ssl-opt.sh: Add O->m server version selection tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index aea0295..178aa50 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -7169,6 +7169,157 @@
-s "The handshake negotiation failed" \
-S "Protocol is TLSv1.3"
+# Tests of version negotiation on server side against OpenSSL client
+
+requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+run_test "Server version nego check O->m: 1.2 / 1.2+(1.3) -> 1.2" \
+ "$P_SRV" \
+ "$O_NEXT_CLI -tls1_2" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -s "Protocol is TLSv1.2"
+
+requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+run_test "Server version nego check O->m: 1.2 / 1.2 (max=1.2) -> 1.2" \
+ "$P_SRV max_version=tls12" \
+ "$O_NEXT_CLI -tls1_2" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -s "Protocol is TLSv1.2"
+
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "Server version nego check O->m: 1.3 / (1.2)+1.3 -> 1.3" \
+ "$P_SRV" \
+ "$O_NEXT_CLI -tls1_3" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -s "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "Server version nego check O->m: 1.3 / 1.3 (min=1.3) -> 1.3" \
+ "$P_SRV min_version=tls13" \
+ "$O_NEXT_CLI -tls1_3" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -s "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "Server version nego check O->m: 1.2+1.3 / (1.2)+1.3 -> 1.3" \
+ "$P_SRV" \
+ "$O_NEXT_CLI" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -s "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "Server version nego check O->m (no compat): 1.2+1.3 / (1.2)+1.3 -> 1.3" \
+ "$P_SRV" \
+ "$O_NEXT_CLI -no_middlebox" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -s "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "Server version nego check O->m: 1.2+1.3 / 1.3 (min=1.3) -> 1.3" \
+ "$P_SRV min_version=tls13" \
+ "$O_NEXT_CLI" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -s "Protocol is TLSv1.3"
+
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+run_test "Server version nego check O->m: 1.2+1.3 / 1.2 -> 1.2" \
+ "$P_SRV" \
+ "$O_NEXT_CLI" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -s "Protocol is TLSv1.2"
+
+requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+run_test "Server version nego check O->m: 1.2+1.3 / 1.2 (max=1.2) -> 1.2" \
+ "$P_SRV max_version=tls12" \
+ "$O_NEXT_CLI" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -s "Protocol is TLSv1.2"
+
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "Not supported version check O->m: 1.0 / (1.2)+(1.3)" \
+ "$P_SRV" \
+ "$O_CLI -tls1" \
+ 1 \
+ -s "Handshake protocol not within min/max boundaries" \
+ -S "Protocol is TLSv1.0"
+
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "Not supported version check O->m: 1.1 / (1.2)+(1.3)" \
+ "$P_SRV" \
+ "$O_CLI -tls1_1" \
+ 1 \
+ -s "Handshake protocol not within min/max boundaries" \
+ -S "Protocol is TLSv1.1"
+
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "Not supported version check O->m: 1.2 / 1.3" \
+ "$P_SRV" \
+ "$O_NEXT_CLI -tls1_2" \
+ 1 \
+ -s "Handshake protocol not within min/max boundaries" \
+ -S "Protocol is TLSv1.2"
+
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3
+run_test "Not supported version check O->m: 1.3 / 1.2" \
+ "$P_SRV" \
+ "$O_NEXT_CLI -tls1_3" \
+ 1 \
+ -S "Handshake protocol not within min/max boundaries" \
+ -s "The handshake negotiation failed" \
+ -S "Protocol is TLSv1.3"
+
+requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+run_test "Not supported version check O->m: 1.2 / 1.3 (min=1.3)" \
+ "$P_SRV min_version=tls13" \
+ "$O_NEXT_CLI -tls1_2" \
+ 1 \
+ -s "Handshake protocol not within min/max boundaries" \
+ -S "Protocol is TLSv1.2"
+
+requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+run_test "Not supported version check O->m: 1.3 / 1.2 (max=1.2)" \
+ "$P_SRV max_version=tls12" \
+ "$O_NEXT_CLI -tls1_3" \
+ 1 \
+ -S "Handshake protocol not within min/max boundaries" \
+ -s "The handshake negotiation failed" \
+ -S "Protocol is TLSv1.3"
+
# Tests of version negotiation on client side against GnuTLS and OpenSSL server
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2