tls: srv: Set hybrid TLS 1.2/1.3 as default configuration
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index beccbb5..08956e8 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -65,7 +65,7 @@
opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
- opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3;
opts->expected_handshake_result = 0;
opts->expected_ciphersuite = 0;
opts->pk_alg = MBEDTLS_PK_RSA;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2eb0a64..07333f0 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1488,7 +1488,7 @@
fi
}
-# Detect if the current test is going to use TLS 1.3.
+# Detect if the current test is going to use TLS 1.3 or TLS 1.2.
# $1 and $2 contain the server and client command lines, respectively.
#
# Note: this function only provides some guess about TLS version by simply
@@ -1496,23 +1496,52 @@
# for the sake of tests' filtering (especially in conjunction with the
# detect_required_features() function), it does NOT guarantee that the
# result is accurate. It does not check other conditions, such as:
-# - MBEDTLS_SSL_PROTO_TLS1_x can be disabled to selectively remove
-# TLS 1.2/1.3 support
# - we can force a ciphersuite which contains "WITH" in its name, meaning
# that we are going to use TLS 1.2
# - etc etc
get_tls_version() {
+ # First check if the version is forced on an Mbed TLS peer
case $1 in
- *tls1_3*|*tls13*)
+ *tls12*)
+ echo "TLS12"
+ return;;
+ *tls13*)
echo "TLS13"
return;;
esac
case $2 in
- *tls1_3*|*tls13*)
+ *tls12*)
+ echo "TLS12"
+ return;;
+ *tls13*)
echo "TLS13"
return;;
esac
- echo "TLS12"
+ # Second check if the version is forced on an OpenSSL or GnuTLS peer
+ case $1 in
+ tls1_2*)
+ echo "TLS12"
+ return;;
+ *tls1_3)
+ echo "TLS13"
+ return;;
+ esac
+ case $2 in
+ *tls1_2)
+ echo "TLS12"
+ return;;
+ *tls1_3)
+ echo "TLS13"
+ return;;
+ esac
+ # Third if the version is not forced, if TLS 1.3 is enabled then the test
+ # is aimed to run a TLS 1.3 handshake.
+ if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_3
+ then
+ echo "TLS13"
+ else
+ echo "TLS12"
+ fi
}
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index e27b8fd..ec780c4 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -361,7 +361,7 @@
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
Handshake, tls1_3
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
@@ -429,9 +429,13 @@
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
Handshake min/max version check, all -> 1.2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_2
+Handshake min/max version check, all -> 1.3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT
+handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3
+
Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 8d008d3..50ea1ac 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2533,13 +2533,18 @@
options.pk_alg = MBEDTLS_PK_RSA;
/*
- * If both TLS 1.2 and 1.3 are enabled and we want to do a TLS 1.3
- * handshake, force the TLS 1.3 version on the server.
+ * If both TLS 1.2 and 1.3 are enabled and we want to do a TLS 1.2
+ * handshake, force the TLS 1.2 version on endpoint under test.
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) {
- options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_3;
- options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ if (MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) {
+ if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
+ options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ } else {
+ options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ }
}
#endif
@@ -2623,6 +2628,10 @@
options.psk_str = psk_str;
options.pk_alg = pk_alg;
+ options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
+
mbedtls_test_ssl_perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
@@ -2663,6 +2672,11 @@
options.opaque_usage = psa_usage;
options.expected_handshake_result = expected_handshake_result;
options.expected_ciphersuite = expected_ciphersuite;
+
+ options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
+
mbedtls_test_ssl_perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
@@ -2687,9 +2701,10 @@
options.expected_cli_fragments = expected_cli_fragments;
options.expected_srv_fragments = expected_srv_fragments;
options.dtls = dtls;
-#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
- options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3;
-#endif
+
+ options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
mbedtls_test_ssl_perform_handshake(&options);
@@ -2701,7 +2716,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -2735,7 +2750,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_serialization()
{
mbedtls_test_handshake_test_options options;
@@ -2743,6 +2758,7 @@
options.serialize = 1;
options.dtls = 1;
+ options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
mbedtls_test_ssl_perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
@@ -2751,7 +2767,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_AES_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_AES_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
void handshake_fragmentation(int mfl,
int expected_srv_hs_fragmentation,
int expected_cli_hs_fragmentation)
@@ -2765,6 +2781,7 @@
mbedtls_test_init_handshake_options(&options);
options.dtls = 1;
+ options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
options.mfl = mfl;
/* Set cipher to one using CBC so that record splitting can be tested */
options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
@@ -2799,6 +2816,7 @@
options.renegotiate = 1;
options.legacy_renegotiation = legacy_renegotiation;
options.dtls = 1;
+ options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
mbedtls_test_ssl_perform_handshake(&options);
@@ -2809,7 +2827,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 */
void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
int serialize, int dtls, char *cipher)
{
@@ -2822,6 +2840,9 @@
options.legacy_renegotiation = legacy_renegotiation;
options.serialize = serialize;
options.dtls = dtls;
+ if (dtls) {
+ options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ }
options.resize_buffers = 1;
mbedtls_test_ssl_perform_handshake(&options);
@@ -3291,6 +3312,8 @@
mbedtls_test_init_handshake_options(&options);
options.pk_alg = MBEDTLS_PK_ECDSA;
+ options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
/* Client side, force SECP256R1 to make one key bitflip fail
* the raw key agreement. Flipping the first byte makes the