MBEDTLS_SSL_CLI_C
				8601	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8602	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8603	requires_config_enabled MBEDTLS_DEBUG_C
				8604	requires_config_enabled MBEDTLS_SSL_CLI_C
				8605	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8606	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8607	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
				8608	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8609	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				8610	0 \
				8611	-s "Protocol is TLSv1.3" \
				8612	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8613	-s "received signature algorithm: 0x503" \
				8614	-s "got named group: x25519(001d)" \
				8615	-s "Verifying peer X.509 certificate... ok" \
				8616	-c "Protocol is TLSv1.3" \
				8617	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8618	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8619	-c "NamedGroup: x25519 ( 1d )" \
				8620	-c "Verifying peer X.509 certificate... ok" \
				8621	-C "received HelloRetryRequest message"
				8622
				8623	requires_config_enabled MBEDTLS_DEBUG_C
				8624	requires_config_enabled MBEDTLS_SSL_CLI_C
				8625	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8626	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8627	requires_config_enabled MBEDTLS_DEBUG_C
				8628	requires_config_enabled MBEDTLS_SSL_CLI_C
				8629	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8630	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8631	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
				8632	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8633	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				8634	0 \
				8635	-s "Protocol is TLSv1.3" \
				8636	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8637	-s "received signature algorithm: 0x603" \
				8638	-s "got named group: x25519(001d)" \
				8639	-s "Verifying peer X.509 certificate... ok" \
				8640	-c "Protocol is TLSv1.3" \
				8641	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8642	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8643	-c "NamedGroup: x25519 ( 1d )" \
				8644	-c "Verifying peer X.509 certificate... ok" \
				8645	-C "received HelloRetryRequest message"
				8646
				8647	requires_config_enabled MBEDTLS_DEBUG_C
				8648	requires_config_enabled MBEDTLS_SSL_CLI_C
				8649	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8650	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8651	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8652	requires_config_enabled MBEDTLS_DEBUG_C
				8653	requires_config_enabled MBEDTLS_SSL_CLI_C
				8654	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8655	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8656	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8657	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
				8658	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8659	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
				8660	0 \
				8661	-s "Protocol is TLSv1.3" \
				8662	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8663	-s "received signature algorithm: 0x804" \
				8664	-s "got named group: x25519(001d)" \
				8665	-s "Verifying peer X.509 certificate... ok" \
				8666	-c "Protocol is TLSv1.3" \
				8667	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8668	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8669	-c "NamedGroup: x25519 ( 1d )" \
				8670	-c "Verifying peer X.509 certificate... ok" \
				8671	-C "received HelloRetryRequest message"
				8672
				8673	requires_config_enabled MBEDTLS_DEBUG_C
				8674	requires_config_enabled MBEDTLS_SSL_CLI_C
				8675	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8676	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8677	requires_config_enabled MBEDTLS_DEBUG_C
				8678	requires_config_enabled MBEDTLS_SSL_CLI_C
				8679	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8680	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8681	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
				8682	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8683	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
				8684	0 \
				8685	-s "Protocol is TLSv1.3" \
				8686	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8687	-s "received signature algorithm: 0x403" \
				8688	-s "got named group: x448(001e)" \
				8689	-s "Verifying peer X.509 certificate... ok" \
				8690	-c "Protocol is TLSv1.3" \
				8691	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8692	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8693	-c "NamedGroup: x448 ( 1e )" \
				8694	-c "Verifying peer X.509 certificate... ok" \
				8695	-C "received HelloRetryRequest message"
				8696
				8697	requires_config_enabled MBEDTLS_DEBUG_C
				8698	requires_config_enabled MBEDTLS_SSL_CLI_C
				8699	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8700	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8701	requires_config_enabled MBEDTLS_DEBUG_C
				8702	requires_config_enabled MBEDTLS_SSL_CLI_C
				8703	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8704	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8705	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
				8706	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8707	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				8708	0 \
				8709	-s "Protocol is TLSv1.3" \
				8710	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8711	-s "received signature algorithm: 0x503" \
				8712	-s "got named group: x448(001e)" \
				8713	-s "Verifying peer X.509 certificate... ok" \
				8714	-c "Protocol is TLSv1.3" \
				8715	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8716	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8717	-c "NamedGroup: x448 ( 1e )" \
				8718	-c "Verifying peer X.509 certificate... ok" \
				8719	-C "received HelloRetryRequest message"
				8720
				8721	requires_config_enabled MBEDTLS_DEBUG_C
				8722	requires_config_enabled MBEDTLS_SSL_CLI_C
				8723	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8724	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8725	requires_config_enabled MBEDTLS_DEBUG_C
				8726	requires_config_enabled MBEDTLS_SSL_CLI_C
				8727	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8728	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8729	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
				8730	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8731	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				8732	0 \
				8733	-s "Protocol is TLSv1.3" \
				8734	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8735	-s "received signature algorithm: 0x603" \
				8736	-s "got named group: x448(001e)" \
				8737	-s "Verifying peer X.509 certificate... ok" \
				8738	-c "Protocol is TLSv1.3" \
				8739	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8740	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8741	-c "NamedGroup: x448 ( 1e )" \
				8742	-c "Verifying peer X.509 certificate... ok" \
				8743	-C "received HelloRetryRequest message"
				8744
				8745	requires_config_enabled MBEDTLS_DEBUG_C
				8746	requires_config_enabled MBEDTLS_SSL_CLI_C
				8747	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8748	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8749	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8750	requires_config_enabled MBEDTLS_DEBUG_C
				8751	requires_config_enabled MBEDTLS_SSL_CLI_C
				8752	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8753	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8754	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8755	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
				8756	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8757	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
				8758	0 \
				8759	-s "Protocol is TLSv1.3" \
				8760	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				8761	-s "received signature algorithm: 0x804" \
				8762	-s "got named group: x448(001e)" \
				8763	-s "Verifying peer X.509 certificate... ok" \
				8764	-c "Protocol is TLSv1.3" \
				8765	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8766	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8767	-c "NamedGroup: x448 ( 1e )" \
				8768	-c "Verifying peer X.509 certificate... ok" \
				8769	-C "received HelloRetryRequest message"
				8770
				8771	requires_config_enabled MBEDTLS_DEBUG_C
				8772	requires_config_enabled MBEDTLS_SSL_CLI_C
				8773	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8774	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8775	requires_config_enabled MBEDTLS_DEBUG_C
				8776	requires_config_enabled MBEDTLS_SSL_CLI_C
				8777	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8778	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8779	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				8780	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8781	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
				8782	0 \
				8783	-s "Protocol is TLSv1.3" \
				8784	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				8785	-s "received signature algorithm: 0x403" \
				8786	-s "got named group: secp256r1(0017)" \
				8787	-s "Verifying peer X.509 certificate... ok" \
				8788	-c "Protocol is TLSv1.3" \
				8789	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				8790	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8791	-c "NamedGroup: secp256r1 ( 17 )" \
				8792	-c "Verifying peer X.509 certificate... ok" \
				8793	-C "received HelloRetryRequest message"
				8794
				8795	requires_config_enabled MBEDTLS_DEBUG_C
				8796	requires_config_enabled MBEDTLS_SSL_CLI_C
				8797	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8798	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8799	requires_config_enabled MBEDTLS_DEBUG_C
				8800	requires_config_enabled MBEDTLS_SSL_CLI_C
				8801	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8802	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8803	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				8804	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8805	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
				8806	0 \
				8807	-s "Protocol is TLSv1.3" \
				8808	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				8809	-s "received signature algorithm: 0x503" \
				8810	-s "got named group: secp256r1(0017)" \
				8811	-s "Verifying peer X.509 certificate... ok" \
				8812	-c "Protocol is TLSv1.3" \
				8813	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				8814	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8815	-c "NamedGroup: secp256r1 ( 17 )" \
				8816	-c "Verifying peer X.509 certificate... ok" \
				8817	-C "received HelloRetryRequest message"
				8818
				8819	requires_config_enabled MBEDTLS_DEBUG_C
				8820	requires_config_enabled MBEDTLS_SSL_CLI_C
				8821	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8822	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8823	requires_config_enabled MBEDTLS_DEBUG_C
				8824	requires_config_enabled MBEDTLS_SSL_CLI_C
				8825	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8826	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8827	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				8828	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8829	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
				8830	0 \
				8831	-s "Protocol is TLSv1.3" \
				8832	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				8833	-s "received signature algorithm: 0x603" \
				8834	-s "got named group: secp256r1(0017)" \
				8835	-s "Verifying peer X.509 certificate... ok" \
				8836	-c "Protocol is TLSv1.3" \
				8837	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				8838	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8839	-c "NamedGroup: secp256r1 ( 17 )" \
				8840	-c "Verifying peer X.509 certificate... ok" \
				8841	-C "received HelloRetryRequest message"
				8842
				8843	requires_config_enabled MBEDTLS_DEBUG_C
				8844	requires_config_enabled MBEDTLS_SSL_CLI_C
				8845	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8846	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8847	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8848	requires_config_enabled MBEDTLS_DEBUG_C
				8849	requires_config_enabled MBEDTLS_SSL_CLI_C
				8850	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8851	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8852	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8853	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				8854	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8855	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
				8856	0 \
				8857	-s "Protocol is TLSv1.3" \
				8858	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				8859	-s "received signature algorithm: 0x804" \
				8860	-s "got named group: secp256r1(0017)" \
				8861	-s "Verifying peer X.509 certificate... ok" \
				8862	-c "Protocol is TLSv1.3" \
				8863	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				8864	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8865	-c "NamedGroup: secp256r1 ( 17 )" \
				8866	-c "Verifying peer X.509 certificate... ok" \
				8867	-C "received HelloRetryRequest message"
				8868
				8869	requires_config_enabled MBEDTLS_DEBUG_C
				8870	requires_config_enabled MBEDTLS_SSL_CLI_C
				8871	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8872	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8873	requires_config_enabled MBEDTLS_DEBUG_C
				8874	requires_config_enabled MBEDTLS_SSL_CLI_C
				8875	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8876	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8877	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				8878	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8879	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
				8880	0 \
				8881	-s "Protocol is TLSv1.3" \
				8882	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				8883	-s "received signature algorithm: 0x403" \
				8884	-s "got named group: secp384r1(0018)" \
				8885	-s "Verifying peer X.509 certificate... ok" \
				8886	-c "Protocol is TLSv1.3" \
				8887	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				8888	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8889	-c "NamedGroup: secp384r1 ( 18 )" \
				8890	-c "Verifying peer X.509 certificate... ok" \
				8891	-C "received HelloRetryRequest message"
				8892
				8893	requires_config_enabled MBEDTLS_DEBUG_C
				8894	requires_config_enabled MBEDTLS_SSL_CLI_C
				8895	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8896	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8897	requires_config_enabled MBEDTLS_DEBUG_C
				8898	requires_config_enabled MBEDTLS_SSL_CLI_C
				8899	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8900	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8901	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				8902	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8903	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				8904	0 \
				8905	-s "Protocol is TLSv1.3" \
				8906	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				8907	-s "received signature algorithm: 0x503" \
				8908	-s "got named group: secp384r1(0018)" \
				8909	-s "Verifying peer X.509 certificate... ok" \
				8910	-c "Protocol is TLSv1.3" \
				8911	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				8912	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8913	-c "NamedGroup: secp384r1 ( 18 )" \
				8914	-c "Verifying peer X.509 certificate... ok" \
				8915	-C "received HelloRetryRequest message"
				8916
				8917	requires_config_enabled MBEDTLS_DEBUG_C
				8918	requires_config_enabled MBEDTLS_SSL_CLI_C
				8919	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8920	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8921	requires_config_enabled MBEDTLS_DEBUG_C
				8922	requires_config_enabled MBEDTLS_SSL_CLI_C
				8923	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8924	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8925	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				8926	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8927	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				8928	0 \
				8929	-s "Protocol is TLSv1.3" \
				8930	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				8931	-s "received signature algorithm: 0x603" \
				8932	-s "got named group: secp384r1(0018)" \
				8933	-s "Verifying peer X.509 certificate... ok" \
				8934	-c "Protocol is TLSv1.3" \
				8935	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				8936	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8937	-c "NamedGroup: secp384r1 ( 18 )" \
				8938	-c "Verifying peer X.509 certificate... ok" \
				8939	-C "received HelloRetryRequest message"
				8940
				8941	requires_config_enabled MBEDTLS_DEBUG_C
				8942	requires_config_enabled MBEDTLS_SSL_CLI_C
				8943	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8944	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8945	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8946	requires_config_enabled MBEDTLS_DEBUG_C
				8947	requires_config_enabled MBEDTLS_SSL_CLI_C
				8948	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8949	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8950	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				8951	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				8952	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8953	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
				8954	0 \
				8955	-s "Protocol is TLSv1.3" \
				8956	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				8957	-s "received signature algorithm: 0x804" \
				8958	-s "got named group: secp384r1(0018)" \
				8959	-s "Verifying peer X.509 certificate... ok" \
				8960	-c "Protocol is TLSv1.3" \
				8961	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				8962	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8963	-c "NamedGroup: secp384r1 ( 18 )" \
				8964	-c "Verifying peer X.509 certificate... ok" \
				8965	-C "received HelloRetryRequest message"
				8966
				8967	requires_config_enabled MBEDTLS_DEBUG_C
				8968	requires_config_enabled MBEDTLS_SSL_CLI_C
				8969	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8970	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8971	requires_config_enabled MBEDTLS_DEBUG_C
				8972	requires_config_enabled MBEDTLS_SSL_CLI_C
				8973	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8974	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8975	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				8976	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				8977	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
				8978	0 \
				8979	-s "Protocol is TLSv1.3" \
				8980	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				8981	-s "received signature algorithm: 0x403" \
				8982	-s "got named group: secp521r1(0019)" \
				8983	-s "Verifying peer X.509 certificate... ok" \
				8984	-c "Protocol is TLSv1.3" \
				8985	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				8986	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8987	-c "NamedGroup: secp521r1 ( 19 )" \
				8988	-c "Verifying peer X.509 certificate... ok" \
				8989	-C "received HelloRetryRequest message"
				8990
				8991	requires_config_enabled MBEDTLS_DEBUG_C
				8992	requires_config_enabled MBEDTLS_SSL_CLI_C
				8993	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8994	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8995	requires_config_enabled MBEDTLS_DEBUG_C
				8996	requires_config_enabled MBEDTLS_SSL_CLI_C
				8997	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				8998	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8999	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				9000	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9001	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				9002	0 \
				9003	-s "Protocol is TLSv1.3" \
				9004	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9005	-s "received signature algorithm: 0x503" \
				9006	-s "got named group: secp521r1(0019)" \
				9007	-s "Verifying peer X.509 certificate... ok" \
				9008	-c "Protocol is TLSv1.3" \
				9009	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9010	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9011	-c "NamedGroup: secp521r1 ( 19 )" \
				9012	-c "Verifying peer X.509 certificate... ok" \
				9013	-C "received HelloRetryRequest message"
				9014
				9015	requires_config_enabled MBEDTLS_DEBUG_C
				9016	requires_config_enabled MBEDTLS_SSL_CLI_C
				9017	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9018	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9019	requires_config_enabled MBEDTLS_DEBUG_C
				9020	requires_config_enabled MBEDTLS_SSL_CLI_C
				9021	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9022	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9023	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				9024	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9025	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				9026	0 \
				9027	-s "Protocol is TLSv1.3" \
				9028	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9029	-s "received signature algorithm: 0x603" \
				9030	-s "got named group: secp521r1(0019)" \
				9031	-s "Verifying peer X.509 certificate... ok" \
				9032	-c "Protocol is TLSv1.3" \
				9033	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9034	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9035	-c "NamedGroup: secp521r1 ( 19 )" \
				9036	-c "Verifying peer X.509 certificate... ok" \
				9037	-C "received HelloRetryRequest message"
				9038
				9039	requires_config_enabled MBEDTLS_DEBUG_C
				9040	requires_config_enabled MBEDTLS_SSL_CLI_C
				9041	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9042	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9043	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9044	requires_config_enabled MBEDTLS_DEBUG_C
				9045	requires_config_enabled MBEDTLS_SSL_CLI_C
				9046	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9047	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9048	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9049	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				9050	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9051	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
				9052	0 \
				9053	-s "Protocol is TLSv1.3" \
				9054	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9055	-s "received signature algorithm: 0x804" \
				9056	-s "got named group: secp521r1(0019)" \
				9057	-s "Verifying peer X.509 certificate... ok" \
				9058	-c "Protocol is TLSv1.3" \
				9059	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9060	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9061	-c "NamedGroup: secp521r1 ( 19 )" \
				9062	-c "Verifying peer X.509 certificate... ok" \
				9063	-C "received HelloRetryRequest message"
				9064
				9065	requires_config_enabled MBEDTLS_DEBUG_C
				9066	requires_config_enabled MBEDTLS_SSL_CLI_C
				9067	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9068	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9069	requires_config_enabled MBEDTLS_DEBUG_C
				9070	requires_config_enabled MBEDTLS_SSL_CLI_C
				9071	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9072	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9073	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
				9074	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9075	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
				9076	0 \
				9077	-s "Protocol is TLSv1.3" \
				9078	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9079	-s "received signature algorithm: 0x403" \
				9080	-s "got named group: x25519(001d)" \
				9081	-s "Verifying peer X.509 certificate... ok" \
				9082	-c "Protocol is TLSv1.3" \
				9083	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9084	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9085	-c "NamedGroup: x25519 ( 1d )" \
				9086	-c "Verifying peer X.509 certificate... ok" \
				9087	-C "received HelloRetryRequest message"
				9088
				9089	requires_config_enabled MBEDTLS_DEBUG_C
				9090	requires_config_enabled MBEDTLS_SSL_CLI_C
				9091	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9092	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9093	requires_config_enabled MBEDTLS_DEBUG_C
				9094	requires_config_enabled MBEDTLS_SSL_CLI_C
				9095	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9096	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9097	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
				9098	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9099	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				9100	0 \
				9101	-s "Protocol is TLSv1.3" \
				9102	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9103	-s "received signature algorithm: 0x503" \
				9104	-s "got named group: x25519(001d)" \
				9105	-s "Verifying peer X.509 certificate... ok" \
				9106	-c "Protocol is TLSv1.3" \
				9107	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9108	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9109	-c "NamedGroup: x25519 ( 1d )" \
				9110	-c "Verifying peer X.509 certificate... ok" \
				9111	-C "received HelloRetryRequest message"
				9112
				9113	requires_config_enabled MBEDTLS_DEBUG_C
				9114	requires_config_enabled MBEDTLS_SSL_CLI_C
				9115	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9116	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9117	requires_config_enabled MBEDTLS_DEBUG_C
				9118	requires_config_enabled MBEDTLS_SSL_CLI_C
				9119	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9120	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9121	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
				9122	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9123	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				9124	0 \
				9125	-s "Protocol is TLSv1.3" \
				9126	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9127	-s "received signature algorithm: 0x603" \
				9128	-s "got named group: x25519(001d)" \
				9129	-s "Verifying peer X.509 certificate... ok" \
				9130	-c "Protocol is TLSv1.3" \
				9131	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9132	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9133	-c "NamedGroup: x25519 ( 1d )" \
				9134	-c "Verifying peer X.509 certificate... ok" \
				9135	-C "received HelloRetryRequest message"
				9136
				9137	requires_config_enabled MBEDTLS_DEBUG_C
				9138	requires_config_enabled MBEDTLS_SSL_CLI_C
				9139	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9140	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9141	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9142	requires_config_enabled MBEDTLS_DEBUG_C
				9143	requires_config_enabled MBEDTLS_SSL_CLI_C
				9144	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9145	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9146	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9147	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
				9148	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9149	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
				9150	0 \
				9151	-s "Protocol is TLSv1.3" \
				9152	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9153	-s "received signature algorithm: 0x804" \
				9154	-s "got named group: x25519(001d)" \
				9155	-s "Verifying peer X.509 certificate... ok" \
				9156	-c "Protocol is TLSv1.3" \
				9157	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9158	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9159	-c "NamedGroup: x25519 ( 1d )" \
				9160	-c "Verifying peer X.509 certificate... ok" \
				9161	-C "received HelloRetryRequest message"
				9162
				9163	requires_config_enabled MBEDTLS_DEBUG_C
				9164	requires_config_enabled MBEDTLS_SSL_CLI_C
				9165	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9166	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9167	requires_config_enabled MBEDTLS_DEBUG_C
				9168	requires_config_enabled MBEDTLS_SSL_CLI_C
				9169	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9170	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9171	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
				9172	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9173	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
				9174	0 \
				9175	-s "Protocol is TLSv1.3" \
				9176	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9177	-s "received signature algorithm: 0x403" \
				9178	-s "got named group: x448(001e)" \
				9179	-s "Verifying peer X.509 certificate... ok" \
				9180	-c "Protocol is TLSv1.3" \
				9181	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9182	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9183	-c "NamedGroup: x448 ( 1e )" \
				9184	-c "Verifying peer X.509 certificate... ok" \
				9185	-C "received HelloRetryRequest message"
				9186
				9187	requires_config_enabled MBEDTLS_DEBUG_C
				9188	requires_config_enabled MBEDTLS_SSL_CLI_C
				9189	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9190	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9191	requires_config_enabled MBEDTLS_DEBUG_C
				9192	requires_config_enabled MBEDTLS_SSL_CLI_C
				9193	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9194	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9195	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
				9196	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9197	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				9198	0 \
				9199	-s "Protocol is TLSv1.3" \
				9200	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9201	-s "received signature algorithm: 0x503" \
				9202	-s "got named group: x448(001e)" \
				9203	-s "Verifying peer X.509 certificate... ok" \
				9204	-c "Protocol is TLSv1.3" \
				9205	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9206	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9207	-c "NamedGroup: x448 ( 1e )" \
				9208	-c "Verifying peer X.509 certificate... ok" \
				9209	-C "received HelloRetryRequest message"
				9210
				9211	requires_config_enabled MBEDTLS_DEBUG_C
				9212	requires_config_enabled MBEDTLS_SSL_CLI_C
				9213	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9214	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9215	requires_config_enabled MBEDTLS_DEBUG_C
				9216	requires_config_enabled MBEDTLS_SSL_CLI_C
				9217	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9218	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9219	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
				9220	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9221	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				9222	0 \
				9223	-s "Protocol is TLSv1.3" \
				9224	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9225	-s "received signature algorithm: 0x603" \
				9226	-s "got named group: x448(001e)" \
				9227	-s "Verifying peer X.509 certificate... ok" \
				9228	-c "Protocol is TLSv1.3" \
				9229	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9230	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9231	-c "NamedGroup: x448 ( 1e )" \
				9232	-c "Verifying peer X.509 certificate... ok" \
				9233	-C "received HelloRetryRequest message"
				9234
				9235	requires_config_enabled MBEDTLS_DEBUG_C
				9236	requires_config_enabled MBEDTLS_SSL_CLI_C
				9237	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9238	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9239	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9240	requires_config_enabled MBEDTLS_DEBUG_C
				9241	requires_config_enabled MBEDTLS_SSL_CLI_C
				9242	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9243	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9244	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9245	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
				9246	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9247	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
				9248	0 \
				9249	-s "Protocol is TLSv1.3" \
				9250	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				9251	-s "received signature algorithm: 0x804" \
				9252	-s "got named group: x448(001e)" \
				9253	-s "Verifying peer X.509 certificate... ok" \
				9254	-c "Protocol is TLSv1.3" \
				9255	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9256	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9257	-c "NamedGroup: x448 ( 1e )" \
				9258	-c "Verifying peer X.509 certificate... ok" \
				9259	-C "received HelloRetryRequest message"
				9260
				9261	requires_config_enabled MBEDTLS_DEBUG_C
				9262	requires_config_enabled MBEDTLS_SSL_CLI_C
				9263	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9264	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9265	requires_config_enabled MBEDTLS_DEBUG_C
				9266	requires_config_enabled MBEDTLS_SSL_CLI_C
				9267	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9268	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9269	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
				9270	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9271	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
				9272	0 \
				9273	-s "Protocol is TLSv1.3" \
				9274	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9275	-s "received signature algorithm: 0x403" \
				9276	-s "got named group: secp256r1(0017)" \
				9277	-s "Verifying peer X.509 certificate... ok" \
				9278	-c "Protocol is TLSv1.3" \
				9279	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9280	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9281	-c "NamedGroup: secp256r1 ( 17 )" \
				9282	-c "Verifying peer X.509 certificate... ok" \
				9283	-C "received HelloRetryRequest message"
				9284
				9285	requires_config_enabled MBEDTLS_DEBUG_C
				9286	requires_config_enabled MBEDTLS_SSL_CLI_C
				9287	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9288	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9289	requires_config_enabled MBEDTLS_DEBUG_C
				9290	requires_config_enabled MBEDTLS_SSL_CLI_C
				9291	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9292	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9293	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
				9294	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9295	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
				9296	0 \
				9297	-s "Protocol is TLSv1.3" \
				9298	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9299	-s "received signature algorithm: 0x503" \
				9300	-s "got named group: secp256r1(0017)" \
				9301	-s "Verifying peer X.509 certificate... ok" \
				9302	-c "Protocol is TLSv1.3" \
				9303	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9304	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9305	-c "NamedGroup: secp256r1 ( 17 )" \
				9306	-c "Verifying peer X.509 certificate... ok" \
				9307	-C "received HelloRetryRequest message"
				9308
				9309	requires_config_enabled MBEDTLS_DEBUG_C
				9310	requires_config_enabled MBEDTLS_SSL_CLI_C
				9311	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9312	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9313	requires_config_enabled MBEDTLS_DEBUG_C
				9314	requires_config_enabled MBEDTLS_SSL_CLI_C
				9315	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9316	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9317	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
				9318	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9319	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
				9320	0 \
				9321	-s "Protocol is TLSv1.3" \
				9322	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9323	-s "received signature algorithm: 0x603" \
				9324	-s "got named group: secp256r1(0017)" \
				9325	-s "Verifying peer X.509 certificate... ok" \
				9326	-c "Protocol is TLSv1.3" \
				9327	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9328	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9329	-c "NamedGroup: secp256r1 ( 17 )" \
				9330	-c "Verifying peer X.509 certificate... ok" \
				9331	-C "received HelloRetryRequest message"
				9332
				9333	requires_config_enabled MBEDTLS_DEBUG_C
				9334	requires_config_enabled MBEDTLS_SSL_CLI_C
				9335	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9336	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9337	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9338	requires_config_enabled MBEDTLS_DEBUG_C
				9339	requires_config_enabled MBEDTLS_SSL_CLI_C
				9340	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9341	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9342	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9343	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
				9344	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9345	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
				9346	0 \
				9347	-s "Protocol is TLSv1.3" \
				9348	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9349	-s "received signature algorithm: 0x804" \
				9350	-s "got named group: secp256r1(0017)" \
				9351	-s "Verifying peer X.509 certificate... ok" \
				9352	-c "Protocol is TLSv1.3" \
				9353	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9354	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9355	-c "NamedGroup: secp256r1 ( 17 )" \
				9356	-c "Verifying peer X.509 certificate... ok" \
				9357	-C "received HelloRetryRequest message"
				9358
				9359	requires_config_enabled MBEDTLS_DEBUG_C
				9360	requires_config_enabled MBEDTLS_SSL_CLI_C
				9361	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9362	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9363	requires_config_enabled MBEDTLS_DEBUG_C
				9364	requires_config_enabled MBEDTLS_SSL_CLI_C
				9365	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9366	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9367	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
				9368	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9369	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
				9370	0 \
				9371	-s "Protocol is TLSv1.3" \
				9372	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9373	-s "received signature algorithm: 0x403" \
				9374	-s "got named group: secp384r1(0018)" \
				9375	-s "Verifying peer X.509 certificate... ok" \
				9376	-c "Protocol is TLSv1.3" \
				9377	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9378	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9379	-c "NamedGroup: secp384r1 ( 18 )" \
				9380	-c "Verifying peer X.509 certificate... ok" \
				9381	-C "received HelloRetryRequest message"
				9382
				9383	requires_config_enabled MBEDTLS_DEBUG_C
				9384	requires_config_enabled MBEDTLS_SSL_CLI_C
				9385	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9386	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9387	requires_config_enabled MBEDTLS_DEBUG_C
				9388	requires_config_enabled MBEDTLS_SSL_CLI_C
				9389	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9390	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9391	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
				9392	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9393	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
				9394	0 \
				9395	-s "Protocol is TLSv1.3" \
				9396	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9397	-s "received signature algorithm: 0x503" \
				9398	-s "got named group: secp384r1(0018)" \
				9399	-s "Verifying peer X.509 certificate... ok" \
				9400	-c "Protocol is TLSv1.3" \
				9401	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9402	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9403	-c "NamedGroup: secp384r1 ( 18 )" \
				9404	-c "Verifying peer X.509 certificate... ok" \
				9405	-C "received HelloRetryRequest message"
				9406
				9407	requires_config_enabled MBEDTLS_DEBUG_C
				9408	requires_config_enabled MBEDTLS_SSL_CLI_C
				9409	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9410	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9411	requires_config_enabled MBEDTLS_DEBUG_C
				9412	requires_config_enabled MBEDTLS_SSL_CLI_C
				9413	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9414	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9415	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
				9416	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9417	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
				9418	0 \
				9419	-s "Protocol is TLSv1.3" \
				9420	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9421	-s "received signature algorithm: 0x603" \
				9422	-s "got named group: secp384r1(0018)" \
				9423	-s "Verifying peer X.509 certificate... ok" \
				9424	-c "Protocol is TLSv1.3" \
				9425	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9426	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9427	-c "NamedGroup: secp384r1 ( 18 )" \
				9428	-c "Verifying peer X.509 certificate... ok" \
				9429	-C "received HelloRetryRequest message"
				9430
				9431	requires_config_enabled MBEDTLS_DEBUG_C
				9432	requires_config_enabled MBEDTLS_SSL_CLI_C
				9433	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9434	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9435	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9436	requires_config_enabled MBEDTLS_DEBUG_C
				9437	requires_config_enabled MBEDTLS_SSL_CLI_C
				9438	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9439	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9440	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9441	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
				9442	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9443	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
				9444	0 \
				9445	-s "Protocol is TLSv1.3" \
				9446	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9447	-s "received signature algorithm: 0x804" \
				9448	-s "got named group: secp384r1(0018)" \
				9449	-s "Verifying peer X.509 certificate... ok" \
				9450	-c "Protocol is TLSv1.3" \
				9451	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9452	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9453	-c "NamedGroup: secp384r1 ( 18 )" \
				9454	-c "Verifying peer X.509 certificate... ok" \
				9455	-C "received HelloRetryRequest message"
				9456
				9457	requires_config_enabled MBEDTLS_DEBUG_C
				9458	requires_config_enabled MBEDTLS_SSL_CLI_C
				9459	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9460	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9461	requires_config_enabled MBEDTLS_DEBUG_C
				9462	requires_config_enabled MBEDTLS_SSL_CLI_C
				9463	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9464	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9465	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
				9466	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9467	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
				9468	0 \
				9469	-s "Protocol is TLSv1.3" \
				9470	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9471	-s "received signature algorithm: 0x403" \
				9472	-s "got named group: secp521r1(0019)" \
				9473	-s "Verifying peer X.509 certificate... ok" \
				9474	-c "Protocol is TLSv1.3" \
				9475	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9476	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9477	-c "NamedGroup: secp521r1 ( 19 )" \
				9478	-c "Verifying peer X.509 certificate... ok" \
				9479	-C "received HelloRetryRequest message"
				9480
				9481	requires_config_enabled MBEDTLS_DEBUG_C
				9482	requires_config_enabled MBEDTLS_SSL_CLI_C
				9483	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9484	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9485	requires_config_enabled MBEDTLS_DEBUG_C
				9486	requires_config_enabled MBEDTLS_SSL_CLI_C
				9487	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9488	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9489	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
				9490	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9491	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
				9492	0 \
				9493	-s "Protocol is TLSv1.3" \
				9494	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9495	-s "received signature algorithm: 0x503" \
				9496	-s "got named group: secp521r1(0019)" \
				9497	-s "Verifying peer X.509 certificate... ok" \
				9498	-c "Protocol is TLSv1.3" \
				9499	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9500	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9501	-c "NamedGroup: secp521r1 ( 19 )" \
				9502	-c "Verifying peer X.509 certificate... ok" \
				9503	-C "received HelloRetryRequest message"
				9504
				9505	requires_config_enabled MBEDTLS_DEBUG_C
				9506	requires_config_enabled MBEDTLS_SSL_CLI_C
				9507	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9508	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9509	requires_config_enabled MBEDTLS_DEBUG_C
				9510	requires_config_enabled MBEDTLS_SSL_CLI_C
				9511	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9512	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9513	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
				9514	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9515	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
				9516	0 \
				9517	-s "Protocol is TLSv1.3" \
				9518	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9519	-s "received signature algorithm: 0x603" \
				9520	-s "got named group: secp521r1(0019)" \
				9521	-s "Verifying peer X.509 certificate... ok" \
				9522	-c "Protocol is TLSv1.3" \
				9523	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9524	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9525	-c "NamedGroup: secp521r1 ( 19 )" \
				9526	-c "Verifying peer X.509 certificate... ok" \
				9527	-C "received HelloRetryRequest message"
				9528
				9529	requires_config_enabled MBEDTLS_DEBUG_C
				9530	requires_config_enabled MBEDTLS_SSL_CLI_C
				9531	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9532	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9533	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9534	requires_config_enabled MBEDTLS_DEBUG_C
				9535	requires_config_enabled MBEDTLS_SSL_CLI_C
				9536	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9537	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9538	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9539	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
				9540	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9541	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
				9542	0 \
				9543	-s "Protocol is TLSv1.3" \
				9544	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9545	-s "received signature algorithm: 0x804" \
				9546	-s "got named group: secp521r1(0019)" \
				9547	-s "Verifying peer X.509 certificate... ok" \
				9548	-c "Protocol is TLSv1.3" \
				9549	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9550	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9551	-c "NamedGroup: secp521r1 ( 19 )" \
				9552	-c "Verifying peer X.509 certificate... ok" \
				9553	-C "received HelloRetryRequest message"
				9554
				9555	requires_config_enabled MBEDTLS_DEBUG_C
				9556	requires_config_enabled MBEDTLS_SSL_CLI_C
				9557	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9558	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9559	requires_config_enabled MBEDTLS_DEBUG_C
				9560	requires_config_enabled MBEDTLS_SSL_CLI_C
				9561	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9562	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9563	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
				9564	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9565	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
				9566	0 \
				9567	-s "Protocol is TLSv1.3" \
				9568	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9569	-s "received signature algorithm: 0x403" \
				9570	-s "got named group: x25519(001d)" \
				9571	-s "Verifying peer X.509 certificate... ok" \
				9572	-c "Protocol is TLSv1.3" \
				9573	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9574	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9575	-c "NamedGroup: x25519 ( 1d )" \
				9576	-c "Verifying peer X.509 certificate... ok" \
				9577	-C "received HelloRetryRequest message"
				9578
				9579	requires_config_enabled MBEDTLS_DEBUG_C
				9580	requires_config_enabled MBEDTLS_SSL_CLI_C
				9581	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9582	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9583	requires_config_enabled MBEDTLS_DEBUG_C
				9584	requires_config_enabled MBEDTLS_SSL_CLI_C
				9585	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9586	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9587	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
				9588	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9589	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
				9590	0 \
				9591	-s "Protocol is TLSv1.3" \
				9592	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9593	-s "received signature algorithm: 0x503" \
				9594	-s "got named group: x25519(001d)" \
				9595	-s "Verifying peer X.509 certificate... ok" \
				9596	-c "Protocol is TLSv1.3" \
				9597	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9598	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9599	-c "NamedGroup: x25519 ( 1d )" \
				9600	-c "Verifying peer X.509 certificate... ok" \
				9601	-C "received HelloRetryRequest message"
				9602
				9603	requires_config_enabled MBEDTLS_DEBUG_C
				9604	requires_config_enabled MBEDTLS_SSL_CLI_C
				9605	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9606	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9607	requires_config_enabled MBEDTLS_DEBUG_C
				9608	requires_config_enabled MBEDTLS_SSL_CLI_C
				9609	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9610	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9611	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
				9612	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9613	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
				9614	0 \
				9615	-s "Protocol is TLSv1.3" \
				9616	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9617	-s "received signature algorithm: 0x603" \
				9618	-s "got named group: x25519(001d)" \
				9619	-s "Verifying peer X.509 certificate... ok" \
				9620	-c "Protocol is TLSv1.3" \
				9621	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9622	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9623	-c "NamedGroup: x25519 ( 1d )" \
				9624	-c "Verifying peer X.509 certificate... ok" \
				9625	-C "received HelloRetryRequest message"
				9626
				9627	requires_config_enabled MBEDTLS_DEBUG_C
				9628	requires_config_enabled MBEDTLS_SSL_CLI_C
				9629	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9630	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9631	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9632	requires_config_enabled MBEDTLS_DEBUG_C
				9633	requires_config_enabled MBEDTLS_SSL_CLI_C
				9634	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9635	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9636	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9637	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
				9638	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9639	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
				9640	0 \
				9641	-s "Protocol is TLSv1.3" \
				9642	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9643	-s "received signature algorithm: 0x804" \
				9644	-s "got named group: x25519(001d)" \
				9645	-s "Verifying peer X.509 certificate... ok" \
				9646	-c "Protocol is TLSv1.3" \
				9647	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9648	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9649	-c "NamedGroup: x25519 ( 1d )" \
				9650	-c "Verifying peer X.509 certificate... ok" \
				9651	-C "received HelloRetryRequest message"
				9652
				9653	requires_config_enabled MBEDTLS_DEBUG_C
				9654	requires_config_enabled MBEDTLS_SSL_CLI_C
				9655	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9656	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9657	requires_config_enabled MBEDTLS_DEBUG_C
				9658	requires_config_enabled MBEDTLS_SSL_CLI_C
				9659	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9660	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9661	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
				9662	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9663	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
				9664	0 \
				9665	-s "Protocol is TLSv1.3" \
				9666	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9667	-s "received signature algorithm: 0x403" \
				9668	-s "got named group: x448(001e)" \
				9669	-s "Verifying peer X.509 certificate... ok" \
				9670	-c "Protocol is TLSv1.3" \
				9671	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9672	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9673	-c "NamedGroup: x448 ( 1e )" \
				9674	-c "Verifying peer X.509 certificate... ok" \
				9675	-C "received HelloRetryRequest message"
				9676
				9677	requires_config_enabled MBEDTLS_DEBUG_C
				9678	requires_config_enabled MBEDTLS_SSL_CLI_C
				9679	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9680	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9681	requires_config_enabled MBEDTLS_DEBUG_C
				9682	requires_config_enabled MBEDTLS_SSL_CLI_C
				9683	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9684	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9685	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
				9686	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9687	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
				9688	0 \
				9689	-s "Protocol is TLSv1.3" \
				9690	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9691	-s "received signature algorithm: 0x503" \
				9692	-s "got named group: x448(001e)" \
				9693	-s "Verifying peer X.509 certificate... ok" \
				9694	-c "Protocol is TLSv1.3" \
				9695	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9696	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9697	-c "NamedGroup: x448 ( 1e )" \
				9698	-c "Verifying peer X.509 certificate... ok" \
				9699	-C "received HelloRetryRequest message"
				9700
				9701	requires_config_enabled MBEDTLS_DEBUG_C
				9702	requires_config_enabled MBEDTLS_SSL_CLI_C
				9703	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9704	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9705	requires_config_enabled MBEDTLS_DEBUG_C
				9706	requires_config_enabled MBEDTLS_SSL_CLI_C
				9707	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9708	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9709	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
				9710	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9711	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
				9712	0 \
				9713	-s "Protocol is TLSv1.3" \
				9714	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9715	-s "received signature algorithm: 0x603" \
				9716	-s "got named group: x448(001e)" \
				9717	-s "Verifying peer X.509 certificate... ok" \
				9718	-c "Protocol is TLSv1.3" \
				9719	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9720	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9721	-c "NamedGroup: x448 ( 1e )" \
				9722	-c "Verifying peer X.509 certificate... ok" \
				9723	-C "received HelloRetryRequest message"
				9724
				9725	requires_config_enabled MBEDTLS_DEBUG_C
				9726	requires_config_enabled MBEDTLS_SSL_CLI_C
				9727	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9728	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9729	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9730	requires_config_enabled MBEDTLS_DEBUG_C
				9731	requires_config_enabled MBEDTLS_SSL_CLI_C
				9732	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9733	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9734	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
				9735	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
				9736	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				9737	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
				9738	0 \
				9739	-s "Protocol is TLSv1.3" \
				9740	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				9741	-s "received signature algorithm: 0x804" \
				9742	-s "got named group: x448(001e)" \
				9743	-s "Verifying peer X.509 certificate... ok" \
				9744	-c "Protocol is TLSv1.3" \
				9745	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				9746	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9747	-c "NamedGroup: x448 ( 1e )" \
				9748	-c "Verifying peer X.509 certificate... ok" \
				9749	-C "received HelloRetryRequest message"
				9750
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9751	requires_openssl_tls1_3
				9752	requires_config_enabled MBEDTLS_DEBUG_C
				9753	requires_config_enabled MBEDTLS_SSL_CLI_C
				9754	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9755	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	9756	run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9757	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9758	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	9759	0 \
				9760	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9761	-c "Protocol is TLSv1.3" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	9762	-c "NamedGroup: secp256r1 ( 17 )" \
				9763	-c "NamedGroup: secp384r1 ( 18 )" \
				9764	-c "Verifying peer X.509 certificate... ok" \
				9765	-c "received HelloRetryRequest message" \
				9766	-c "selected_group ( 24 )"
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9767
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9768	requires_openssl_tls1_3
				9769	requires_config_enabled MBEDTLS_DEBUG_C
				9770	requires_config_enabled MBEDTLS_SSL_CLI_C
				9771	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9772	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	9773	run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9774	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9775	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9776	0 \
				9777	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9778	-c "Protocol is TLSv1.3" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	9779	-c "NamedGroup: secp256r1 ( 17 )" \
				9780	-c "NamedGroup: secp521r1 ( 19 )" \
				9781	-c "Verifying peer X.509 certificate... ok" \
				9782	-c "received HelloRetryRequest message" \
				9783	-c "selected_group ( 25 )"
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9784
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9785	requires_openssl_tls1_3
				9786	requires_config_enabled MBEDTLS_DEBUG_C
				9787	requires_config_enabled MBEDTLS_SSL_CLI_C
				9788	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9789	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	9790	run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9791	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9792	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9793	0 \
				9794	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9795	-c "Protocol is TLSv1.3" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	9796	-c "NamedGroup: secp256r1 ( 17 )" \
				9797	-c "NamedGroup: x25519 ( 1d )" \
				9798	-c "Verifying peer X.509 certificate... ok" \
				9799	-c "received HelloRetryRequest message" \
				9800	-c "selected_group ( 29 )"
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9801
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9802	requires_openssl_tls1_3
				9803	requires_config_enabled MBEDTLS_DEBUG_C
				9804	requires_config_enabled MBEDTLS_SSL_CLI_C
				9805	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9806	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	9807	run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9808	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9809	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9810	0 \
				9811	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9812	-c "Protocol is TLSv1.3" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	9813	-c "NamedGroup: secp256r1 ( 17 )" \
				9814	-c "NamedGroup: x448 ( 1e )" \
				9815	-c "Verifying peer X.509 certificate... ok" \
				9816	-c "received HelloRetryRequest message" \
				9817	-c "selected_group ( 30 )"
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	9818
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9819	requires_openssl_tls1_3
				9820	requires_config_enabled MBEDTLS_DEBUG_C
				9821	requires_config_enabled MBEDTLS_SSL_CLI_C
				9822	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9823	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9824	run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9825	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9826	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9827	0 \
				9828	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9829	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9830	-c "NamedGroup: secp384r1 ( 18 )" \
				9831	-c "NamedGroup: secp256r1 ( 17 )" \
				9832	-c "Verifying peer X.509 certificate... ok" \
				9833	-c "received HelloRetryRequest message" \
				9834	-c "selected_group ( 23 )"
				9835
				9836	requires_openssl_tls1_3
				9837	requires_config_enabled MBEDTLS_DEBUG_C
				9838	requires_config_enabled MBEDTLS_SSL_CLI_C
				9839	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9840	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9841	run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9842	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9843	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9844	0 \
				9845	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9846	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9847	-c "NamedGroup: secp384r1 ( 18 )" \
				9848	-c "NamedGroup: secp521r1 ( 19 )" \
				9849	-c "Verifying peer X.509 certificate... ok" \
				9850	-c "received HelloRetryRequest message" \
				9851	-c "selected_group ( 25 )"
				9852
				9853	requires_openssl_tls1_3
				9854	requires_config_enabled MBEDTLS_DEBUG_C
				9855	requires_config_enabled MBEDTLS_SSL_CLI_C
				9856	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9857	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9858	run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9859	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9860	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9861	0 \
				9862	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9863	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9864	-c "NamedGroup: secp384r1 ( 18 )" \
				9865	-c "NamedGroup: x25519 ( 1d )" \
				9866	-c "Verifying peer X.509 certificate... ok" \
				9867	-c "received HelloRetryRequest message" \
				9868	-c "selected_group ( 29 )"
				9869
				9870	requires_openssl_tls1_3
				9871	requires_config_enabled MBEDTLS_DEBUG_C
				9872	requires_config_enabled MBEDTLS_SSL_CLI_C
				9873	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9874	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9875	run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9876	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9877	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9878	0 \
				9879	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9880	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9881	-c "NamedGroup: secp384r1 ( 18 )" \
				9882	-c "NamedGroup: x448 ( 1e )" \
				9883	-c "Verifying peer X.509 certificate... ok" \
				9884	-c "received HelloRetryRequest message" \
				9885	-c "selected_group ( 30 )"
				9886
				9887	requires_openssl_tls1_3
				9888	requires_config_enabled MBEDTLS_DEBUG_C
				9889	requires_config_enabled MBEDTLS_SSL_CLI_C
				9890	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9891	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9892	run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9893	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9894	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9895	0 \
				9896	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9897	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9898	-c "NamedGroup: secp521r1 ( 19 )" \
				9899	-c "NamedGroup: secp256r1 ( 17 )" \
				9900	-c "Verifying peer X.509 certificate... ok" \
				9901	-c "received HelloRetryRequest message" \
				9902	-c "selected_group ( 23 )"
				9903
				9904	requires_openssl_tls1_3
				9905	requires_config_enabled MBEDTLS_DEBUG_C
				9906	requires_config_enabled MBEDTLS_SSL_CLI_C
				9907	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9908	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9909	run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9910	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9911	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9912	0 \
				9913	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9914	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9915	-c "NamedGroup: secp521r1 ( 19 )" \
				9916	-c "NamedGroup: secp384r1 ( 18 )" \
				9917	-c "Verifying peer X.509 certificate... ok" \
				9918	-c "received HelloRetryRequest message" \
				9919	-c "selected_group ( 24 )"
				9920
				9921	requires_openssl_tls1_3
				9922	requires_config_enabled MBEDTLS_DEBUG_C
				9923	requires_config_enabled MBEDTLS_SSL_CLI_C
				9924	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9925	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9926	run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9927	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9928	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9929	0 \
				9930	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9931	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9932	-c "NamedGroup: secp521r1 ( 19 )" \
				9933	-c "NamedGroup: x25519 ( 1d )" \
				9934	-c "Verifying peer X.509 certificate... ok" \
				9935	-c "received HelloRetryRequest message" \
				9936	-c "selected_group ( 29 )"
				9937
				9938	requires_openssl_tls1_3
				9939	requires_config_enabled MBEDTLS_DEBUG_C
				9940	requires_config_enabled MBEDTLS_SSL_CLI_C
				9941	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9942	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9943	run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9944	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9945	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9946	0 \
				9947	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9948	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9949	-c "NamedGroup: secp521r1 ( 19 )" \
				9950	-c "NamedGroup: x448 ( 1e )" \
				9951	-c "Verifying peer X.509 certificate... ok" \
				9952	-c "received HelloRetryRequest message" \
				9953	-c "selected_group ( 30 )"
				9954
				9955	requires_openssl_tls1_3
				9956	requires_config_enabled MBEDTLS_DEBUG_C
				9957	requires_config_enabled MBEDTLS_SSL_CLI_C
				9958	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9959	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9960	run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9961	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9962	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9963	0 \
				9964	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9965	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9966	-c "NamedGroup: x25519 ( 1d )" \
				9967	-c "NamedGroup: secp256r1 ( 17 )" \
				9968	-c "Verifying peer X.509 certificate... ok" \
				9969	-c "received HelloRetryRequest message" \
				9970	-c "selected_group ( 23 )"
				9971
				9972	requires_openssl_tls1_3
				9973	requires_config_enabled MBEDTLS_DEBUG_C
				9974	requires_config_enabled MBEDTLS_SSL_CLI_C
				9975	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9976	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9977	run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9978	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9979	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9980	0 \
				9981	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9982	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9983	-c "NamedGroup: x25519 ( 1d )" \
				9984	-c "NamedGroup: secp384r1 ( 18 )" \
				9985	-c "Verifying peer X.509 certificate... ok" \
				9986	-c "received HelloRetryRequest message" \
				9987	-c "selected_group ( 24 )"
				9988
				9989	requires_openssl_tls1_3
				9990	requires_config_enabled MBEDTLS_DEBUG_C
				9991	requires_config_enabled MBEDTLS_SSL_CLI_C
				9992	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				9993	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9994	run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	9995	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9996	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	9997	0 \
				9998	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	9999	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10000	-c "NamedGroup: x25519 ( 1d )" \
				10001	-c "NamedGroup: secp521r1 ( 19 )" \
				10002	-c "Verifying peer X.509 certificate... ok" \
				10003	-c "received HelloRetryRequest message" \
				10004	-c "selected_group ( 25 )"
				10005
				10006	requires_openssl_tls1_3
				10007	requires_config_enabled MBEDTLS_DEBUG_C
				10008	requires_config_enabled MBEDTLS_SSL_CLI_C
				10009	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10010	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10011	run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10012	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10013	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10014	0 \
				10015	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10016	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10017	-c "NamedGroup: x25519 ( 1d )" \
				10018	-c "NamedGroup: x448 ( 1e )" \
				10019	-c "Verifying peer X.509 certificate... ok" \
				10020	-c "received HelloRetryRequest message" \
				10021	-c "selected_group ( 30 )"
				10022
				10023	requires_openssl_tls1_3
				10024	requires_config_enabled MBEDTLS_DEBUG_C
				10025	requires_config_enabled MBEDTLS_SSL_CLI_C
				10026	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10027	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10028	run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10029	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10030	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10031	0 \
				10032	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10033	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10034	-c "NamedGroup: x448 ( 1e )" \
				10035	-c "NamedGroup: secp256r1 ( 17 )" \
				10036	-c "Verifying peer X.509 certificate... ok" \
				10037	-c "received HelloRetryRequest message" \
				10038	-c "selected_group ( 23 )"
				10039
				10040	requires_openssl_tls1_3
				10041	requires_config_enabled MBEDTLS_DEBUG_C
				10042	requires_config_enabled MBEDTLS_SSL_CLI_C
				10043	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10044	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10045	run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10046	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10047	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10048	0 \
				10049	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10050	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10051	-c "NamedGroup: x448 ( 1e )" \
				10052	-c "NamedGroup: secp384r1 ( 18 )" \
				10053	-c "Verifying peer X.509 certificate... ok" \
				10054	-c "received HelloRetryRequest message" \
				10055	-c "selected_group ( 24 )"
				10056
				10057	requires_openssl_tls1_3
				10058	requires_config_enabled MBEDTLS_DEBUG_C
				10059	requires_config_enabled MBEDTLS_SSL_CLI_C
				10060	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10061	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10062	run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10063	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10064	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10065	0 \
				10066	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10067	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10068	-c "NamedGroup: x448 ( 1e )" \
				10069	-c "NamedGroup: secp521r1 ( 19 )" \
				10070	-c "Verifying peer X.509 certificate... ok" \
				10071	-c "received HelloRetryRequest message" \
				10072	-c "selected_group ( 25 )"
				10073
				10074	requires_openssl_tls1_3
				10075	requires_config_enabled MBEDTLS_DEBUG_C
				10076	requires_config_enabled MBEDTLS_SSL_CLI_C
				10077	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10078	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10079	run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10080	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10081	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10082	0 \
				10083	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10084	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10085	-c "NamedGroup: x448 ( 1e )" \
				10086	-c "NamedGroup: x25519 ( 1d )" \
				10087	-c "Verifying peer X.509 certificate... ok" \
				10088	-c "received HelloRetryRequest message" \
				10089	-c "selected_group ( 29 )"
				10090
				10091	requires_gnutls_tls1_3
				10092	requires_gnutls_next_no_ticket
				10093	requires_gnutls_next_disable_tls13_compat
				10094	requires_config_enabled MBEDTLS_DEBUG_C
				10095	requires_config_enabled MBEDTLS_SSL_CLI_C
				10096	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10097	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10098	run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10099	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10100	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10101	0 \
				10102	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10103	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10104	-c "NamedGroup: secp256r1 ( 17 )" \
				10105	-c "NamedGroup: secp384r1 ( 18 )" \
				10106	-c "Verifying peer X.509 certificate... ok" \
				10107	-c "received HelloRetryRequest message" \
				10108	-c "selected_group ( 24 )"
				10109
				10110	requires_gnutls_tls1_3
				10111	requires_gnutls_next_no_ticket
				10112	requires_gnutls_next_disable_tls13_compat
				10113	requires_config_enabled MBEDTLS_DEBUG_C
				10114	requires_config_enabled MBEDTLS_SSL_CLI_C
				10115	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10116	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10117	run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10118	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10119	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10120	0 \
				10121	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10122	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10123	-c "NamedGroup: secp256r1 ( 17 )" \
				10124	-c "NamedGroup: secp521r1 ( 19 )" \
				10125	-c "Verifying peer X.509 certificate... ok" \
				10126	-c "received HelloRetryRequest message" \
				10127	-c "selected_group ( 25 )"
				10128
				10129	requires_gnutls_tls1_3
				10130	requires_gnutls_next_no_ticket
				10131	requires_gnutls_next_disable_tls13_compat
				10132	requires_config_enabled MBEDTLS_DEBUG_C
				10133	requires_config_enabled MBEDTLS_SSL_CLI_C
				10134	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10135	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10136	run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10137	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10138	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10139	0 \
				10140	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10141	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10142	-c "NamedGroup: secp256r1 ( 17 )" \
				10143	-c "NamedGroup: x25519 ( 1d )" \
				10144	-c "Verifying peer X.509 certificate... ok" \
				10145	-c "received HelloRetryRequest message" \
				10146	-c "selected_group ( 29 )"
				10147
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	10148	requires_gnutls_tls1_3
				10149	requires_gnutls_next_no_ticket
				10150	requires_gnutls_next_disable_tls13_compat
				10151	requires_config_enabled MBEDTLS_DEBUG_C
				10152	requires_config_enabled MBEDTLS_SSL_CLI_C
				10153	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10154	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	10155	run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10156	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10157	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	10158	0 \
				10159	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10160	-c "Protocol is TLSv1.3" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	10161	-c "NamedGroup: secp256r1 ( 17 )" \
				10162	-c "NamedGroup: x448 ( 1e )" \
				10163	-c "Verifying peer X.509 certificate... ok" \
				10164	-c "received HelloRetryRequest message" \
				10165	-c "selected_group ( 30 )"
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10166
				10167	requires_gnutls_tls1_3
				10168	requires_gnutls_next_no_ticket
				10169	requires_gnutls_next_disable_tls13_compat
				10170	requires_config_enabled MBEDTLS_DEBUG_C
				10171	requires_config_enabled MBEDTLS_SSL_CLI_C
				10172	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10173	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10174	run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10175	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10176	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10177	0 \
				10178	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10179	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10180	-c "NamedGroup: secp384r1 ( 18 )" \
				10181	-c "NamedGroup: secp256r1 ( 17 )" \
				10182	-c "Verifying peer X.509 certificate... ok" \
				10183	-c "received HelloRetryRequest message" \
				10184	-c "selected_group ( 23 )"
				10185
				10186	requires_gnutls_tls1_3
				10187	requires_gnutls_next_no_ticket
				10188	requires_gnutls_next_disable_tls13_compat
				10189	requires_config_enabled MBEDTLS_DEBUG_C
				10190	requires_config_enabled MBEDTLS_SSL_CLI_C
				10191	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10192	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10193	run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10194	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10195	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10196	0 \
				10197	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10198	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10199	-c "NamedGroup: secp384r1 ( 18 )" \
				10200	-c "NamedGroup: secp521r1 ( 19 )" \
				10201	-c "Verifying peer X.509 certificate... ok" \
				10202	-c "received HelloRetryRequest message" \
				10203	-c "selected_group ( 25 )"
				10204
				10205	requires_gnutls_tls1_3
				10206	requires_gnutls_next_no_ticket
				10207	requires_gnutls_next_disable_tls13_compat
				10208	requires_config_enabled MBEDTLS_DEBUG_C
				10209	requires_config_enabled MBEDTLS_SSL_CLI_C
				10210	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10211	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10212	run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10213	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10214	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10215	0 \
				10216	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10217	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10218	-c "NamedGroup: secp384r1 ( 18 )" \
				10219	-c "NamedGroup: x25519 ( 1d )" \
				10220	-c "Verifying peer X.509 certificate... ok" \
				10221	-c "received HelloRetryRequest message" \
				10222	-c "selected_group ( 29 )"
				10223
				10224	requires_gnutls_tls1_3
				10225	requires_gnutls_next_no_ticket
				10226	requires_gnutls_next_disable_tls13_compat
				10227	requires_config_enabled MBEDTLS_DEBUG_C
				10228	requires_config_enabled MBEDTLS_SSL_CLI_C
				10229	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10230	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10231	run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10232	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10233	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10234	0 \
				10235	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10236	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10237	-c "NamedGroup: secp384r1 ( 18 )" \
				10238	-c "NamedGroup: x448 ( 1e )" \
				10239	-c "Verifying peer X.509 certificate... ok" \
				10240	-c "received HelloRetryRequest message" \
				10241	-c "selected_group ( 30 )"
				10242
				10243	requires_gnutls_tls1_3
				10244	requires_gnutls_next_no_ticket
				10245	requires_gnutls_next_disable_tls13_compat
				10246	requires_config_enabled MBEDTLS_DEBUG_C
				10247	requires_config_enabled MBEDTLS_SSL_CLI_C
				10248	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10249	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10250	run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10251	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10252	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10253	0 \
				10254	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10255	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10256	-c "NamedGroup: secp521r1 ( 19 )" \
				10257	-c "NamedGroup: secp256r1 ( 17 )" \
				10258	-c "Verifying peer X.509 certificate... ok" \
				10259	-c "received HelloRetryRequest message" \
				10260	-c "selected_group ( 23 )"
				10261
				10262	requires_gnutls_tls1_3
				10263	requires_gnutls_next_no_ticket
				10264	requires_gnutls_next_disable_tls13_compat
				10265	requires_config_enabled MBEDTLS_DEBUG_C
				10266	requires_config_enabled MBEDTLS_SSL_CLI_C
				10267	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10268	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10269	run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10270	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10271	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10272	0 \
				10273	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10274	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10275	-c "NamedGroup: secp521r1 ( 19 )" \
				10276	-c "NamedGroup: secp384r1 ( 18 )" \
				10277	-c "Verifying peer X.509 certificate... ok" \
				10278	-c "received HelloRetryRequest message" \
				10279	-c "selected_group ( 24 )"
				10280
				10281	requires_gnutls_tls1_3
				10282	requires_gnutls_next_no_ticket
				10283	requires_gnutls_next_disable_tls13_compat
				10284	requires_config_enabled MBEDTLS_DEBUG_C
				10285	requires_config_enabled MBEDTLS_SSL_CLI_C
				10286	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10287	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10288	run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10289	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10290	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10291	0 \
				10292	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10293	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10294	-c "NamedGroup: secp521r1 ( 19 )" \
				10295	-c "NamedGroup: x25519 ( 1d )" \
				10296	-c "Verifying peer X.509 certificate... ok" \
				10297	-c "received HelloRetryRequest message" \
				10298	-c "selected_group ( 29 )"
				10299
				10300	requires_gnutls_tls1_3
				10301	requires_gnutls_next_no_ticket
				10302	requires_gnutls_next_disable_tls13_compat
				10303	requires_config_enabled MBEDTLS_DEBUG_C
				10304	requires_config_enabled MBEDTLS_SSL_CLI_C
				10305	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10306	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10307	run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10308	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10309	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10310	0 \
				10311	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10312	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10313	-c "NamedGroup: secp521r1 ( 19 )" \
				10314	-c "NamedGroup: x448 ( 1e )" \
				10315	-c "Verifying peer X.509 certificate... ok" \
				10316	-c "received HelloRetryRequest message" \
				10317	-c "selected_group ( 30 )"
				10318
				10319	requires_gnutls_tls1_3
				10320	requires_gnutls_next_no_ticket
				10321	requires_gnutls_next_disable_tls13_compat
				10322	requires_config_enabled MBEDTLS_DEBUG_C
				10323	requires_config_enabled MBEDTLS_SSL_CLI_C
				10324	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10325	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10326	run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10327	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10328	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10329	0 \
				10330	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10331	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10332	-c "NamedGroup: x25519 ( 1d )" \
				10333	-c "NamedGroup: secp256r1 ( 17 )" \
				10334	-c "Verifying peer X.509 certificate... ok" \
				10335	-c "received HelloRetryRequest message" \
				10336	-c "selected_group ( 23 )"
				10337
				10338	requires_gnutls_tls1_3
				10339	requires_gnutls_next_no_ticket
				10340	requires_gnutls_next_disable_tls13_compat
				10341	requires_config_enabled MBEDTLS_DEBUG_C
				10342	requires_config_enabled MBEDTLS_SSL_CLI_C
				10343	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10344	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10345	run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10346	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10347	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10348	0 \
				10349	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10350	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10351	-c "NamedGroup: x25519 ( 1d )" \
				10352	-c "NamedGroup: secp384r1 ( 18 )" \
				10353	-c "Verifying peer X.509 certificate... ok" \
				10354	-c "received HelloRetryRequest message" \
				10355	-c "selected_group ( 24 )"
				10356
				10357	requires_gnutls_tls1_3
				10358	requires_gnutls_next_no_ticket
				10359	requires_gnutls_next_disable_tls13_compat
				10360	requires_config_enabled MBEDTLS_DEBUG_C
				10361	requires_config_enabled MBEDTLS_SSL_CLI_C
				10362	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10363	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10364	run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10365	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10366	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10367	0 \
				10368	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10369	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10370	-c "NamedGroup: x25519 ( 1d )" \
				10371	-c "NamedGroup: secp521r1 ( 19 )" \
				10372	-c "Verifying peer X.509 certificate... ok" \
				10373	-c "received HelloRetryRequest message" \
				10374	-c "selected_group ( 25 )"
				10375
				10376	requires_gnutls_tls1_3
				10377	requires_gnutls_next_no_ticket
				10378	requires_gnutls_next_disable_tls13_compat
				10379	requires_config_enabled MBEDTLS_DEBUG_C
				10380	requires_config_enabled MBEDTLS_SSL_CLI_C
				10381	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10382	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10383	run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10384	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10385	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10386	0 \
				10387	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10388	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10389	-c "NamedGroup: x25519 ( 1d )" \
				10390	-c "NamedGroup: x448 ( 1e )" \
				10391	-c "Verifying peer X.509 certificate... ok" \
				10392	-c "received HelloRetryRequest message" \
				10393	-c "selected_group ( 30 )"
				10394
				10395	requires_gnutls_tls1_3
				10396	requires_gnutls_next_no_ticket
				10397	requires_gnutls_next_disable_tls13_compat
				10398	requires_config_enabled MBEDTLS_DEBUG_C
				10399	requires_config_enabled MBEDTLS_SSL_CLI_C
				10400	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10401	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10402	run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10403	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10404	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10405	0 \
				10406	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10407	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10408	-c "NamedGroup: x448 ( 1e )" \
				10409	-c "NamedGroup: secp256r1 ( 17 )" \
				10410	-c "Verifying peer X.509 certificate... ok" \
				10411	-c "received HelloRetryRequest message" \
				10412	-c "selected_group ( 23 )"
				10413
				10414	requires_gnutls_tls1_3
				10415	requires_gnutls_next_no_ticket
				10416	requires_gnutls_next_disable_tls13_compat
				10417	requires_config_enabled MBEDTLS_DEBUG_C
				10418	requires_config_enabled MBEDTLS_SSL_CLI_C
				10419	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10420	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10421	run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10422	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10423	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10424	0 \
				10425	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10426	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10427	-c "NamedGroup: x448 ( 1e )" \
				10428	-c "NamedGroup: secp384r1 ( 18 )" \
				10429	-c "Verifying peer X.509 certificate... ok" \
				10430	-c "received HelloRetryRequest message" \
				10431	-c "selected_group ( 24 )"
				10432
				10433	requires_gnutls_tls1_3
				10434	requires_gnutls_next_no_ticket
				10435	requires_gnutls_next_disable_tls13_compat
				10436	requires_config_enabled MBEDTLS_DEBUG_C
				10437	requires_config_enabled MBEDTLS_SSL_CLI_C
				10438	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10439	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10440	run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10441	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10442	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10443	0 \
				10444	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10445	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10446	-c "NamedGroup: x448 ( 1e )" \
				10447	-c "NamedGroup: secp521r1 ( 19 )" \
				10448	-c "Verifying peer X.509 certificate... ok" \
				10449	-c "received HelloRetryRequest message" \
				10450	-c "selected_group ( 25 )"
				10451
				10452	requires_gnutls_tls1_3
				10453	requires_gnutls_next_no_ticket
				10454	requires_gnutls_next_disable_tls13_compat
				10455	requires_config_enabled MBEDTLS_DEBUG_C
				10456	requires_config_enabled MBEDTLS_SSL_CLI_C
				10457	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10458	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10459	run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10460	"$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10461	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10462	0 \
				10463	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10464	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	10465	-c "NamedGroup: x448 ( 1e )" \
				10466	-c "NamedGroup: x25519 ( 1d )" \
				10467	-c "Verifying peer X.509 certificate... ok" \
				10468	-c "received HelloRetryRequest message" \
				10469	-c "selected_group ( 29 )"
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame^]	10470
				10471	requires_config_enabled MBEDTLS_DEBUG_C
				10472	requires_config_enabled MBEDTLS_SSL_CLI_C
				10473	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10474	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10475	requires_config_enabled MBEDTLS_DEBUG_C
				10476	requires_config_enabled MBEDTLS_SSL_CLI_C
				10477	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10478	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10479	run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
				10480	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10481	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
				10482	0 \
				10483	-s "Protocol is TLSv1.3" \
				10484	-s "got named group: secp384r1(0018)" \
				10485	-s "Verifying peer X.509 certificate... ok" \
				10486	-c "Protocol is TLSv1.3" \
				10487	-c "NamedGroup: secp256r1 ( 17 )" \
				10488	-c "NamedGroup: secp384r1 ( 18 )" \
				10489	-c "Verifying peer X.509 certificate... ok" \
				10490	-c "received HelloRetryRequest message" \
				10491	-c "selected_group ( 24 )"
				10492
				10493	requires_config_enabled MBEDTLS_DEBUG_C
				10494	requires_config_enabled MBEDTLS_SSL_CLI_C
				10495	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10496	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10497	requires_config_enabled MBEDTLS_DEBUG_C
				10498	requires_config_enabled MBEDTLS_SSL_CLI_C
				10499	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10500	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10501	run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
				10502	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10503	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
				10504	0 \
				10505	-s "Protocol is TLSv1.3" \
				10506	-s "got named group: secp521r1(0019)" \
				10507	-s "Verifying peer X.509 certificate... ok" \
				10508	-c "Protocol is TLSv1.3" \
				10509	-c "NamedGroup: secp256r1 ( 17 )" \
				10510	-c "NamedGroup: secp521r1 ( 19 )" \
				10511	-c "Verifying peer X.509 certificate... ok" \
				10512	-c "received HelloRetryRequest message" \
				10513	-c "selected_group ( 25 )"
				10514
				10515	requires_config_enabled MBEDTLS_DEBUG_C
				10516	requires_config_enabled MBEDTLS_SSL_CLI_C
				10517	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10518	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10519	requires_config_enabled MBEDTLS_DEBUG_C
				10520	requires_config_enabled MBEDTLS_SSL_CLI_C
				10521	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10522	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10523	run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
				10524	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10525	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
				10526	0 \
				10527	-s "Protocol is TLSv1.3" \
				10528	-s "got named group: x25519(001d)" \
				10529	-s "Verifying peer X.509 certificate... ok" \
				10530	-c "Protocol is TLSv1.3" \
				10531	-c "NamedGroup: secp256r1 ( 17 )" \
				10532	-c "NamedGroup: x25519 ( 1d )" \
				10533	-c "Verifying peer X.509 certificate... ok" \
				10534	-c "received HelloRetryRequest message" \
				10535	-c "selected_group ( 29 )"
				10536
				10537	requires_config_enabled MBEDTLS_DEBUG_C
				10538	requires_config_enabled MBEDTLS_SSL_CLI_C
				10539	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10540	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10541	requires_config_enabled MBEDTLS_DEBUG_C
				10542	requires_config_enabled MBEDTLS_SSL_CLI_C
				10543	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10544	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10545	run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
				10546	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10547	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
				10548	0 \
				10549	-s "Protocol is TLSv1.3" \
				10550	-s "got named group: x448(001e)" \
				10551	-s "Verifying peer X.509 certificate... ok" \
				10552	-c "Protocol is TLSv1.3" \
				10553	-c "NamedGroup: secp256r1 ( 17 )" \
				10554	-c "NamedGroup: x448 ( 1e )" \
				10555	-c "Verifying peer X.509 certificate... ok" \
				10556	-c "received HelloRetryRequest message" \
				10557	-c "selected_group ( 30 )"
				10558
				10559	requires_config_enabled MBEDTLS_DEBUG_C
				10560	requires_config_enabled MBEDTLS_SSL_CLI_C
				10561	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10562	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10563	requires_config_enabled MBEDTLS_DEBUG_C
				10564	requires_config_enabled MBEDTLS_SSL_CLI_C
				10565	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10566	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10567	run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
				10568	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10569	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
				10570	0 \
				10571	-s "Protocol is TLSv1.3" \
				10572	-s "got named group: secp256r1(0017)" \
				10573	-s "Verifying peer X.509 certificate... ok" \
				10574	-c "Protocol is TLSv1.3" \
				10575	-c "NamedGroup: secp384r1 ( 18 )" \
				10576	-c "NamedGroup: secp256r1 ( 17 )" \
				10577	-c "Verifying peer X.509 certificate... ok" \
				10578	-c "received HelloRetryRequest message" \
				10579	-c "selected_group ( 23 )"
				10580
				10581	requires_config_enabled MBEDTLS_DEBUG_C
				10582	requires_config_enabled MBEDTLS_SSL_CLI_C
				10583	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10584	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10585	requires_config_enabled MBEDTLS_DEBUG_C
				10586	requires_config_enabled MBEDTLS_SSL_CLI_C
				10587	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10588	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10589	run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
				10590	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10591	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
				10592	0 \
				10593	-s "Protocol is TLSv1.3" \
				10594	-s "got named group: secp521r1(0019)" \
				10595	-s "Verifying peer X.509 certificate... ok" \
				10596	-c "Protocol is TLSv1.3" \
				10597	-c "NamedGroup: secp384r1 ( 18 )" \
				10598	-c "NamedGroup: secp521r1 ( 19 )" \
				10599	-c "Verifying peer X.509 certificate... ok" \
				10600	-c "received HelloRetryRequest message" \
				10601	-c "selected_group ( 25 )"
				10602
				10603	requires_config_enabled MBEDTLS_DEBUG_C
				10604	requires_config_enabled MBEDTLS_SSL_CLI_C
				10605	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10606	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10607	requires_config_enabled MBEDTLS_DEBUG_C
				10608	requires_config_enabled MBEDTLS_SSL_CLI_C
				10609	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10610	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10611	run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
				10612	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10613	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
				10614	0 \
				10615	-s "Protocol is TLSv1.3" \
				10616	-s "got named group: x25519(001d)" \
				10617	-s "Verifying peer X.509 certificate... ok" \
				10618	-c "Protocol is TLSv1.3" \
				10619	-c "NamedGroup: secp384r1 ( 18 )" \
				10620	-c "NamedGroup: x25519 ( 1d )" \
				10621	-c "Verifying peer X.509 certificate... ok" \
				10622	-c "received HelloRetryRequest message" \
				10623	-c "selected_group ( 29 )"
				10624
				10625	requires_config_enabled MBEDTLS_DEBUG_C
				10626	requires_config_enabled MBEDTLS_SSL_CLI_C
				10627	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10628	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10629	requires_config_enabled MBEDTLS_DEBUG_C
				10630	requires_config_enabled MBEDTLS_SSL_CLI_C
				10631	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10632	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10633	run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
				10634	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10635	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
				10636	0 \
				10637	-s "Protocol is TLSv1.3" \
				10638	-s "got named group: x448(001e)" \
				10639	-s "Verifying peer X.509 certificate... ok" \
				10640	-c "Protocol is TLSv1.3" \
				10641	-c "NamedGroup: secp384r1 ( 18 )" \
				10642	-c "NamedGroup: x448 ( 1e )" \
				10643	-c "Verifying peer X.509 certificate... ok" \
				10644	-c "received HelloRetryRequest message" \
				10645	-c "selected_group ( 30 )"
				10646
				10647	requires_config_enabled MBEDTLS_DEBUG_C
				10648	requires_config_enabled MBEDTLS_SSL_CLI_C
				10649	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10650	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10651	requires_config_enabled MBEDTLS_DEBUG_C
				10652	requires_config_enabled MBEDTLS_SSL_CLI_C
				10653	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10654	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10655	run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
				10656	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10657	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
				10658	0 \
				10659	-s "Protocol is TLSv1.3" \
				10660	-s "got named group: secp256r1(0017)" \
				10661	-s "Verifying peer X.509 certificate... ok" \
				10662	-c "Protocol is TLSv1.3" \
				10663	-c "NamedGroup: secp521r1 ( 19 )" \
				10664	-c "NamedGroup: secp256r1 ( 17 )" \
				10665	-c "Verifying peer X.509 certificate... ok" \
				10666	-c "received HelloRetryRequest message" \
				10667	-c "selected_group ( 23 )"
				10668
				10669	requires_config_enabled MBEDTLS_DEBUG_C
				10670	requires_config_enabled MBEDTLS_SSL_CLI_C
				10671	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10672	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10673	requires_config_enabled MBEDTLS_DEBUG_C
				10674	requires_config_enabled MBEDTLS_SSL_CLI_C
				10675	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10676	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10677	run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
				10678	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10679	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
				10680	0 \
				10681	-s "Protocol is TLSv1.3" \
				10682	-s "got named group: secp384r1(0018)" \
				10683	-s "Verifying peer X.509 certificate... ok" \
				10684	-c "Protocol is TLSv1.3" \
				10685	-c "NamedGroup: secp521r1 ( 19 )" \
				10686	-c "NamedGroup: secp384r1 ( 18 )" \
				10687	-c "Verifying peer X.509 certificate... ok" \
				10688	-c "received HelloRetryRequest message" \
				10689	-c "selected_group ( 24 )"
				10690
				10691	requires_config_enabled MBEDTLS_DEBUG_C
				10692	requires_config_enabled MBEDTLS_SSL_CLI_C
				10693	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10694	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10695	requires_config_enabled MBEDTLS_DEBUG_C
				10696	requires_config_enabled MBEDTLS_SSL_CLI_C
				10697	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10698	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10699	run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
				10700	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10701	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
				10702	0 \
				10703	-s "Protocol is TLSv1.3" \
				10704	-s "got named group: x25519(001d)" \
				10705	-s "Verifying peer X.509 certificate... ok" \
				10706	-c "Protocol is TLSv1.3" \
				10707	-c "NamedGroup: secp521r1 ( 19 )" \
				10708	-c "NamedGroup: x25519 ( 1d )" \
				10709	-c "Verifying peer X.509 certificate... ok" \
				10710	-c "received HelloRetryRequest message" \
				10711	-c "selected_group ( 29 )"
				10712
				10713	requires_config_enabled MBEDTLS_DEBUG_C
				10714	requires_config_enabled MBEDTLS_SSL_CLI_C
				10715	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10716	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10717	requires_config_enabled MBEDTLS_DEBUG_C
				10718	requires_config_enabled MBEDTLS_SSL_CLI_C
				10719	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10720	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10721	run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
				10722	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10723	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
				10724	0 \
				10725	-s "Protocol is TLSv1.3" \
				10726	-s "got named group: x448(001e)" \
				10727	-s "Verifying peer X.509 certificate... ok" \
				10728	-c "Protocol is TLSv1.3" \
				10729	-c "NamedGroup: secp521r1 ( 19 )" \
				10730	-c "NamedGroup: x448 ( 1e )" \
				10731	-c "Verifying peer X.509 certificate... ok" \
				10732	-c "received HelloRetryRequest message" \
				10733	-c "selected_group ( 30 )"
				10734
				10735	requires_config_enabled MBEDTLS_DEBUG_C
				10736	requires_config_enabled MBEDTLS_SSL_CLI_C
				10737	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10738	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10739	requires_config_enabled MBEDTLS_DEBUG_C
				10740	requires_config_enabled MBEDTLS_SSL_CLI_C
				10741	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10742	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10743	run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
				10744	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10745	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
				10746	0 \
				10747	-s "Protocol is TLSv1.3" \
				10748	-s "got named group: secp256r1(0017)" \
				10749	-s "Verifying peer X.509 certificate... ok" \
				10750	-c "Protocol is TLSv1.3" \
				10751	-c "NamedGroup: x25519 ( 1d )" \
				10752	-c "NamedGroup: secp256r1 ( 17 )" \
				10753	-c "Verifying peer X.509 certificate... ok" \
				10754	-c "received HelloRetryRequest message" \
				10755	-c "selected_group ( 23 )"
				10756
				10757	requires_config_enabled MBEDTLS_DEBUG_C
				10758	requires_config_enabled MBEDTLS_SSL_CLI_C
				10759	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10760	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10761	requires_config_enabled MBEDTLS_DEBUG_C
				10762	requires_config_enabled MBEDTLS_SSL_CLI_C
				10763	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10764	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10765	run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
				10766	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10767	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
				10768	0 \
				10769	-s "Protocol is TLSv1.3" \
				10770	-s "got named group: secp384r1(0018)" \
				10771	-s "Verifying peer X.509 certificate... ok" \
				10772	-c "Protocol is TLSv1.3" \
				10773	-c "NamedGroup: x25519 ( 1d )" \
				10774	-c "NamedGroup: secp384r1 ( 18 )" \
				10775	-c "Verifying peer X.509 certificate... ok" \
				10776	-c "received HelloRetryRequest message" \
				10777	-c "selected_group ( 24 )"
				10778
				10779	requires_config_enabled MBEDTLS_DEBUG_C
				10780	requires_config_enabled MBEDTLS_SSL_CLI_C
				10781	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10782	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10783	requires_config_enabled MBEDTLS_DEBUG_C
				10784	requires_config_enabled MBEDTLS_SSL_CLI_C
				10785	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10786	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10787	run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
				10788	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10789	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
				10790	0 \
				10791	-s "Protocol is TLSv1.3" \
				10792	-s "got named group: secp521r1(0019)" \
				10793	-s "Verifying peer X.509 certificate... ok" \
				10794	-c "Protocol is TLSv1.3" \
				10795	-c "NamedGroup: x25519 ( 1d )" \
				10796	-c "NamedGroup: secp521r1 ( 19 )" \
				10797	-c "Verifying peer X.509 certificate... ok" \
				10798	-c "received HelloRetryRequest message" \
				10799	-c "selected_group ( 25 )"
				10800
				10801	requires_config_enabled MBEDTLS_DEBUG_C
				10802	requires_config_enabled MBEDTLS_SSL_CLI_C
				10803	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10804	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10805	requires_config_enabled MBEDTLS_DEBUG_C
				10806	requires_config_enabled MBEDTLS_SSL_CLI_C
				10807	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10808	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10809	run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
				10810	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10811	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
				10812	0 \
				10813	-s "Protocol is TLSv1.3" \
				10814	-s "got named group: x448(001e)" \
				10815	-s "Verifying peer X.509 certificate... ok" \
				10816	-c "Protocol is TLSv1.3" \
				10817	-c "NamedGroup: x25519 ( 1d )" \
				10818	-c "NamedGroup: x448 ( 1e )" \
				10819	-c "Verifying peer X.509 certificate... ok" \
				10820	-c "received HelloRetryRequest message" \
				10821	-c "selected_group ( 30 )"
				10822
				10823	requires_config_enabled MBEDTLS_DEBUG_C
				10824	requires_config_enabled MBEDTLS_SSL_CLI_C
				10825	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10826	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10827	requires_config_enabled MBEDTLS_DEBUG_C
				10828	requires_config_enabled MBEDTLS_SSL_CLI_C
				10829	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10830	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10831	run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
				10832	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10833	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
				10834	0 \
				10835	-s "Protocol is TLSv1.3" \
				10836	-s "got named group: secp256r1(0017)" \
				10837	-s "Verifying peer X.509 certificate... ok" \
				10838	-c "Protocol is TLSv1.3" \
				10839	-c "NamedGroup: x448 ( 1e )" \
				10840	-c "NamedGroup: secp256r1 ( 17 )" \
				10841	-c "Verifying peer X.509 certificate... ok" \
				10842	-c "received HelloRetryRequest message" \
				10843	-c "selected_group ( 23 )"
				10844
				10845	requires_config_enabled MBEDTLS_DEBUG_C
				10846	requires_config_enabled MBEDTLS_SSL_CLI_C
				10847	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10848	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10849	requires_config_enabled MBEDTLS_DEBUG_C
				10850	requires_config_enabled MBEDTLS_SSL_CLI_C
				10851	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10852	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10853	run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
				10854	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10855	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
				10856	0 \
				10857	-s "Protocol is TLSv1.3" \
				10858	-s "got named group: secp384r1(0018)" \
				10859	-s "Verifying peer X.509 certificate... ok" \
				10860	-c "Protocol is TLSv1.3" \
				10861	-c "NamedGroup: x448 ( 1e )" \
				10862	-c "NamedGroup: secp384r1 ( 18 )" \
				10863	-c "Verifying peer X.509 certificate... ok" \
				10864	-c "received HelloRetryRequest message" \
				10865	-c "selected_group ( 24 )"
				10866
				10867	requires_config_enabled MBEDTLS_DEBUG_C
				10868	requires_config_enabled MBEDTLS_SSL_CLI_C
				10869	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10870	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10871	requires_config_enabled MBEDTLS_DEBUG_C
				10872	requires_config_enabled MBEDTLS_SSL_CLI_C
				10873	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10874	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10875	run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
				10876	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10877	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
				10878	0 \
				10879	-s "Protocol is TLSv1.3" \
				10880	-s "got named group: secp521r1(0019)" \
				10881	-s "Verifying peer X.509 certificate... ok" \
				10882	-c "Protocol is TLSv1.3" \
				10883	-c "NamedGroup: x448 ( 1e )" \
				10884	-c "NamedGroup: secp521r1 ( 19 )" \
				10885	-c "Verifying peer X.509 certificate... ok" \
				10886	-c "received HelloRetryRequest message" \
				10887	-c "selected_group ( 25 )"
				10888
				10889	requires_config_enabled MBEDTLS_DEBUG_C
				10890	requires_config_enabled MBEDTLS_SSL_CLI_C
				10891	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10892	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10893	requires_config_enabled MBEDTLS_DEBUG_C
				10894	requires_config_enabled MBEDTLS_SSL_CLI_C
				10895	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10896	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10897	run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
				10898	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10899	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
				10900	0 \
				10901	-s "Protocol is TLSv1.3" \
				10902	-s "got named group: x25519(001d)" \
				10903	-s "Verifying peer X.509 certificate... ok" \
				10904	-c "Protocol is TLSv1.3" \
				10905	-c "NamedGroup: x448 ( 1e )" \
				10906	-c "NamedGroup: x25519 ( 1d )" \
				10907	-c "Verifying peer X.509 certificate... ok" \
				10908	-c "received HelloRetryRequest message" \
				10909	-c "selected_group ( 29 )"
				10910
				10911	requires_config_enabled MBEDTLS_DEBUG_C
				10912	requires_config_enabled MBEDTLS_SSL_CLI_C
				10913	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10914	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10915	requires_openssl_tls1_3
				10916	run_test "TLS 1.3 O->m: Server HRR secp256r1 -> secp384r1" \
				10917	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10918	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				10919	0 \
				10920	-s "Protocol is TLSv1.3" \
				10921	-s "got named group: secp384r1(0018)" \
				10922	-s "Verifying peer X.509 certificate... ok" \
				10923	-s "HTTP/1.0 200 OK" \
				10924	-s "HRR selected_group: secp384r1"
				10925
				10926	requires_config_enabled MBEDTLS_DEBUG_C
				10927	requires_config_enabled MBEDTLS_SSL_CLI_C
				10928	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10929	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10930	requires_openssl_tls1_3
				10931	run_test "TLS 1.3 O->m: Server HRR secp256r1 -> secp521r1" \
				10932	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10933	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				10934	0 \
				10935	-s "Protocol is TLSv1.3" \
				10936	-s "got named group: secp521r1(0019)" \
				10937	-s "Verifying peer X.509 certificate... ok" \
				10938	-s "HTTP/1.0 200 OK" \
				10939	-s "HRR selected_group: secp521r1"
				10940
				10941	requires_config_enabled MBEDTLS_DEBUG_C
				10942	requires_config_enabled MBEDTLS_SSL_CLI_C
				10943	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10944	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10945	requires_openssl_tls1_3
				10946	run_test "TLS 1.3 O->m: Server HRR secp256r1 -> x25519" \
				10947	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10948	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				10949	0 \
				10950	-s "Protocol is TLSv1.3" \
				10951	-s "got named group: x25519(001d)" \
				10952	-s "Verifying peer X.509 certificate... ok" \
				10953	-s "HTTP/1.0 200 OK" \
				10954	-s "HRR selected_group: x25519"
				10955
				10956	requires_config_enabled MBEDTLS_DEBUG_C
				10957	requires_config_enabled MBEDTLS_SSL_CLI_C
				10958	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10959	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10960	requires_openssl_tls1_3
				10961	run_test "TLS 1.3 O->m: Server HRR secp256r1 -> x448" \
				10962	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10963	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				10964	0 \
				10965	-s "Protocol is TLSv1.3" \
				10966	-s "got named group: x448(001e)" \
				10967	-s "Verifying peer X.509 certificate... ok" \
				10968	-s "HTTP/1.0 200 OK" \
				10969	-s "HRR selected_group: x448"
				10970
				10971	requires_config_enabled MBEDTLS_DEBUG_C
				10972	requires_config_enabled MBEDTLS_SSL_CLI_C
				10973	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10974	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10975	requires_openssl_tls1_3
				10976	run_test "TLS 1.3 O->m: Server HRR secp384r1 -> secp256r1" \
				10977	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10978	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				10979	0 \
				10980	-s "Protocol is TLSv1.3" \
				10981	-s "got named group: secp256r1(0017)" \
				10982	-s "Verifying peer X.509 certificate... ok" \
				10983	-s "HTTP/1.0 200 OK" \
				10984	-s "HRR selected_group: secp256r1"
				10985
				10986	requires_config_enabled MBEDTLS_DEBUG_C
				10987	requires_config_enabled MBEDTLS_SSL_CLI_C
				10988	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				10989	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10990	requires_openssl_tls1_3
				10991	run_test "TLS 1.3 O->m: Server HRR secp384r1 -> secp521r1" \
				10992	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10993	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				10994	0 \
				10995	-s "Protocol is TLSv1.3" \
				10996	-s "got named group: secp521r1(0019)" \
				10997	-s "Verifying peer X.509 certificate... ok" \
				10998	-s "HTTP/1.0 200 OK" \
				10999	-s "HRR selected_group: secp521r1"
				11000
				11001	requires_config_enabled MBEDTLS_DEBUG_C
				11002	requires_config_enabled MBEDTLS_SSL_CLI_C
				11003	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11004	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11005	requires_openssl_tls1_3
				11006	run_test "TLS 1.3 O->m: Server HRR secp384r1 -> x25519" \
				11007	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11008	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11009	0 \
				11010	-s "Protocol is TLSv1.3" \
				11011	-s "got named group: x25519(001d)" \
				11012	-s "Verifying peer X.509 certificate... ok" \
				11013	-s "HTTP/1.0 200 OK" \
				11014	-s "HRR selected_group: x25519"
				11015
				11016	requires_config_enabled MBEDTLS_DEBUG_C
				11017	requires_config_enabled MBEDTLS_SSL_CLI_C
				11018	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11019	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11020	requires_openssl_tls1_3
				11021	run_test "TLS 1.3 O->m: Server HRR secp384r1 -> x448" \
				11022	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11023	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11024	0 \
				11025	-s "Protocol is TLSv1.3" \
				11026	-s "got named group: x448(001e)" \
				11027	-s "Verifying peer X.509 certificate... ok" \
				11028	-s "HTTP/1.0 200 OK" \
				11029	-s "HRR selected_group: x448"
				11030
				11031	requires_config_enabled MBEDTLS_DEBUG_C
				11032	requires_config_enabled MBEDTLS_SSL_CLI_C
				11033	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11034	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11035	requires_openssl_tls1_3
				11036	run_test "TLS 1.3 O->m: Server HRR secp521r1 -> secp256r1" \
				11037	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11038	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11039	0 \
				11040	-s "Protocol is TLSv1.3" \
				11041	-s "got named group: secp256r1(0017)" \
				11042	-s "Verifying peer X.509 certificate... ok" \
				11043	-s "HTTP/1.0 200 OK" \
				11044	-s "HRR selected_group: secp256r1"
				11045
				11046	requires_config_enabled MBEDTLS_DEBUG_C
				11047	requires_config_enabled MBEDTLS_SSL_CLI_C
				11048	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11049	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11050	requires_openssl_tls1_3
				11051	run_test "TLS 1.3 O->m: Server HRR secp521r1 -> secp384r1" \
				11052	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11053	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11054	0 \
				11055	-s "Protocol is TLSv1.3" \
				11056	-s "got named group: secp384r1(0018)" \
				11057	-s "Verifying peer X.509 certificate... ok" \
				11058	-s "HTTP/1.0 200 OK" \
				11059	-s "HRR selected_group: secp384r1"
				11060
				11061	requires_config_enabled MBEDTLS_DEBUG_C
				11062	requires_config_enabled MBEDTLS_SSL_CLI_C
				11063	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11064	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11065	requires_openssl_tls1_3
				11066	run_test "TLS 1.3 O->m: Server HRR secp521r1 -> x25519" \
				11067	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11068	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11069	0 \
				11070	-s "Protocol is TLSv1.3" \
				11071	-s "got named group: x25519(001d)" \
				11072	-s "Verifying peer X.509 certificate... ok" \
				11073	-s "HTTP/1.0 200 OK" \
				11074	-s "HRR selected_group: x25519"
				11075
				11076	requires_config_enabled MBEDTLS_DEBUG_C
				11077	requires_config_enabled MBEDTLS_SSL_CLI_C
				11078	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11079	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11080	requires_openssl_tls1_3
				11081	run_test "TLS 1.3 O->m: Server HRR secp521r1 -> x448" \
				11082	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11083	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11084	0 \
				11085	-s "Protocol is TLSv1.3" \
				11086	-s "got named group: x448(001e)" \
				11087	-s "Verifying peer X.509 certificate... ok" \
				11088	-s "HTTP/1.0 200 OK" \
				11089	-s "HRR selected_group: x448"
				11090
				11091	requires_config_enabled MBEDTLS_DEBUG_C
				11092	requires_config_enabled MBEDTLS_SSL_CLI_C
				11093	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11094	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11095	requires_openssl_tls1_3
				11096	run_test "TLS 1.3 O->m: Server HRR x25519 -> secp256r1" \
				11097	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11098	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11099	0 \
				11100	-s "Protocol is TLSv1.3" \
				11101	-s "got named group: secp256r1(0017)" \
				11102	-s "Verifying peer X.509 certificate... ok" \
				11103	-s "HTTP/1.0 200 OK" \
				11104	-s "HRR selected_group: secp256r1"
				11105
				11106	requires_config_enabled MBEDTLS_DEBUG_C
				11107	requires_config_enabled MBEDTLS_SSL_CLI_C
				11108	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11109	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11110	requires_openssl_tls1_3
				11111	run_test "TLS 1.3 O->m: Server HRR x25519 -> secp384r1" \
				11112	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11113	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11114	0 \
				11115	-s "Protocol is TLSv1.3" \
				11116	-s "got named group: secp384r1(0018)" \
				11117	-s "Verifying peer X.509 certificate... ok" \
				11118	-s "HTTP/1.0 200 OK" \
				11119	-s "HRR selected_group: secp384r1"
				11120
				11121	requires_config_enabled MBEDTLS_DEBUG_C
				11122	requires_config_enabled MBEDTLS_SSL_CLI_C
				11123	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11124	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11125	requires_openssl_tls1_3
				11126	run_test "TLS 1.3 O->m: Server HRR x25519 -> secp521r1" \
				11127	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11128	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11129	0 \
				11130	-s "Protocol is TLSv1.3" \
				11131	-s "got named group: secp521r1(0019)" \
				11132	-s "Verifying peer X.509 certificate... ok" \
				11133	-s "HTTP/1.0 200 OK" \
				11134	-s "HRR selected_group: secp521r1"
				11135
				11136	requires_config_enabled MBEDTLS_DEBUG_C
				11137	requires_config_enabled MBEDTLS_SSL_CLI_C
				11138	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11139	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11140	requires_openssl_tls1_3
				11141	run_test "TLS 1.3 O->m: Server HRR x25519 -> x448" \
				11142	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11143	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11144	0 \
				11145	-s "Protocol is TLSv1.3" \
				11146	-s "got named group: x448(001e)" \
				11147	-s "Verifying peer X.509 certificate... ok" \
				11148	-s "HTTP/1.0 200 OK" \
				11149	-s "HRR selected_group: x448"
				11150
				11151	requires_config_enabled MBEDTLS_DEBUG_C
				11152	requires_config_enabled MBEDTLS_SSL_CLI_C
				11153	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11154	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11155	requires_openssl_tls1_3
				11156	run_test "TLS 1.3 O->m: Server HRR x448 -> secp256r1" \
				11157	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11158	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11159	0 \
				11160	-s "Protocol is TLSv1.3" \
				11161	-s "got named group: secp256r1(0017)" \
				11162	-s "Verifying peer X.509 certificate... ok" \
				11163	-s "HTTP/1.0 200 OK" \
				11164	-s "HRR selected_group: secp256r1"
				11165
				11166	requires_config_enabled MBEDTLS_DEBUG_C
				11167	requires_config_enabled MBEDTLS_SSL_CLI_C
				11168	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11169	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11170	requires_openssl_tls1_3
				11171	run_test "TLS 1.3 O->m: Server HRR x448 -> secp384r1" \
				11172	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11173	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11174	0 \
				11175	-s "Protocol is TLSv1.3" \
				11176	-s "got named group: secp384r1(0018)" \
				11177	-s "Verifying peer X.509 certificate... ok" \
				11178	-s "HTTP/1.0 200 OK" \
				11179	-s "HRR selected_group: secp384r1"
				11180
				11181	requires_config_enabled MBEDTLS_DEBUG_C
				11182	requires_config_enabled MBEDTLS_SSL_CLI_C
				11183	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11184	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11185	requires_openssl_tls1_3
				11186	run_test "TLS 1.3 O->m: Server HRR x448 -> secp521r1" \
				11187	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11188	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11189	0 \
				11190	-s "Protocol is TLSv1.3" \
				11191	-s "got named group: secp521r1(0019)" \
				11192	-s "Verifying peer X.509 certificate... ok" \
				11193	-s "HTTP/1.0 200 OK" \
				11194	-s "HRR selected_group: secp521r1"
				11195
				11196	requires_config_enabled MBEDTLS_DEBUG_C
				11197	requires_config_enabled MBEDTLS_SSL_CLI_C
				11198	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11199	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11200	requires_openssl_tls1_3
				11201	run_test "TLS 1.3 O->m: Server HRR x448 -> x25519" \
				11202	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11203	"$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
				11204	0 \
				11205	-s "Protocol is TLSv1.3" \
				11206	-s "got named group: x25519(001d)" \
				11207	-s "Verifying peer X.509 certificate... ok" \
				11208	-s "HTTP/1.0 200 OK" \
				11209	-s "HRR selected_group: x25519"
				11210
				11211	requires_config_enabled MBEDTLS_DEBUG_C
				11212	requires_config_enabled MBEDTLS_SSL_CLI_C
				11213	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11214	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11215	requires_gnutls_tls1_3
				11216	requires_gnutls_next_no_ticket
				11217	requires_gnutls_next_disable_tls13_compat
				11218	run_test "TLS 1.3 G->m: Server HRR secp256r1 -> secp384r1" \
				11219	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11220	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11221	0 \
				11222	-s "Protocol is TLSv1.3" \
				11223	-s "got named group: secp384r1(0018)" \
				11224	-s "Verifying peer X.509 certificate... ok" \
				11225	-c "HTTP/1.0 200 OK" \
				11226	-s "HRR selected_group: secp384r1"
				11227
				11228	requires_config_enabled MBEDTLS_DEBUG_C
				11229	requires_config_enabled MBEDTLS_SSL_CLI_C
				11230	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11231	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11232	requires_gnutls_tls1_3
				11233	requires_gnutls_next_no_ticket
				11234	requires_gnutls_next_disable_tls13_compat
				11235	run_test "TLS 1.3 G->m: Server HRR secp256r1 -> secp521r1" \
				11236	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11237	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11238	0 \
				11239	-s "Protocol is TLSv1.3" \
				11240	-s "got named group: secp521r1(0019)" \
				11241	-s "Verifying peer X.509 certificate... ok" \
				11242	-c "HTTP/1.0 200 OK" \
				11243	-s "HRR selected_group: secp521r1"
				11244
				11245	requires_config_enabled MBEDTLS_DEBUG_C
				11246	requires_config_enabled MBEDTLS_SSL_CLI_C
				11247	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11248	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11249	requires_gnutls_tls1_3
				11250	requires_gnutls_next_no_ticket
				11251	requires_gnutls_next_disable_tls13_compat
				11252	run_test "TLS 1.3 G->m: Server HRR secp256r1 -> x25519" \
				11253	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11254	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11255	0 \
				11256	-s "Protocol is TLSv1.3" \
				11257	-s "got named group: x25519(001d)" \
				11258	-s "Verifying peer X.509 certificate... ok" \
				11259	-c "HTTP/1.0 200 OK" \
				11260	-s "HRR selected_group: x25519"
				11261
				11262	requires_config_enabled MBEDTLS_DEBUG_C
				11263	requires_config_enabled MBEDTLS_SSL_CLI_C
				11264	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11265	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11266	requires_gnutls_tls1_3
				11267	requires_gnutls_next_no_ticket
				11268	requires_gnutls_next_disable_tls13_compat
				11269	run_test "TLS 1.3 G->m: Server HRR secp256r1 -> x448" \
				11270	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11271	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11272	0 \
				11273	-s "Protocol is TLSv1.3" \
				11274	-s "got named group: x448(001e)" \
				11275	-s "Verifying peer X.509 certificate... ok" \
				11276	-c "HTTP/1.0 200 OK" \
				11277	-s "HRR selected_group: x448"
				11278
				11279	requires_config_enabled MBEDTLS_DEBUG_C
				11280	requires_config_enabled MBEDTLS_SSL_CLI_C
				11281	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11282	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11283	requires_gnutls_tls1_3
				11284	requires_gnutls_next_no_ticket
				11285	requires_gnutls_next_disable_tls13_compat
				11286	run_test "TLS 1.3 G->m: Server HRR secp384r1 -> secp256r1" \
				11287	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11288	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11289	0 \
				11290	-s "Protocol is TLSv1.3" \
				11291	-s "got named group: secp256r1(0017)" \
				11292	-s "Verifying peer X.509 certificate... ok" \
				11293	-c "HTTP/1.0 200 OK" \
				11294	-s "HRR selected_group: secp256r1"
				11295
				11296	requires_config_enabled MBEDTLS_DEBUG_C
				11297	requires_config_enabled MBEDTLS_SSL_CLI_C
				11298	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11299	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11300	requires_gnutls_tls1_3
				11301	requires_gnutls_next_no_ticket
				11302	requires_gnutls_next_disable_tls13_compat
				11303	run_test "TLS 1.3 G->m: Server HRR secp384r1 -> secp521r1" \
				11304	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11305	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11306	0 \
				11307	-s "Protocol is TLSv1.3" \
				11308	-s "got named group: secp521r1(0019)" \
				11309	-s "Verifying peer X.509 certificate... ok" \
				11310	-c "HTTP/1.0 200 OK" \
				11311	-s "HRR selected_group: secp521r1"
				11312
				11313	requires_config_enabled MBEDTLS_DEBUG_C
				11314	requires_config_enabled MBEDTLS_SSL_CLI_C
				11315	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11316	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11317	requires_gnutls_tls1_3
				11318	requires_gnutls_next_no_ticket
				11319	requires_gnutls_next_disable_tls13_compat
				11320	run_test "TLS 1.3 G->m: Server HRR secp384r1 -> x25519" \
				11321	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11322	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11323	0 \
				11324	-s "Protocol is TLSv1.3" \
				11325	-s "got named group: x25519(001d)" \
				11326	-s "Verifying peer X.509 certificate... ok" \
				11327	-c "HTTP/1.0 200 OK" \
				11328	-s "HRR selected_group: x25519"
				11329
				11330	requires_config_enabled MBEDTLS_DEBUG_C
				11331	requires_config_enabled MBEDTLS_SSL_CLI_C
				11332	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11333	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11334	requires_gnutls_tls1_3
				11335	requires_gnutls_next_no_ticket
				11336	requires_gnutls_next_disable_tls13_compat
				11337	run_test "TLS 1.3 G->m: Server HRR secp384r1 -> x448" \
				11338	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11339	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11340	0 \
				11341	-s "Protocol is TLSv1.3" \
				11342	-s "got named group: x448(001e)" \
				11343	-s "Verifying peer X.509 certificate... ok" \
				11344	-c "HTTP/1.0 200 OK" \
				11345	-s "HRR selected_group: x448"
				11346
				11347	requires_config_enabled MBEDTLS_DEBUG_C
				11348	requires_config_enabled MBEDTLS_SSL_CLI_C
				11349	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11350	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11351	requires_gnutls_tls1_3
				11352	requires_gnutls_next_no_ticket
				11353	requires_gnutls_next_disable_tls13_compat
				11354	run_test "TLS 1.3 G->m: Server HRR secp521r1 -> secp256r1" \
				11355	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11356	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11357	0 \
				11358	-s "Protocol is TLSv1.3" \
				11359	-s "got named group: secp256r1(0017)" \
				11360	-s "Verifying peer X.509 certificate... ok" \
				11361	-c "HTTP/1.0 200 OK" \
				11362	-s "HRR selected_group: secp256r1"
				11363
				11364	requires_config_enabled MBEDTLS_DEBUG_C
				11365	requires_config_enabled MBEDTLS_SSL_CLI_C
				11366	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11367	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11368	requires_gnutls_tls1_3
				11369	requires_gnutls_next_no_ticket
				11370	requires_gnutls_next_disable_tls13_compat
				11371	run_test "TLS 1.3 G->m: Server HRR secp521r1 -> secp384r1" \
				11372	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11373	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11374	0 \
				11375	-s "Protocol is TLSv1.3" \
				11376	-s "got named group: secp384r1(0018)" \
				11377	-s "Verifying peer X.509 certificate... ok" \
				11378	-c "HTTP/1.0 200 OK" \
				11379	-s "HRR selected_group: secp384r1"
				11380
				11381	requires_config_enabled MBEDTLS_DEBUG_C
				11382	requires_config_enabled MBEDTLS_SSL_CLI_C
				11383	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11384	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11385	requires_gnutls_tls1_3
				11386	requires_gnutls_next_no_ticket
				11387	requires_gnutls_next_disable_tls13_compat
				11388	run_test "TLS 1.3 G->m: Server HRR secp521r1 -> x25519" \
				11389	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11390	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11391	0 \
				11392	-s "Protocol is TLSv1.3" \
				11393	-s "got named group: x25519(001d)" \
				11394	-s "Verifying peer X.509 certificate... ok" \
				11395	-c "HTTP/1.0 200 OK" \
				11396	-s "HRR selected_group: x25519"
				11397
				11398	requires_config_enabled MBEDTLS_DEBUG_C
				11399	requires_config_enabled MBEDTLS_SSL_CLI_C
				11400	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11401	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11402	requires_gnutls_tls1_3
				11403	requires_gnutls_next_no_ticket
				11404	requires_gnutls_next_disable_tls13_compat
				11405	run_test "TLS 1.3 G->m: Server HRR secp521r1 -> x448" \
				11406	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11407	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11408	0 \
				11409	-s "Protocol is TLSv1.3" \
				11410	-s "got named group: x448(001e)" \
				11411	-s "Verifying peer X.509 certificate... ok" \
				11412	-c "HTTP/1.0 200 OK" \
				11413	-s "HRR selected_group: x448"
				11414
				11415	requires_config_enabled MBEDTLS_DEBUG_C
				11416	requires_config_enabled MBEDTLS_SSL_CLI_C
				11417	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11418	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11419	requires_gnutls_tls1_3
				11420	requires_gnutls_next_no_ticket
				11421	requires_gnutls_next_disable_tls13_compat
				11422	run_test "TLS 1.3 G->m: Server HRR x25519 -> secp256r1" \
				11423	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11424	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11425	0 \
				11426	-s "Protocol is TLSv1.3" \
				11427	-s "got named group: secp256r1(0017)" \
				11428	-s "Verifying peer X.509 certificate... ok" \
				11429	-c "HTTP/1.0 200 OK" \
				11430	-s "HRR selected_group: secp256r1"
				11431
				11432	requires_config_enabled MBEDTLS_DEBUG_C
				11433	requires_config_enabled MBEDTLS_SSL_CLI_C
				11434	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11435	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11436	requires_gnutls_tls1_3
				11437	requires_gnutls_next_no_ticket
				11438	requires_gnutls_next_disable_tls13_compat
				11439	run_test "TLS 1.3 G->m: Server HRR x25519 -> secp384r1" \
				11440	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11441	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11442	0 \
				11443	-s "Protocol is TLSv1.3" \
				11444	-s "got named group: secp384r1(0018)" \
				11445	-s "Verifying peer X.509 certificate... ok" \
				11446	-c "HTTP/1.0 200 OK" \
				11447	-s "HRR selected_group: secp384r1"
				11448
				11449	requires_config_enabled MBEDTLS_DEBUG_C
				11450	requires_config_enabled MBEDTLS_SSL_CLI_C
				11451	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11452	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11453	requires_gnutls_tls1_3
				11454	requires_gnutls_next_no_ticket
				11455	requires_gnutls_next_disable_tls13_compat
				11456	run_test "TLS 1.3 G->m: Server HRR x25519 -> secp521r1" \
				11457	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11458	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11459	0 \
				11460	-s "Protocol is TLSv1.3" \
				11461	-s "got named group: secp521r1(0019)" \
				11462	-s "Verifying peer X.509 certificate... ok" \
				11463	-c "HTTP/1.0 200 OK" \
				11464	-s "HRR selected_group: secp521r1"
				11465
				11466	requires_config_enabled MBEDTLS_DEBUG_C
				11467	requires_config_enabled MBEDTLS_SSL_CLI_C
				11468	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11469	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11470	requires_gnutls_tls1_3
				11471	requires_gnutls_next_no_ticket
				11472	requires_gnutls_next_disable_tls13_compat
				11473	run_test "TLS 1.3 G->m: Server HRR x25519 -> x448" \
				11474	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11475	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11476	0 \
				11477	-s "Protocol is TLSv1.3" \
				11478	-s "got named group: x448(001e)" \
				11479	-s "Verifying peer X.509 certificate... ok" \
				11480	-c "HTTP/1.0 200 OK" \
				11481	-s "HRR selected_group: x448"
				11482
				11483	requires_config_enabled MBEDTLS_DEBUG_C
				11484	requires_config_enabled MBEDTLS_SSL_CLI_C
				11485	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11486	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11487	requires_gnutls_tls1_3
				11488	requires_gnutls_next_no_ticket
				11489	requires_gnutls_next_disable_tls13_compat
				11490	run_test "TLS 1.3 G->m: Server HRR x448 -> secp256r1" \
				11491	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11492	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11493	0 \
				11494	-s "Protocol is TLSv1.3" \
				11495	-s "got named group: secp256r1(0017)" \
				11496	-s "Verifying peer X.509 certificate... ok" \
				11497	-c "HTTP/1.0 200 OK" \
				11498	-s "HRR selected_group: secp256r1"
				11499
				11500	requires_config_enabled MBEDTLS_DEBUG_C
				11501	requires_config_enabled MBEDTLS_SSL_CLI_C
				11502	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11503	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11504	requires_gnutls_tls1_3
				11505	requires_gnutls_next_no_ticket
				11506	requires_gnutls_next_disable_tls13_compat
				11507	run_test "TLS 1.3 G->m: Server HRR x448 -> secp384r1" \
				11508	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11509	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11510	0 \
				11511	-s "Protocol is TLSv1.3" \
				11512	-s "got named group: secp384r1(0018)" \
				11513	-s "Verifying peer X.509 certificate... ok" \
				11514	-c "HTTP/1.0 200 OK" \
				11515	-s "HRR selected_group: secp384r1"
				11516
				11517	requires_config_enabled MBEDTLS_DEBUG_C
				11518	requires_config_enabled MBEDTLS_SSL_CLI_C
				11519	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11520	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11521	requires_gnutls_tls1_3
				11522	requires_gnutls_next_no_ticket
				11523	requires_gnutls_next_disable_tls13_compat
				11524	run_test "TLS 1.3 G->m: Server HRR x448 -> secp521r1" \
				11525	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11526	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11527	0 \
				11528	-s "Protocol is TLSv1.3" \
				11529	-s "got named group: secp521r1(0019)" \
				11530	-s "Verifying peer X.509 certificate... ok" \
				11531	-c "HTTP/1.0 200 OK" \
				11532	-s "HRR selected_group: secp521r1"
				11533
				11534	requires_config_enabled MBEDTLS_DEBUG_C
				11535	requires_config_enabled MBEDTLS_SSL_CLI_C
				11536	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11537	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11538	requires_gnutls_tls1_3
				11539	requires_gnutls_next_no_ticket
				11540	requires_gnutls_next_disable_tls13_compat
				11541	run_test "TLS 1.3 G->m: Server HRR x448 -> x25519" \
				11542	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11543	"$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \
				11544	0 \
				11545	-s "Protocol is TLSv1.3" \
				11546	-s "got named group: x25519(001d)" \
				11547	-s "Verifying peer X.509 certificate... ok" \
				11548	-c "HTTP/1.0 200 OK" \
				11549	-s "HRR selected_group: x25519"
				11550
				11551	requires_config_enabled MBEDTLS_DEBUG_C
				11552	requires_config_enabled MBEDTLS_SSL_CLI_C
				11553	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11554	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11555	requires_config_enabled MBEDTLS_DEBUG_C
				11556	requires_config_enabled MBEDTLS_SSL_CLI_C
				11557	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11558	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11559	run_test "TLS 1.3 m->m: Server HRR secp256r1 -> secp384r1" \
				11560	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11561	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
				11562	0 \
				11563	-s "Protocol is TLSv1.3" \
				11564	-s "got named group: secp384r1(0018)" \
				11565	-s "Verifying peer X.509 certificate... ok" \
				11566	-c "Protocol is TLSv1.3" \
				11567	-c "NamedGroup: secp256r1 ( 17 )" \
				11568	-c "NamedGroup: secp384r1 ( 18 )" \
				11569	-c "Verifying peer X.509 certificate... ok" \
				11570	-s "HRR selected_group: secp384r1"
				11571
				11572	requires_config_enabled MBEDTLS_DEBUG_C
				11573	requires_config_enabled MBEDTLS_SSL_CLI_C
				11574	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11575	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11576	requires_config_enabled MBEDTLS_DEBUG_C
				11577	requires_config_enabled MBEDTLS_SSL_CLI_C
				11578	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11579	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11580	run_test "TLS 1.3 m->m: Server HRR secp256r1 -> secp521r1" \
				11581	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11582	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
				11583	0 \
				11584	-s "Protocol is TLSv1.3" \
				11585	-s "got named group: secp521r1(0019)" \
				11586	-s "Verifying peer X.509 certificate... ok" \
				11587	-c "Protocol is TLSv1.3" \
				11588	-c "NamedGroup: secp256r1 ( 17 )" \
				11589	-c "NamedGroup: secp521r1 ( 19 )" \
				11590	-c "Verifying peer X.509 certificate... ok" \
				11591	-s "HRR selected_group: secp521r1"
				11592
				11593	requires_config_enabled MBEDTLS_DEBUG_C
				11594	requires_config_enabled MBEDTLS_SSL_CLI_C
				11595	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11596	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11597	requires_config_enabled MBEDTLS_DEBUG_C
				11598	requires_config_enabled MBEDTLS_SSL_CLI_C
				11599	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11600	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11601	run_test "TLS 1.3 m->m: Server HRR secp256r1 -> x25519" \
				11602	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11603	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
				11604	0 \
				11605	-s "Protocol is TLSv1.3" \
				11606	-s "got named group: x25519(001d)" \
				11607	-s "Verifying peer X.509 certificate... ok" \
				11608	-c "Protocol is TLSv1.3" \
				11609	-c "NamedGroup: secp256r1 ( 17 )" \
				11610	-c "NamedGroup: x25519 ( 1d )" \
				11611	-c "Verifying peer X.509 certificate... ok" \
				11612	-s "HRR selected_group: x25519"
				11613
				11614	requires_config_enabled MBEDTLS_DEBUG_C
				11615	requires_config_enabled MBEDTLS_SSL_CLI_C
				11616	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11617	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11618	requires_config_enabled MBEDTLS_DEBUG_C
				11619	requires_config_enabled MBEDTLS_SSL_CLI_C
				11620	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11621	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11622	run_test "TLS 1.3 m->m: Server HRR secp256r1 -> x448" \
				11623	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11624	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
				11625	0 \
				11626	-s "Protocol is TLSv1.3" \
				11627	-s "got named group: x448(001e)" \
				11628	-s "Verifying peer X.509 certificate... ok" \
				11629	-c "Protocol is TLSv1.3" \
				11630	-c "NamedGroup: secp256r1 ( 17 )" \
				11631	-c "NamedGroup: x448 ( 1e )" \
				11632	-c "Verifying peer X.509 certificate... ok" \
				11633	-s "HRR selected_group: x448"
				11634
				11635	requires_config_enabled MBEDTLS_DEBUG_C
				11636	requires_config_enabled MBEDTLS_SSL_CLI_C
				11637	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11638	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11639	requires_config_enabled MBEDTLS_DEBUG_C
				11640	requires_config_enabled MBEDTLS_SSL_CLI_C
				11641	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11642	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11643	run_test "TLS 1.3 m->m: Server HRR secp384r1 -> secp256r1" \
				11644	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11645	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
				11646	0 \
				11647	-s "Protocol is TLSv1.3" \
				11648	-s "got named group: secp256r1(0017)" \
				11649	-s "Verifying peer X.509 certificate... ok" \
				11650	-c "Protocol is TLSv1.3" \
				11651	-c "NamedGroup: secp384r1 ( 18 )" \
				11652	-c "NamedGroup: secp256r1 ( 17 )" \
				11653	-c "Verifying peer X.509 certificate... ok" \
				11654	-s "HRR selected_group: secp256r1"
				11655
				11656	requires_config_enabled MBEDTLS_DEBUG_C
				11657	requires_config_enabled MBEDTLS_SSL_CLI_C
				11658	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11659	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11660	requires_config_enabled MBEDTLS_DEBUG_C
				11661	requires_config_enabled MBEDTLS_SSL_CLI_C
				11662	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11663	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11664	run_test "TLS 1.3 m->m: Server HRR secp384r1 -> secp521r1" \
				11665	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11666	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
				11667	0 \
				11668	-s "Protocol is TLSv1.3" \
				11669	-s "got named group: secp521r1(0019)" \
				11670	-s "Verifying peer X.509 certificate... ok" \
				11671	-c "Protocol is TLSv1.3" \
				11672	-c "NamedGroup: secp384r1 ( 18 )" \
				11673	-c "NamedGroup: secp521r1 ( 19 )" \
				11674	-c "Verifying peer X.509 certificate... ok" \
				11675	-s "HRR selected_group: secp521r1"
				11676
				11677	requires_config_enabled MBEDTLS_DEBUG_C
				11678	requires_config_enabled MBEDTLS_SSL_CLI_C
				11679	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11680	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11681	requires_config_enabled MBEDTLS_DEBUG_C
				11682	requires_config_enabled MBEDTLS_SSL_CLI_C
				11683	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11684	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11685	run_test "TLS 1.3 m->m: Server HRR secp384r1 -> x25519" \
				11686	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11687	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
				11688	0 \
				11689	-s "Protocol is TLSv1.3" \
				11690	-s "got named group: x25519(001d)" \
				11691	-s "Verifying peer X.509 certificate... ok" \
				11692	-c "Protocol is TLSv1.3" \
				11693	-c "NamedGroup: secp384r1 ( 18 )" \
				11694	-c "NamedGroup: x25519 ( 1d )" \
				11695	-c "Verifying peer X.509 certificate... ok" \
				11696	-s "HRR selected_group: x25519"
				11697
				11698	requires_config_enabled MBEDTLS_DEBUG_C
				11699	requires_config_enabled MBEDTLS_SSL_CLI_C
				11700	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11701	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11702	requires_config_enabled MBEDTLS_DEBUG_C
				11703	requires_config_enabled MBEDTLS_SSL_CLI_C
				11704	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11705	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11706	run_test "TLS 1.3 m->m: Server HRR secp384r1 -> x448" \
				11707	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11708	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
				11709	0 \
				11710	-s "Protocol is TLSv1.3" \
				11711	-s "got named group: x448(001e)" \
				11712	-s "Verifying peer X.509 certificate... ok" \
				11713	-c "Protocol is TLSv1.3" \
				11714	-c "NamedGroup: secp384r1 ( 18 )" \
				11715	-c "NamedGroup: x448 ( 1e )" \
				11716	-c "Verifying peer X.509 certificate... ok" \
				11717	-s "HRR selected_group: x448"
				11718
				11719	requires_config_enabled MBEDTLS_DEBUG_C
				11720	requires_config_enabled MBEDTLS_SSL_CLI_C
				11721	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11722	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11723	requires_config_enabled MBEDTLS_DEBUG_C
				11724	requires_config_enabled MBEDTLS_SSL_CLI_C
				11725	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11726	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11727	run_test "TLS 1.3 m->m: Server HRR secp521r1 -> secp256r1" \
				11728	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11729	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
				11730	0 \
				11731	-s "Protocol is TLSv1.3" \
				11732	-s "got named group: secp256r1(0017)" \
				11733	-s "Verifying peer X.509 certificate... ok" \
				11734	-c "Protocol is TLSv1.3" \
				11735	-c "NamedGroup: secp521r1 ( 19 )" \
				11736	-c "NamedGroup: secp256r1 ( 17 )" \
				11737	-c "Verifying peer X.509 certificate... ok" \
				11738	-s "HRR selected_group: secp256r1"
				11739
				11740	requires_config_enabled MBEDTLS_DEBUG_C
				11741	requires_config_enabled MBEDTLS_SSL_CLI_C
				11742	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11743	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11744	requires_config_enabled MBEDTLS_DEBUG_C
				11745	requires_config_enabled MBEDTLS_SSL_CLI_C
				11746	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11747	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11748	run_test "TLS 1.3 m->m: Server HRR secp521r1 -> secp384r1" \
				11749	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11750	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
				11751	0 \
				11752	-s "Protocol is TLSv1.3" \
				11753	-s "got named group: secp384r1(0018)" \
				11754	-s "Verifying peer X.509 certificate... ok" \
				11755	-c "Protocol is TLSv1.3" \
				11756	-c "NamedGroup: secp521r1 ( 19 )" \
				11757	-c "NamedGroup: secp384r1 ( 18 )" \
				11758	-c "Verifying peer X.509 certificate... ok" \
				11759	-s "HRR selected_group: secp384r1"
				11760
				11761	requires_config_enabled MBEDTLS_DEBUG_C
				11762	requires_config_enabled MBEDTLS_SSL_CLI_C
				11763	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11764	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11765	requires_config_enabled MBEDTLS_DEBUG_C
				11766	requires_config_enabled MBEDTLS_SSL_CLI_C
				11767	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11768	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11769	run_test "TLS 1.3 m->m: Server HRR secp521r1 -> x25519" \
				11770	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11771	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
				11772	0 \
				11773	-s "Protocol is TLSv1.3" \
				11774	-s "got named group: x25519(001d)" \
				11775	-s "Verifying peer X.509 certificate... ok" \
				11776	-c "Protocol is TLSv1.3" \
				11777	-c "NamedGroup: secp521r1 ( 19 )" \
				11778	-c "NamedGroup: x25519 ( 1d )" \
				11779	-c "Verifying peer X.509 certificate... ok" \
				11780	-s "HRR selected_group: x25519"
				11781
				11782	requires_config_enabled MBEDTLS_DEBUG_C
				11783	requires_config_enabled MBEDTLS_SSL_CLI_C
				11784	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11785	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11786	requires_config_enabled MBEDTLS_DEBUG_C
				11787	requires_config_enabled MBEDTLS_SSL_CLI_C
				11788	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11789	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11790	run_test "TLS 1.3 m->m: Server HRR secp521r1 -> x448" \
				11791	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11792	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
				11793	0 \
				11794	-s "Protocol is TLSv1.3" \
				11795	-s "got named group: x448(001e)" \
				11796	-s "Verifying peer X.509 certificate... ok" \
				11797	-c "Protocol is TLSv1.3" \
				11798	-c "NamedGroup: secp521r1 ( 19 )" \
				11799	-c "NamedGroup: x448 ( 1e )" \
				11800	-c "Verifying peer X.509 certificate... ok" \
				11801	-s "HRR selected_group: x448"
				11802
				11803	requires_config_enabled MBEDTLS_DEBUG_C
				11804	requires_config_enabled MBEDTLS_SSL_CLI_C
				11805	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11806	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11807	requires_config_enabled MBEDTLS_DEBUG_C
				11808	requires_config_enabled MBEDTLS_SSL_CLI_C
				11809	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11810	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11811	run_test "TLS 1.3 m->m: Server HRR x25519 -> secp256r1" \
				11812	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11813	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
				11814	0 \
				11815	-s "Protocol is TLSv1.3" \
				11816	-s "got named group: secp256r1(0017)" \
				11817	-s "Verifying peer X.509 certificate... ok" \
				11818	-c "Protocol is TLSv1.3" \
				11819	-c "NamedGroup: x25519 ( 1d )" \
				11820	-c "NamedGroup: secp256r1 ( 17 )" \
				11821	-c "Verifying peer X.509 certificate... ok" \
				11822	-s "HRR selected_group: secp256r1"
				11823
				11824	requires_config_enabled MBEDTLS_DEBUG_C
				11825	requires_config_enabled MBEDTLS_SSL_CLI_C
				11826	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11827	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11828	requires_config_enabled MBEDTLS_DEBUG_C
				11829	requires_config_enabled MBEDTLS_SSL_CLI_C
				11830	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11831	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11832	run_test "TLS 1.3 m->m: Server HRR x25519 -> secp384r1" \
				11833	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11834	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
				11835	0 \
				11836	-s "Protocol is TLSv1.3" \
				11837	-s "got named group: secp384r1(0018)" \
				11838	-s "Verifying peer X.509 certificate... ok" \
				11839	-c "Protocol is TLSv1.3" \
				11840	-c "NamedGroup: x25519 ( 1d )" \
				11841	-c "NamedGroup: secp384r1 ( 18 )" \
				11842	-c "Verifying peer X.509 certificate... ok" \
				11843	-s "HRR selected_group: secp384r1"
				11844
				11845	requires_config_enabled MBEDTLS_DEBUG_C
				11846	requires_config_enabled MBEDTLS_SSL_CLI_C
				11847	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11848	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11849	requires_config_enabled MBEDTLS_DEBUG_C
				11850	requires_config_enabled MBEDTLS_SSL_CLI_C
				11851	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11852	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11853	run_test "TLS 1.3 m->m: Server HRR x25519 -> secp521r1" \
				11854	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11855	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
				11856	0 \
				11857	-s "Protocol is TLSv1.3" \
				11858	-s "got named group: secp521r1(0019)" \
				11859	-s "Verifying peer X.509 certificate... ok" \
				11860	-c "Protocol is TLSv1.3" \
				11861	-c "NamedGroup: x25519 ( 1d )" \
				11862	-c "NamedGroup: secp521r1 ( 19 )" \
				11863	-c "Verifying peer X.509 certificate... ok" \
				11864	-s "HRR selected_group: secp521r1"
				11865
				11866	requires_config_enabled MBEDTLS_DEBUG_C
				11867	requires_config_enabled MBEDTLS_SSL_CLI_C
				11868	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11869	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11870	requires_config_enabled MBEDTLS_DEBUG_C
				11871	requires_config_enabled MBEDTLS_SSL_CLI_C
				11872	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11873	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11874	run_test "TLS 1.3 m->m: Server HRR x25519 -> x448" \
				11875	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11876	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
				11877	0 \
				11878	-s "Protocol is TLSv1.3" \
				11879	-s "got named group: x448(001e)" \
				11880	-s "Verifying peer X.509 certificate... ok" \
				11881	-c "Protocol is TLSv1.3" \
				11882	-c "NamedGroup: x25519 ( 1d )" \
				11883	-c "NamedGroup: x448 ( 1e )" \
				11884	-c "Verifying peer X.509 certificate... ok" \
				11885	-s "HRR selected_group: x448"
				11886
				11887	requires_config_enabled MBEDTLS_DEBUG_C
				11888	requires_config_enabled MBEDTLS_SSL_CLI_C
				11889	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11890	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11891	requires_config_enabled MBEDTLS_DEBUG_C
				11892	requires_config_enabled MBEDTLS_SSL_CLI_C
				11893	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11894	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11895	run_test "TLS 1.3 m->m: Server HRR x448 -> secp256r1" \
				11896	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11897	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
				11898	0 \
				11899	-s "Protocol is TLSv1.3" \
				11900	-s "got named group: secp256r1(0017)" \
				11901	-s "Verifying peer X.509 certificate... ok" \
				11902	-c "Protocol is TLSv1.3" \
				11903	-c "NamedGroup: x448 ( 1e )" \
				11904	-c "NamedGroup: secp256r1 ( 17 )" \
				11905	-c "Verifying peer X.509 certificate... ok" \
				11906	-s "HRR selected_group: secp256r1"
				11907
				11908	requires_config_enabled MBEDTLS_DEBUG_C
				11909	requires_config_enabled MBEDTLS_SSL_CLI_C
				11910	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11911	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11912	requires_config_enabled MBEDTLS_DEBUG_C
				11913	requires_config_enabled MBEDTLS_SSL_CLI_C
				11914	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11915	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11916	run_test "TLS 1.3 m->m: Server HRR x448 -> secp384r1" \
				11917	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11918	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
				11919	0 \
				11920	-s "Protocol is TLSv1.3" \
				11921	-s "got named group: secp384r1(0018)" \
				11922	-s "Verifying peer X.509 certificate... ok" \
				11923	-c "Protocol is TLSv1.3" \
				11924	-c "NamedGroup: x448 ( 1e )" \
				11925	-c "NamedGroup: secp384r1 ( 18 )" \
				11926	-c "Verifying peer X.509 certificate... ok" \
				11927	-s "HRR selected_group: secp384r1"
				11928
				11929	requires_config_enabled MBEDTLS_DEBUG_C
				11930	requires_config_enabled MBEDTLS_SSL_CLI_C
				11931	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11932	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11933	requires_config_enabled MBEDTLS_DEBUG_C
				11934	requires_config_enabled MBEDTLS_SSL_CLI_C
				11935	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11936	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11937	run_test "TLS 1.3 m->m: Server HRR x448 -> secp521r1" \
				11938	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11939	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
				11940	0 \
				11941	-s "Protocol is TLSv1.3" \
				11942	-s "got named group: secp521r1(0019)" \
				11943	-s "Verifying peer X.509 certificate... ok" \
				11944	-c "Protocol is TLSv1.3" \
				11945	-c "NamedGroup: x448 ( 1e )" \
				11946	-c "NamedGroup: secp521r1 ( 19 )" \
				11947	-c "Verifying peer X.509 certificate... ok" \
				11948	-s "HRR selected_group: secp521r1"
				11949
				11950	requires_config_enabled MBEDTLS_DEBUG_C
				11951	requires_config_enabled MBEDTLS_SSL_CLI_C
				11952	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11953	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11954	requires_config_enabled MBEDTLS_DEBUG_C
				11955	requires_config_enabled MBEDTLS_SSL_CLI_C
				11956	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
				11957	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11958	run_test "TLS 1.3 m->m: Server HRR x448 -> x25519" \
				11959	"$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11960	"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
				11961	0 \
				11962	-s "Protocol is TLSv1.3" \
				11963	-s "got named group: x25519(001d)" \
				11964	-s "Verifying peer X.509 certificate... ok" \
				11965	-c "Protocol is TLSv1.3" \
				11966	-c "NamedGroup: x448 ( 1e )" \
				11967	-c "NamedGroup: x25519 ( 1d )" \
				11968	-c "Verifying peer X.509 certificate... ok" \
				11969	-s "HRR selected_group: x25519"