Merge pull request #9594 from gilles-peskine-arm/analyze_outcomes-classes-development
analyze_outcomes.py refactoring: change stringly typed data to classes
diff --git a/CMakeLists.txt b/CMakeLists.txt
index b1af566..f05e1e3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -403,6 +403,9 @@
endif()
if(ENABLE_PROGRAMS)
+ set(ssl_opt_target "${MBEDTLS_TARGET_PREFIX}ssl-opt")
+ add_custom_target(${ssl_opt_target})
+
add_subdirectory(programs)
endif()
diff --git a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt
new file mode 100644
index 0000000..938e9ec
--- /dev/null
+++ b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt
@@ -0,0 +1,4 @@
+Changes
+ * Functions regarding numeric string conversions for OIDs have been moved
+ from the OID module and now reside in X.509 module. This helps to reduce
+ the code size as these functions are not commonly used outside of X.509.
diff --git a/ChangeLog.d/tls13-middlebox-compat-disabled.txt b/ChangeLog.d/tls13-middlebox-compat-disabled.txt
new file mode 100644
index 0000000..f5331bc
--- /dev/null
+++ b/ChangeLog.d/tls13-middlebox-compat-disabled.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with
+ peers that have middlebox compatibility enabled, as long as no
+ problematic middlebox is in the way. Fixes #9551.
diff --git a/Makefile b/Makefile
index 2ca7ced..71ef1be 100644
--- a/Makefile
+++ b/Makefile
@@ -30,6 +30,7 @@
ssl-opt: lib mbedtls_test
$(MAKE) -C programs ssl-opt
+ $(MAKE) -C tests ssl-opt
lib:
$(MAKE) -C library
diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md
index 5d950b0..2c08c69 100644
--- a/docs/driver-only-builds.md
+++ b/docs/driver-only-builds.md
@@ -100,12 +100,8 @@
If you want to check at compile-time whether a certain hash algorithm is
available in the present build of Mbed TLS, regardless of whether it's
-provided by a driver or built-in, you should use the following macros:
-
-- for code that uses only the PSA Crypto API: `PSA_WANT_ALG_xxx` from
- `psa/crypto.h`;
-- for code that uses non-PSA crypto APIs: `MBEDTLS_MD_CAN_xxx` from
- `mbedtls/config_adjust_legacy_crypto.h`.
+provided by a driver or built-in, you should use `PSA_WANT_ALG_xxx` from
+`psa/crypto.h`.
### HMAC
@@ -186,13 +182,8 @@
If you want to check at compile-time whether a certain curve is available in
the present build of Mbed TLS, regardless of whether ECC is provided by a
-driver or built-in, you should use the following macros:
-
-- for code that uses only the PSA Crypto API: `PSA_WANT_ECC_xxx` from
- `psa/crypto.h`;
-- for code that may also use non-PSA crypto APIs: `MBEDTLS_ECP_HAVE_xxx` from
- `mbedtls/build_info.h` where xxx can take the same values as for
-`MBEDTLS_ECP_DP_xxx` macros.
+driver or built-in, you should use `PSA_WANT_ECC_xxx` from
+ `psa/crypto.h`.
Note that for externally-provided drivers, the integrator is responsible for
ensuring the appropriate `MBEDTLS_PSA_ACCEL_xxx` macros are defined. However,
diff --git a/framework b/framework
index 8c488b1..33ac133 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 8c488b1b8f86384450c922f22cd1bee0b996be13
+Subproject commit 33ac13321737c333f52659ee848ca25746588227
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index f4e1ec3..20b0ed6 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -211,7 +211,7 @@
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
- !(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256))
+ !(defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_256))
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
@@ -219,12 +219,12 @@
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
- (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_CAN_SHA512)) \
+ (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(PSA_WANT_ALG_SHA_512)) \
&& defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
- defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_CAN_SHA256)
+ defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(PSA_WANT_ALG_SHA_256)
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
@@ -339,30 +339,30 @@
/* Use of EC J-PAKE in TLS requires SHA-256. */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- !defined(MBEDTLS_MD_CAN_SHA256)
+ !defined(PSA_WANT_ALG_SHA_256)
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
- !defined(MBEDTLS_MD_CAN_SHA256) && \
- !defined(MBEDTLS_MD_CAN_SHA512) && \
+ !defined(PSA_WANT_ALG_SHA_256) && \
+ !defined(PSA_WANT_ALG_SHA_512) && \
!defined(PSA_WANT_ALG_SHA_1)
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1".
#endif
#if defined(MBEDTLS_MD_C) && \
- !defined(MBEDTLS_MD_CAN_MD5) && \
- !defined(MBEDTLS_MD_CAN_RIPEMD160) && \
+ !defined(PSA_WANT_ALG_MD5) && \
+ !defined(PSA_WANT_ALG_RIPEMD160) && \
!defined(PSA_WANT_ALG_SHA_1) && \
- !defined(MBEDTLS_MD_CAN_SHA224) && \
- !defined(MBEDTLS_MD_CAN_SHA256) && \
- !defined(MBEDTLS_MD_CAN_SHA384) && \
- !defined(MBEDTLS_MD_CAN_SHA512) && \
- !defined(MBEDTLS_MD_CAN_SHA3_224) && \
- !defined(MBEDTLS_MD_CAN_SHA3_256) && \
- !defined(MBEDTLS_MD_CAN_SHA3_384) && \
- !defined(MBEDTLS_MD_CAN_SHA3_512)
+ !defined(PSA_WANT_ALG_SHA_224) && \
+ !defined(PSA_WANT_ALG_SHA_256) && \
+ !defined(PSA_WANT_ALG_SHA_384) && \
+ !defined(PSA_WANT_ALG_SHA_512) && \
+ !defined(PSA_WANT_ALG_SHA3_224) && \
+ !defined(PSA_WANT_ALG_SHA3_256) && \
+ !defined(PSA_WANT_ALG_SHA3_384) && \
+ !defined(PSA_WANT_ALG_SHA3_512)
#error "MBEDTLS_MD_C defined, but no hash algorithm"
#endif
@@ -398,7 +398,7 @@
#endif
#if defined(MBEDTLS_PK_C) && \
- !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+ !defined(MBEDTLS_RSA_C) && !defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
#error "MBEDTLS_PK_C defined, but not all prerequisites"
#endif
@@ -832,18 +832,10 @@
#endif
/* TLS 1.2 and 1.3 require SHA-256 or SHA-384 (running handshake hash) */
-#if defined(MBEDTLS_SSL_TLS_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if !(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))
+#if defined(MBEDTLS_SSL_TLS_C) && \
+ !(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
#endif
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#if !defined(MBEDTLS_MD_C) || \
- !(defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA384))
-#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
-#endif
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
@@ -919,8 +911,8 @@
#endif
#if defined(MBEDTLS_SSL_TICKET_C) && \
- !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
- defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
+ !( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \
+ defined(PSA_WANT_ALG_CHACHA20_POLY1305) )
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif
@@ -1020,8 +1012,8 @@
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \
- !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
- defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
+ !( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \
+ defined(PSA_WANT_ALG_CHACHA20_POLY1305) )
#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
index 3ddb1b8..d669f4c 100644
--- a/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/include/mbedtls/config_adjust_legacy_crypto.h
@@ -87,7 +87,6 @@
#if defined(MBEDTLS_MD_LIGHT)
/*
- * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
* - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
* (see below).
* - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
@@ -104,7 +103,6 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#define MBEDTLS_MD_CAN_MD5
#define MBEDTLS_MD_MD5_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
@@ -113,85 +111,52 @@
#define MBEDTLS_MD_SOME_PSA
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#define MBEDTLS_MD_CAN_SHA224
#define MBEDTLS_MD_SHA224_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#define MBEDTLS_MD_CAN_SHA256
#define MBEDTLS_MD_SHA256_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#define MBEDTLS_MD_CAN_SHA384
#define MBEDTLS_MD_SHA384_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#define MBEDTLS_MD_CAN_SHA512
#define MBEDTLS_MD_SHA512_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#define MBEDTLS_MD_CAN_RIPEMD160
#define MBEDTLS_MD_RIPEMD160_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
-#define MBEDTLS_MD_CAN_SHA3_224
#define MBEDTLS_MD_SHA3_224_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
-#define MBEDTLS_MD_CAN_SHA3_256
#define MBEDTLS_MD_SHA3_256_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
-#define MBEDTLS_MD_CAN_SHA3_384
#define MBEDTLS_MD_SHA3_384_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
-#define MBEDTLS_MD_CAN_SHA3_512
#define MBEDTLS_MD_SHA3_512_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
#endif /* MBEDTLS_PSA_CRYPTO_C */
/* Built-in implementations */
-#if defined(MBEDTLS_MD5_C)
-#define MBEDTLS_MD_CAN_MD5
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA224_C)
-#define MBEDTLS_MD_CAN_SHA224
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_MD_CAN_SHA256
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_MD_CAN_SHA384
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_CAN_SHA512
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA3_C)
-#define MBEDTLS_MD_CAN_SHA3_224
-#define MBEDTLS_MD_CAN_SHA3_256
-#define MBEDTLS_MD_CAN_SHA3_384
-#define MBEDTLS_MD_CAN_SHA3_512
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-#define MBEDTLS_MD_CAN_RIPEMD160
+#if defined(MBEDTLS_MD5_C) || \
+ defined(MBEDTLS_SHA1_C) || \
+ defined(MBEDTLS_SHA224_C) || \
+ defined(MBEDTLS_SHA256_C) || \
+ defined(MBEDTLS_SHA384_C) || \
+ defined(MBEDTLS_SHA512_C) || \
+ defined(MBEDTLS_SHA3_C) || \
+ defined(MBEDTLS_RIPEMD160_C)
#define MBEDTLS_MD_SOME_LEGACY
#endif
@@ -333,52 +298,6 @@
#define MBEDTLS_PSA_CRYPTO_CLIENT
#endif /* MBEDTLS_PSA_CRYPTO_C */
-/* Helpers to state that each key is supported either on the builtin or PSA side. */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
-#define MBEDTLS_ECP_HAVE_SECP521R1
-#endif
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_ECP_HAVE_BP512R1
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
-#define MBEDTLS_ECP_HAVE_CURVE448
-#endif
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#define MBEDTLS_ECP_HAVE_BP384R1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
-#define MBEDTLS_ECP_HAVE_SECP384R1
-#endif
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#define MBEDTLS_ECP_HAVE_BP256R1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
-#define MBEDTLS_ECP_HAVE_SECP256K1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
-#define MBEDTLS_ECP_HAVE_SECP256R1
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
-#define MBEDTLS_ECP_HAVE_CURVE25519
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
-#define MBEDTLS_ECP_HAVE_SECP224R1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
-#define MBEDTLS_ECP_HAVE_SECP192K1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
-#define MBEDTLS_ECP_HAVE_SECP192R1
-#endif
-
-/* Helper symbol to state that the PK module has support for EC keys. This
- * can either be provided through the legacy ECP solution or through the
- * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
-#if defined(MBEDTLS_ECP_C) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
-#define MBEDTLS_PK_HAVE_ECC_KEYS
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
-
/* Historically pkparse did not check the CBC padding when decrypting
* a key. This was a bug, which is now fixed. As a consequence, pkparse
* now needs PKCS7 padding support, but existing configurations might not
@@ -397,50 +316,10 @@
#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
#endif
-/* psa_util file features some ECDSA conversion functions, to convert between
- * legacy's ASN.1 DER format and PSA's raw one. */
-#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \
- (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
-#define MBEDTLS_PSA_UTIL_HAVE_ECDSA
-#endif
-
-/* Some internal helpers to determine which keys are available. */
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
-#define MBEDTLS_SSL_HAVE_AES
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA))
-#define MBEDTLS_SSL_HAVE_ARIA
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA))
-#define MBEDTLS_SSL_HAVE_CAMELLIA
-#endif
-
/* Some internal helpers to determine which operation modes are available. */
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
-#define MBEDTLS_SSL_HAVE_CBC
-#endif
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
-#define MBEDTLS_SSL_HAVE_GCM
-#endif
-
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
-#define MBEDTLS_SSL_HAVE_CCM
-#endif
-
-#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
-#define MBEDTLS_SSL_HAVE_CHACHAPOLY
-#endif
-
-#if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
- defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
+#if defined(PSA_WANT_ALG_GCM) || defined(PSA_WANT_ALG_CCM) || \
+ defined(PSA_WANT_ALG_CHACHA20_POLY1305)
#define MBEDTLS_SSL_HAVE_AEAD
#endif
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 453f598..18df19c 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -492,6 +492,38 @@
p += (size_t) ret; \
} while (0)
+/**
+ * \brief Translate an ASN.1 OID into its numeric representation
+ * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
+ *
+ * \param buf buffer to put representation in
+ * \param size size of the buffer
+ * \param oid OID to translate
+ *
+ * \return Length of the string written (excluding final NULL) or
+ * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
+ */
+int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid);
+
+/**
+ * \brief Translate a string containing a dotted-decimal
+ * representation of an ASN.1 OID into its encoded form
+ * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D").
+ * On success, this function allocates oid->buf from the
+ * heap. It must be freed by the caller using mbedtls_free().
+ *
+ * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID
+ * \param oid_str string representation of the OID to parse
+ * \param size length of the OID string, not including any null terminator
+ *
+ * \return 0 if successful
+ * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not
+ * represent a valid OID
+ * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to
+ * allocate oid->buf
+ */
+int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size);
+
#ifdef __cplusplus
}
#endif
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 2bdad84..0165fd6 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5066,15 +5066,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
-#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
- MBEDTLS_SSL_DEBUG_MSG(1,
+ MBEDTLS_SSL_DEBUG_MSG(2,
("Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"));
return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
-#else
- MBEDTLS_SSL_DEBUG_MSG(1,
- ("ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"));
- return MBEDTLS_ERR_SSL_INVALID_RECORD;
-#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
}
diff --git a/library/x509.c b/library/x509.c
index a80ab53..be7b277 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -805,6 +805,75 @@
return (i < 10) ? (i + '0') : (i - 10 + 'A');
}
+/* Return the x.y.z.... style numeric string for the given OID */
+int mbedtls_oid_get_numeric_string(char *buf, size_t size,
+ const mbedtls_asn1_buf *oid)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ char *p = buf;
+ size_t n = size;
+ unsigned int value = 0;
+
+ if (size > INT_MAX) {
+ /* Avoid overflow computing return value */
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
+
+ if (oid->len <= 0) {
+ /* OID must not be empty */
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
+
+ for (size_t i = 0; i < oid->len; i++) {
+ /* Prevent overflow in value. */
+ if (value > (UINT_MAX >> 7)) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+ if ((value == 0) && ((oid->p[i]) == 0x80)) {
+ /* Overlong encoding is not allowed */
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+
+ value <<= 7;
+ value |= oid->p[i] & 0x7F;
+
+ if (!(oid->p[i] & 0x80)) {
+ /* Last byte */
+ if (n == size) {
+ int component1;
+ unsigned int component2;
+ /* First subidentifier contains first two OID components */
+ if (value >= 80) {
+ component1 = '2';
+ component2 = value - 80;
+ } else if (value >= 40) {
+ component1 = '1';
+ component2 = value - 40;
+ } else {
+ component1 = '0';
+ component2 = value;
+ }
+ ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2);
+ } else {
+ ret = mbedtls_snprintf(p, n, ".%u", value);
+ }
+ if (ret < 2 || (size_t) ret >= n) {
+ return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
+ }
+ n -= (size_t) ret;
+ p += ret;
+ value = 0;
+ }
+ }
+
+ if (value != 0) {
+ /* Unterminated subidentifier */
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
+
+ return (int) (size - n);
+}
+
/*
* Store the name in printable form into buf; no more
* than size characters will be written
diff --git a/library/x509_create.c b/library/x509_create.c
index 839b5df..1309831 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -278,6 +278,182 @@
return MBEDTLS_ERR_X509_INVALID_NAME;
}
+static int oid_parse_number(unsigned int *num, const char **p, const char *bound)
+{
+ int ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+
+ *num = 0;
+
+ while (*p < bound && **p >= '0' && **p <= '9') {
+ ret = 0;
+ if (*num > (UINT_MAX / 10)) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+ *num *= 10;
+ *num += **p - '0';
+ (*p)++;
+ }
+ return ret;
+}
+
+static size_t oid_subidentifier_num_bytes(unsigned int value)
+{
+ size_t num_bytes = 0;
+
+ do {
+ value >>= 7;
+ num_bytes++;
+ } while (value != 0);
+
+ return num_bytes;
+}
+
+static int oid_subidentifier_encode_into(unsigned char **p,
+ unsigned char *bound,
+ unsigned int value)
+{
+ size_t num_bytes = oid_subidentifier_num_bytes(value);
+
+ if ((size_t) (bound - *p) < num_bytes) {
+ return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
+ }
+ (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f);
+ value >>= 7;
+
+ for (size_t i = 2; i <= num_bytes; i++) {
+ (*p)[num_bytes - i] = 0x80 | (unsigned char) (value & 0x7f);
+ value >>= 7;
+ }
+ *p += num_bytes;
+
+ return 0;
+}
+
+/* Return the OID for the given x.y.z.... style numeric string */
+int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid,
+ const char *oid_str, size_t size)
+{
+ int ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ const char *str_ptr = oid_str;
+ const char *str_bound = oid_str + size;
+ unsigned int val = 0;
+ unsigned int component1, component2;
+ size_t encoded_len;
+ unsigned char *resized_mem;
+
+ /* Count the number of dots to get a worst-case allocation size. */
+ size_t num_dots = 0;
+ for (size_t i = 0; i < size; i++) {
+ if (oid_str[i] == '.') {
+ num_dots++;
+ }
+ }
+ /* Allocate maximum possible required memory:
+ * There are (num_dots + 1) integer components, but the first 2 share the
+ * same subidentifier, so we only need num_dots subidentifiers maximum. */
+ if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+ /* Each byte can store 7 bits, calculate number of bytes for a
+ * subidentifier:
+ *
+ * bytes = ceil(subidentifer_size * 8 / 7)
+ */
+ size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7)
+ + 1;
+ size_t max_possible_bytes = num_dots * bytes_per_subidentifier;
+ oid->p = mbedtls_calloc(max_possible_bytes, 1);
+ if (oid->p == NULL) {
+ return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
+ }
+ unsigned char *out_ptr = oid->p;
+ unsigned char *out_bound = oid->p + max_possible_bytes;
+
+ ret = oid_parse_number(&component1, &str_ptr, str_bound);
+ if (ret != 0) {
+ goto error;
+ }
+ if (component1 > 2) {
+ /* First component can't be > 2 */
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ if (str_ptr >= str_bound || *str_ptr != '.') {
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ str_ptr++;
+
+ ret = oid_parse_number(&component2, &str_ptr, str_bound);
+ if (ret != 0) {
+ goto error;
+ }
+ if ((component1 < 2) && (component2 > 39)) {
+ /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ if (str_ptr < str_bound) {
+ if (*str_ptr == '.') {
+ str_ptr++;
+ } else {
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ }
+
+ if (component2 > (UINT_MAX - (component1 * 40))) {
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ ret = oid_subidentifier_encode_into(&out_ptr, out_bound,
+ (component1 * 40) + component2);
+ if (ret != 0) {
+ goto error;
+ }
+
+ while (str_ptr < str_bound) {
+ ret = oid_parse_number(&val, &str_ptr, str_bound);
+ if (ret != 0) {
+ goto error;
+ }
+ if (str_ptr < str_bound) {
+ if (*str_ptr == '.') {
+ str_ptr++;
+ } else {
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ }
+
+ ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val);
+ if (ret != 0) {
+ goto error;
+ }
+ }
+
+ encoded_len = (size_t) (out_ptr - oid->p);
+ resized_mem = mbedtls_calloc(encoded_len, 1);
+ if (resized_mem == NULL) {
+ ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED;
+ goto error;
+ }
+ memcpy(resized_mem, oid->p, encoded_len);
+ mbedtls_free(oid->p);
+ oid->p = resized_mem;
+ oid->len = encoded_len;
+
+ oid->tag = MBEDTLS_ASN1_OID;
+
+ return 0;
+
+error:
+ mbedtls_free(oid->p);
+ oid->p = NULL;
+ oid->len = 0;
+ return ret;
+}
+
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
{
int ret = MBEDTLS_ERR_X509_INVALID_NAME;
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index e031544..aaf93ba 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -1,9 +1,6 @@
set(programs_target "${MBEDTLS_TARGET_PREFIX}programs")
add_custom_target(${programs_target})
-set(ssl_opt_target "${MBEDTLS_TARGET_PREFIX}ssl-opt")
-add_custom_target(${ssl_opt_target})
-
add_subdirectory(aes)
add_subdirectory(cipher)
if (NOT WIN32)
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index ddb3c34..f7f417f 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -9,18 +9,17 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_PEM_PARSE_C)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- mbedtls_printf("MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
mbedtls_exit(0);
}
#else
@@ -45,7 +44,7 @@
#ifdef FORCE_IPV4
#define SERVER_ADDR "127.0.0.1" /* Forces IPv4 */
#else
-#define SERVER_ADDR "::1"
+#define SERVER_ADDR SERVER_NAME
#endif
#define MESSAGE "Echo this"
@@ -99,7 +98,6 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -107,7 +105,6 @@
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
@@ -326,9 +323,7 @@
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Shell can not handle large exit numbers -> 1 for errors */
if (ret < 0) {
@@ -337,6 +332,5 @@
mbedtls_exit(ret);
}
-#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
- MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
- MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C */
+
+#endif /* configuration allows running this program */
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 732625e..6430ed2 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -18,19 +18,19 @@
#define BIND_IP "::"
#endif
-#if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
- !defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_TIMING_C)
-
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
+ !defined(MBEDTLS_SSL_COOKIE_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- printf("MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
- "MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_TIMING_C not defined.\n");
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+ "MBEDTLS_SSL_COOKIE_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
mbedtls_exit(0);
}
#else
@@ -107,7 +107,6 @@
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -115,7 +114,6 @@
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_LEVEL);
@@ -291,7 +289,14 @@
ret = 0;
goto reset;
} else if (ret != 0) {
- printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret);
+ printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n", (unsigned int) -ret);
+ if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) {
+ printf(" An unexpected message was received from our peer. If this happened at\n");
+ printf(" the beginning of the handshake, this is likely a duplicated packet or\n");
+ printf(" a close_notify alert from the previous connection, which is harmless.\n");
+ ret = 0;
+ }
+ printf("\n");
goto reset;
}
@@ -391,9 +396,7 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Shell can not handle large exit numbers -> 1 for errors */
if (ret < 0) {
@@ -402,7 +405,5 @@
mbedtls_exit(ret);
}
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
- MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
- MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
- && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */
+
+#endif /* configuration allows running this program */
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index ba0195c..cac630e 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -165,13 +165,11 @@
#endif
mbedtls_entropy_init(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -265,9 +263,7 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free(&ca);
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(ret);
}
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index ee734b1..a6ab858 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -9,17 +9,14 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
}
@@ -81,14 +78,12 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
@@ -240,6 +235,9 @@
}
if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
+ mbedtls_printf("The return value %d from mbedtls_ssl_read() means that the server\n"
+ "closed the connection first. We're ok with that.\n",
+ MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY);
break;
}
@@ -259,7 +257,9 @@
mbedtls_ssl_close_notify(&ssl);
- exit_code = MBEDTLS_EXIT_SUCCESS;
+ if (ret == 0 || ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+ }
exit:
@@ -277,12 +277,9 @@
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
- MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
- MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C */
+
+#endif /* configuration allows running this program */
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index 51e8781..cbe9c6d 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -925,14 +925,12 @@
size_t ssl_max_len = SSL_INIT_LEN;
size_t ssl_len = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* The 'b64_file' is opened when parsing arguments to check that the
* file name is correct */
@@ -1002,9 +1000,7 @@
printf("Finished. No valid base64 code found\n");
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
return 0;
}
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index f4822b7..9b36507 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -9,22 +9,15 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_PEM_PARSE_C)
-int main(int argc, char *argv[])
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
+int main(void)
{
- ((void) argc);
- ((void) argv);
-
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
- "MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
mbedtls_exit(0);
}
#elif defined(_WIN32)
@@ -93,14 +86,12 @@
mbedtls_x509_crt_init(&srvcert);
mbedtls_ctr_drbg_init(&ctr_drbg);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
signal(SIGCHLD, SIG_IGN);
@@ -225,6 +216,7 @@
if (pid != 0) {
mbedtls_printf(" ok\n");
mbedtls_net_close(&client_fd);
+ fflush(stdout);
if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
(const unsigned char *) "parent",
@@ -282,6 +274,7 @@
}
mbedtls_printf("pid %d: SSL handshake ok\n", pid);
+ fflush(stdout);
/*
* 6. Read the HTTP Request
@@ -312,12 +305,14 @@
mbedtls_printf("pid %d: mbedtls_ssl_read returned %d\n", pid, ret);
break;
}
+ fflush(stdout);
break;
}
len = ret;
mbedtls_printf("pid %d: %d bytes read\n\n%s", pid, len, (char *) buf);
+ fflush(stdout);
if (ret > 0) {
break;
@@ -333,7 +328,7 @@
len = sprintf((char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite(&ssl));
- while (cnt++ < 100) {
+ while (cnt++ < 10) {
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
mbedtls_printf(
@@ -349,12 +344,16 @@
}
}
len = ret;
- mbedtls_printf("pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf);
+ mbedtls_printf("pid %d: %d bytes written (cnt=%d)\n\n%s\n",
+ pid, len, cnt, (char *) buf);
+ fflush(stdout);
mbedtls_net_usleep(1000000);
}
mbedtls_ssl_close_notify(&ssl);
+ mbedtls_printf("pid %d: shutting down\n", pid);
+ fflush(stdout);
goto exit;
}
@@ -369,9 +368,7 @@
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index e3ed697..bdeef9b 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -359,14 +359,12 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -806,9 +804,7 @@
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index fcb8f2f..d8213cb 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -10,20 +10,21 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_THREADING_C) || \
- !defined(MBEDTLS_THREADING_PTHREAD) || !defined(MBEDTLS_PEM_PARSE_C)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
- "MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
- "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
+ mbedtls_exit(0);
+}
+#elif !defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_THREADING_PTHREAD not defined.\n");
mbedtls_exit(0);
}
#else
@@ -123,6 +124,7 @@
* 5. Handshake
*/
mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id);
+ fflush(stdout);
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
@@ -138,6 +140,7 @@
* 6. Read the HTTP Request
*/
mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id);
+ fflush(stdout);
do {
len = sizeof(buf) - 1;
@@ -170,6 +173,7 @@
len = ret;
mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
thread_id, len, (char *) buf);
+ fflush(stdout);
if (ret > 0) {
break;
@@ -180,6 +184,7 @@
* 7. Write the 200 Response
*/
mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id);
+ fflush(stdout);
len = sprintf((char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite(&ssl));
@@ -201,6 +206,7 @@
len = ret;
mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
thread_id, len, (char *) buf);
+ fflush(stdout);
mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id);
@@ -214,6 +220,7 @@
}
mbedtls_printf(" ok\n");
+ fflush(stdout);
ret = 0;
@@ -320,7 +327,6 @@
*/
mbedtls_entropy_init(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -328,7 +334,6 @@
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* 1a. Seed the random number generator
@@ -442,6 +447,7 @@
* 3. Wait until a client connects
*/
mbedtls_printf(" [ main ] Waiting for a remote connection\n");
+ fflush(stdout);
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
NULL, 0, NULL)) != 0) {
@@ -476,14 +482,9 @@
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(ret);
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
- MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
- MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_THREADING_C &&
- MBEDTLS_THREADING_PTHREAD && MBEDTLS_PEM_PARSE_C */
+#endif /* configuration allows running this program */
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 6becf8d..9a90d1d 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -9,18 +9,15 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
- !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
- !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
- "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
mbedtls_exit(0);
}
#else
@@ -92,7 +89,6 @@
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -100,7 +96,6 @@
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_LEVEL);
@@ -315,16 +310,19 @@
mbedtls_printf(" %d bytes written\n\n%s\n", len, (char *) buf);
mbedtls_printf(" . Closing the connection...");
+ fflush(stdout);
while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_NET_CONN_RESET) {
mbedtls_printf(" failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret);
goto reset;
}
}
mbedtls_printf(" ok\n");
+ fflush(stdout);
ret = 0;
goto reset;
@@ -350,13 +348,9 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(ret);
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
- MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
- MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C
- && MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */
+
+#endif /* configuration allows running this program */
diff --git a/scripts/config.py b/scripts/config.py
index fff4233..580a4bb 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -19,26 +19,33 @@
from mbedtls_framework import config_common
-def is_full_section(section):
- """Is this section affected by "config.py full" and friends?
+def is_boolean_setting(name, value):
+ """Is this a boolean setting?
- In a config file where the sections are not used the whole config file
- is an empty section (with value None) and the whole file is affected.
+ Mbed TLS boolean settings are enabled if the preprocessor macro is
+ defined, and disabled if the preprocessor macro is not defined. The
+ macro definition line in the configuration file has an empty expansion.
+
+ PSA_WANT_xxx settings are also boolean, but when they are enabled,
+ they expand to a nonzero value. We leave them undefined when they
+ are disabled. (Setting them to 0 currently means to enable them, but
+ this might change to mean disabling them. Currently we just never set
+ them to 0.)
"""
- return section is None or section.endswith('support') or section.endswith('modules')
+ if name.startswith('PSA_WANT_'):
+ return True
+ if not value:
+ return True
+ return False
-def realfull_adapter(_name, active, section):
- """Activate all symbols found in the global and boolean feature sections.
+def realfull_adapter(_name, _value, _active):
+ """Activate all symbols.
This is intended for building the documentation, including the
documentation of settings that are activated by defining an optional
- preprocessor macro.
-
- Do not activate definitions in the section containing symbols that are
- supposed to be defined and documented in their own module.
+ preprocessor macro. There is no expectation that the resulting
+ configuration can be built.
"""
- if section == 'Module configuration options':
- return active
return True
PSA_UNSUPPORTED_FEATURE = frozenset([
@@ -138,9 +145,9 @@
return is_seamless_alt(name)
return True
-def full_adapter(name, active, section):
+def full_adapter(name, value, active):
"""Config adapter for "full"."""
- if not is_full_section(section):
+ if not is_boolean_setting(name, value):
return active
return include_in_full(name)
@@ -176,9 +183,9 @@
return False
return True
-def baremetal_adapter(name, active, section):
+def baremetal_adapter(name, value, active):
"""Config adapter for "baremetal"."""
- if not is_full_section(section):
+ if not is_boolean_setting(name, value):
return active
if name == 'MBEDTLS_NO_PLATFORM_ENTROPY':
# No OS-provided entropy source
@@ -195,10 +202,10 @@
'MBEDTLS_TEST_HOOKS', # only useful with the hosted test framework, increases code size
])
-def baremetal_size_adapter(name, active, section):
+def baremetal_size_adapter(name, value, active):
if name in EXCLUDE_FOR_SIZE:
return False
- return baremetal_adapter(name, active, section)
+ return baremetal_adapter(name, value, active)
def include_in_crypto(name):
"""Rules for symbols in a crypto configuration."""
@@ -219,15 +226,15 @@
def crypto_adapter(adapter):
"""Modify an adapter to disable non-crypto symbols.
- ``crypto_adapter(adapter)(name, active, section)`` is like
- ``adapter(name, active, section)``, but unsets all X.509 and TLS symbols.
+ ``crypto_adapter(adapter)(name, value, active)`` is like
+ ``adapter(name, value, active)``, but unsets all X.509 and TLS symbols.
"""
- def continuation(name, active, section):
+ def continuation(name, value, active):
if not include_in_crypto(name):
return False
if adapter is None:
return active
- return adapter(name, active, section)
+ return adapter(name, value, active)
return continuation
DEPRECATED = frozenset([
@@ -237,34 +244,34 @@
def no_deprecated_adapter(adapter):
"""Modify an adapter to disable deprecated symbols.
- ``no_deprecated_adapter(adapter)(name, active, section)`` is like
- ``adapter(name, active, section)``, but unsets all deprecated symbols
+ ``no_deprecated_adapter(adapter)(name, value, active)`` is like
+ ``adapter(name, value, active)``, but unsets all deprecated symbols
and sets ``MBEDTLS_DEPRECATED_REMOVED``.
"""
- def continuation(name, active, section):
+ def continuation(name, value, active):
if name == 'MBEDTLS_DEPRECATED_REMOVED':
return True
if name in DEPRECATED:
return False
if adapter is None:
return active
- return adapter(name, active, section)
+ return adapter(name, value, active)
return continuation
def no_platform_adapter(adapter):
"""Modify an adapter to disable platform symbols.
- ``no_platform_adapter(adapter)(name, active, section)`` is like
- ``adapter(name, active, section)``, but unsets all platform symbols other
+ ``no_platform_adapter(adapter)(name, value, active)`` is like
+ ``adapter(name, value, active)``, but unsets all platform symbols other
``than MBEDTLS_PLATFORM_C.
"""
- def continuation(name, active, section):
+ def continuation(name, value, active):
# Allow MBEDTLS_PLATFORM_C but remove all other platform symbols.
if name.startswith('MBEDTLS_PLATFORM_') and name != 'MBEDTLS_PLATFORM_C':
return False
if adapter is None:
return active
- return adapter(name, active, section)
+ return adapter(name, value, active)
return continuation
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index 3d5f32d..ba1a497 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -29,3 +29,4 @@
python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1
python framework\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1
python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1
+python tests\scripts\generate_tls13_compat_tests.py || exit /b 1
diff --git a/tests/.gitignore b/tests/.gitignore
index 7da51f2..997101c 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -18,6 +18,7 @@
###START_GENERATED_FILES###
# Generated source files
+/opt-testcases/tls13-compat.sh
/suites/*.generated.data
/suites/test_suite_config.mbedtls_boolean.data
/src/test_keys.h
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index d1338ea..4a42efe 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -64,6 +64,22 @@
# change too often in ways that don't affect the result
# ((un)commenting some options).
)
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/..
+ COMMAND
+ "${MBEDTLS_PYTHON_EXECUTABLE}"
+ "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_tls13_compat_tests.py"
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_tls13_compat_tests.py
+ )
+ add_custom_target(tls13-compat.sh
+ DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh)
+ set_target_properties(tls13-compat.sh PROPERTIES EXCLUDE_FROM_ALL NO)
+ add_dependencies(${ssl_opt_target} tls13-compat.sh)
+
else()
foreach(file ${all_generated_data_files})
link_to_source(${file})
diff --git a/tests/Makefile b/tests/Makefile
index 3f1a6df..66bb1cd 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -59,6 +59,15 @@
GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES)
GENERATED_FILES += src/test_keys.h src/test_certs.h
+# Generated files needed to (fully) run ssl-opt.sh
+.PHONY: ssl-opt
+
+opt-testcases/tls13-compat.sh: scripts/generate_tls13_compat_tests.py
+ echo " Gen $@"
+ $(PYTHON) scripts/generate_tls13_compat_tests.py -o $@
+GENERATED_FILES += opt-testcases/tls13-compat.sh
+ssl-opt: opt-testcases/tls13-compat.sh
+
.PHONY: generated_files
generated_files: $(GENERATED_FILES)
@@ -160,9 +169,11 @@
src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \
$($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies)
+ echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@
src/test_keys.h: ../framework/scripts/generate_test_keys.py
+ echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_keys.py --output $@
TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h)
@@ -270,7 +281,6 @@
# Test suites caught by SKIP_TEST_SUITES are built but not executed.
check: $(BINARIES) $(CRYPTO_BINARIES)
perl scripts/run-test-suites.pl $(TEST_FLAGS) --skip=$(SKIP_TEST_SUITES)
- cd ../tf-psa-crypto/tests && perl ../../tests/scripts/run-test-suites.pl $(TEST_FLAGS) --skip=$(SKIP_TEST_SUITES)
test: check
diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh
new file mode 100644
index 0000000..88f3b12
--- /dev/null
+++ b/tests/opt-testcases/sample.sh
@@ -0,0 +1,383 @@
+# Test that SSL sample programs can interoperate with each other
+# and with OpenSSL and GnuTLS.
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+: ${PROGRAMS_DIR:=../programs/ssl}
+
+# Disable session tickets for ssl_client1 when potentially using TLS 1.3
+# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved
+# and (if relevant) implemented in ssl_client1.
+run_test "Sample: ssl_client1, ssl_server2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server2 tickets=0" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_client1, openssl server, TLS 1.2" \
+ -P 4433 \
+ "$O_SRV -tls1_2" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -c "Protocol.*TLSv1.2" \
+ -S "ERROR" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_client1, gnutls server, TLS 1.2" \
+ -P 4433 \
+ "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "Version: TLS1.2" \
+ -c "<TD>Protocol version:</TD><TD>TLS1.2</TD>" \
+ -S "Error" \
+ -C "error"
+
+# Disable session tickets for ssl_client1 when using TLS 1.3
+# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved
+# and (if relevant) implemented in ssl_client1.
+requires_protocol_version tls13
+requires_openssl_tls1_3
+run_test "Sample: ssl_client1, openssl server, TLS 1.3" \
+ -P 4433 \
+ "$O_NEXT_SRV -tls1_3 -num_tickets 0" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -c "New, TLSv1.3, Cipher is" \
+ -S "ERROR" \
+ -C "error"
+
+# Disable session tickets for ssl_client1 when using TLS 1.3
+# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved
+# and (if relevant) implemented in ssl_client1.
+requires_protocol_version tls13
+requires_gnutls_tls1_3
+run_test "Sample: ssl_client1, gnutls server, TLS 1.3" \
+ -P 4433 \
+ "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 --noticket" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "Version: TLS1.3" \
+ -c "<TD>Protocol version:</TD><TD>TLS1.3</TD>" \
+ -S "Error" \
+ -C "error"
+
+# The server complains of extra data after it closes the connection
+# because the client keeps sending data, so the server receives
+# more application data when it expects a new handshake. We consider
+# the test a success if both sides have sent and received application
+# data, no matter what happens afterwards.
+run_test "Sample: dtls_client, ssl_server2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server2 dtls=1 server_addr=localhost" \
+ "$PROGRAMS_DIR/dtls_client" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -C "error"
+
+# The dtls_client program connects to localhost. This test case fails on
+# systems where the name "localhost" resolves to an IPv6 address, but
+# the IPv6 connection is not possible. Possible reasons include:
+# * OpenSSL is too old (IPv6 support was added in 1.1.0).
+# * OpenSSL was built without IPv6 support.
+# * A firewall blocks IPv6.
+#
+# To facilitate working with this test case, have it run with $OPENSSL_NEXT
+# which is at least 1.1.1a. At the time it was introduced, this test case
+# passed with OpenSSL 1.0.2g on an environment where IPv6 is disabled.
+requires_protocol_version dtls12
+run_test "Sample: dtls_client, openssl server, DTLS 1.2" \
+ -P 4433 \
+ "$O_NEXT_SRV -dtls1_2" \
+ "$PROGRAMS_DIR/dtls_client" \
+ 0 \
+ -s "Echo this" \
+ -c "Echo this" \
+ -c "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -S "ERROR" \
+ -C "error"
+
+requires_protocol_version dtls12
+run_test "Sample: dtls_client, gnutls server, DTLS 1.2" \
+ -P 4433 \
+ "$G_SRV -u --echo --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
+ "$PROGRAMS_DIR/dtls_client" \
+ 0 \
+ -s "Server listening" \
+ -s "[1-9][0-9]* bytes command:" \
+ -c "Echo this" \
+ -c "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -S "Error" \
+ -C "error"
+
+run_test "Sample: ssl_server, ssl_client2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$PROGRAMS_DIR/ssl_client2" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+run_test "Sample: ssl_client1 with ssl_server" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_server, openssl client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$O_CLI -tls1_2" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Protocol.*TLSv1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_server, gnutls client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Description:.*TLS1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_openssl_tls1_3
+run_test "Sample: ssl_server, openssl client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$O_NEXT_CLI -tls1_3" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "New, TLSv1.3, Cipher is" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_gnutls_tls1_3
+run_test "Sample: ssl_server, gnutls client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "Description:.*TLS1.3" \
+ -S "error" \
+ -C "ERROR"
+
+run_test "Sample: ssl_fork_server, ssl_client2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$PROGRAMS_DIR/ssl_client2" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+run_test "Sample: ssl_client1 with ssl_fork_server" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_fork_server, openssl client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$O_CLI -tls1_2" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Protocol.*TLSv1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_fork_server, gnutls client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Description:.*TLS1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_openssl_tls1_3
+run_test "Sample: ssl_fork_server, openssl client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$O_NEXT_CLI -tls1_3" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "New, TLSv1.3, Cipher is" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_gnutls_tls1_3
+run_test "Sample: ssl_fork_server, gnutls client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "Description:.*TLS1.3" \
+ -S "error" \
+ -C "ERROR"
+
+run_test "Sample: ssl_pthread_server, ssl_client2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$PROGRAMS_DIR/ssl_client2" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+run_test "Sample: ssl_client1 with ssl_pthread_server" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$O_CLI -tls1_2" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Protocol.*TLSv1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Description:.*TLS1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_openssl_tls1_3
+run_test "Sample: ssl_pthread_server, openssl client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$O_NEXT_CLI -tls1_3" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "New, TLSv1.3, Cipher is" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_gnutls_tls1_3
+run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "Description:.*TLS1.3" \
+ -S "error" \
+ -C "ERROR"
+
+run_test "Sample: dtls_client with dtls_server" \
+ -P 4433 \
+ "$PROGRAMS_DIR/dtls_server" \
+ "$PROGRAMS_DIR/dtls_client" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+run_test "Sample: ssl_client2, dtls_server" \
+ -P 4433 \
+ "$PROGRAMS_DIR/dtls_server" \
+ "$PROGRAMS_DIR/ssl_client2 dtls=1" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+requires_protocol_version dtls12
+run_test "Sample: dtls_server, openssl client, DTLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/dtls_server" \
+ "$O_CLI -dtls1_2" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "Protocol.*TLSv1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version dtls12
+run_test "Sample: dtls_server, gnutls client, DTLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/dtls_server" \
+ "$G_CLI -u --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "Description:.*DTLS1.2" \
+ -S "error" \
+ -C "ERROR"
diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh
deleted file mode 100755
index b3a0295..0000000
--- a/tests/opt-testcases/tls13-compat.sh
+++ /dev/null
@@ -1,15241 +0,0 @@
-#!/bin/sh
-
-# tls13-compat.sh
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# List TLS1.3 compat test cases. They are generated by
-# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
-#
-# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
-# AND REGENERATE THIS FILE.
-#
-
-DATA_FILES_PATH=../framework/data_files
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x25519 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x448 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x448 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp384r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp521r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x25519" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x448" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: ffdhe2048" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp256r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp521r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x25519" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x448" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: ffdhe2048" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp256r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp384r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x25519" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x448" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: ffdhe2048" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp256r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp384r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp521r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x448" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: ffdhe2048" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp256r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp384r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp521r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x25519" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: ffdhe2048" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp256r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp384r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp521r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x25519" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x448" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
old mode 100755
new mode 100644
index 782bda2..1bb251f
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -1,16 +1,16 @@
-#!/bin/sh
-
-# tls13-kex-modes.sh
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
+# Systematic testing of TLS 1.3 key exchange modes.
# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by
# scripts in future(#6280)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: all/psk, good" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -29,7 +29,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -47,7 +49,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -65,7 +69,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -84,7 +90,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -102,7 +110,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -120,7 +130,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -139,7 +151,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -157,7 +171,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -175,7 +191,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -194,7 +212,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -212,7 +232,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -230,7 +252,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -247,7 +271,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \
@@ -267,7 +293,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \
@@ -286,7 +314,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \
@@ -305,7 +335,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_all, good" \
@@ -325,7 +357,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \
@@ -344,7 +378,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \
@@ -363,7 +399,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \
@@ -383,7 +421,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \
@@ -402,7 +442,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \
@@ -421,7 +463,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \
@@ -441,7 +485,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
@@ -460,7 +506,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
@@ -479,7 +527,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/ephemeral_all, good" \
@@ -499,7 +549,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \
@@ -518,7 +570,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \
@@ -537,7 +591,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \
@@ -558,7 +614,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -579,7 +637,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -599,7 +659,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -619,7 +681,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -640,7 +704,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -660,7 +726,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -680,7 +748,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -701,7 +771,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -721,7 +793,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \
@@ -742,7 +816,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \
@@ -762,7 +838,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \
@@ -781,7 +859,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \
@@ -801,7 +881,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \
@@ -820,7 +902,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \
@@ -835,7 +919,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \
@@ -850,7 +936,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \
@@ -865,7 +953,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \
@@ -880,7 +970,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \
@@ -895,7 +987,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -911,7 +1005,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: all/psk, good" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -929,7 +1025,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -946,7 +1044,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -963,7 +1063,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -981,7 +1083,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -998,7 +1102,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -1015,7 +1121,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -1033,7 +1141,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -1050,7 +1160,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -1067,7 +1179,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
@@ -1086,7 +1200,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
@@ -1104,7 +1220,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \
@@ -1122,7 +1240,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_all, good" \
@@ -1141,7 +1261,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
@@ -1159,7 +1281,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \
@@ -1177,7 +1301,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
@@ -1196,7 +1322,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
@@ -1214,7 +1342,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
@@ -1232,7 +1362,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
@@ -1251,7 +1383,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
@@ -1269,7 +1403,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \
@@ -1287,7 +1423,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1307,7 +1445,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1326,7 +1466,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1345,7 +1487,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1365,7 +1509,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1384,7 +1530,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1403,7 +1551,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
@@ -1423,7 +1573,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
@@ -1442,7 +1594,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \
@@ -1460,10 +1614,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_256
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \
@@ -1475,10 +1631,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_SECP_R1_384
run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \
@@ -1490,10 +1648,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_521
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_SECP_R1_521
run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \
@@ -1505,10 +1665,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_255
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255
run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \
@@ -1520,10 +1682,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_448
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_MONTGOMERY_448
run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \
@@ -1535,10 +1699,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_SECP_R1_384
run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
"$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
@@ -1552,10 +1718,12 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_SECP_R1_384
run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
@@ -1804,7 +1972,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \
@@ -1831,7 +1998,6 @@
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -2727,7 +2893,6 @@
#OPENSSL-SERVER psk mode
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2745,7 +2910,6 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2763,7 +2927,6 @@
#OPENSSL-SERVER psk_all mode
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2782,7 +2945,6 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2802,7 +2964,6 @@
#OPENSSL-SERVER psk_ephemeral mode
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -2820,7 +2981,6 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -2839,7 +2999,6 @@
#OPENSSL-SERVER ephemeral mode
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -2852,7 +3011,6 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -2866,7 +3024,6 @@
#OPENSSL-SERVER ephemeral_all mode
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -2885,7 +3042,6 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -2905,7 +3061,6 @@
#OPENSSL-SERVER all mode
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2925,7 +3080,6 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2946,7 +3100,6 @@
#GNUTLS-SERVER psk mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2966,7 +3119,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2986,7 +3138,6 @@
#GNUTLS-SERVER psk_all mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -3007,7 +3158,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -3029,7 +3179,6 @@
#GNUTLS-SERVER psk_ephemeral mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -3049,7 +3198,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -3070,7 +3218,6 @@
#GNUTLS-SERVER ephemeral mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -3083,7 +3230,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -3097,7 +3243,6 @@
#GNUTLS-SERVER ephemeral_all mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -3118,7 +3263,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -3140,7 +3284,6 @@
#GNUTLS-SERVER all mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -3162,7 +3305,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
old mode 100755
new mode 100644
index 9d5870d..2bd47d5
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -1,18 +1,14 @@
-#!/bin/sh
+# Miscellaneous tests of TLS 1.3 features.
-# tls13-misc.sh
-#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-
run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -27,11 +23,9 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-
run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
@@ -43,9 +37,13 @@
-s "Found PSK KEX MODE" \
-s "No matched ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
"$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
@@ -57,9 +55,13 @@
-S "key exchange mode: ephemeral$" \
-S "ticket is not authentic"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
"$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
@@ -72,7 +74,9 @@
-s "ticket is not authentic"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -89,11 +93,12 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
@@ -107,11 +112,12 @@
-s "key exchange mode: psk$"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
@@ -125,11 +131,12 @@
-s "key exchange mode: psk_ephemeral$"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
@@ -138,11 +145,13 @@
0 \
-s "key exchange mode: ephemeral$"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption" \
@@ -157,11 +166,13 @@
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption with servername" \
@@ -177,11 +188,13 @@
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
@@ -196,11 +209,13 @@
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -217,11 +232,14 @@
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption with early data" \
@@ -247,11 +265,14 @@
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -279,11 +300,14 @@
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
@@ -308,11 +332,14 @@
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
@@ -337,11 +364,14 @@
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
@@ -366,11 +396,14 @@
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
@@ -395,11 +428,13 @@
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
@@ -414,11 +449,13 @@
-S "Select PSK ciphersuite" \
-s "Ticket lifetime (604801) is greater than 7 days."
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
@@ -433,11 +470,13 @@
-S "key exchange mode: psk" \
-S "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
@@ -453,11 +492,13 @@
-S "key exchange mode: psk" \
-S "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
@@ -476,11 +517,13 @@
-S "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
@@ -499,11 +542,13 @@
-S "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
@@ -522,11 +567,13 @@
-S "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
@@ -545,11 +592,13 @@
-s "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
@@ -568,11 +617,13 @@
-S "Ticket age exceeds limitation" \
-s "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
@@ -591,12 +642,14 @@
-S "Ticket age exceeds limitation" \
-s "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
@@ -609,12 +662,14 @@
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
@@ -627,12 +682,14 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
@@ -645,12 +702,14 @@
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
@@ -663,12 +722,14 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
@@ -681,12 +742,14 @@
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
@@ -699,12 +762,14 @@
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
@@ -717,12 +782,14 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
@@ -735,13 +802,15 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
@@ -754,13 +823,15 @@
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
@@ -773,13 +844,15 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
@@ -792,13 +865,15 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
@@ -812,10 +887,10 @@
-S "No usable PSK or ticket"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->O: resumption" \
@@ -828,9 +903,8 @@
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
run_test "TLS 1.3 m->O: resumption fails, no ticket support" \
"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
@@ -850,10 +924,10 @@
# of testing we would like to do.
skip_next_test
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->O: resumption with early data" \
@@ -872,10 +946,10 @@
-s "decrypted early data with length:"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption" \
@@ -888,9 +962,8 @@
-c "HTTP/1.0 200 OK"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
run_test "TLS 1.3 m->G: resumption fails, no ticket support" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
@@ -902,10 +975,10 @@
-c "Ignore NewSessionTicket, not supported."
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -920,10 +993,10 @@
-c "HTTP/1.0 200 OK"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption with early data" \
@@ -943,10 +1016,10 @@
-s "decrypted early data with length:"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -968,10 +1041,10 @@
-s "decrypted early data with length:"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
@@ -986,10 +1059,10 @@
-C "NewSessionTicket: early_data(42) extension received." \
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
@@ -1006,10 +1079,10 @@
-C "ClientHello: early_data(42) extension exists." \
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
@@ -1026,9 +1099,9 @@
-C "ClientHello: early_data(42) extension exists." \
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
# https://github.com/openssl/openssl/issues/10714
@@ -1043,10 +1116,11 @@
-s "Select PSK ciphersuite"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: resumption" \
@@ -1058,10 +1132,11 @@
-s "Select PSK ciphersuite"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -1080,10 +1155,12 @@
EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: resumption with early data" \
@@ -1104,10 +1181,12 @@
-s "106 early data bytes read"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -1135,10 +1214,12 @@
# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
# specification and thus its behavior may change in following versions.
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
@@ -1164,10 +1245,12 @@
# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
# specification and thus its behavior may change in following versions.
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
@@ -1187,10 +1270,12 @@
-s "EarlyData: Too much early data received"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
@@ -1205,11 +1290,14 @@
-S "ClientHello: early_data(42) extension exists." \
-S "EncryptedExtensions: early_data(42) extension exists."
-requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
"$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
"$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index b850147..4adae9a 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -35,8 +35,6 @@
exit 1
fi
-MBEDTLS_ROOT_DIR="$PWD"
-
: ${OPENSSL:="openssl"}
: ${GNUTLS_CLI:="gnutls-cli"}
: ${GNUTLS_SERV:="gnutls-serv"}
@@ -81,26 +79,21 @@
# Step 2 - Execute the tests
TEST_OUTPUT=out_${PPID}
-cd $MBEDTLS_ROOT_DIR/tests
+cd tests
if [ ! -f "seedfile" ]; then
dd if=/dev/urandom of="seedfile" bs=64 count=1
fi
-cd $MBEDTLS_ROOT_DIR/tf-psa-crypto/tests
-if [ ! -f "seedfile" ]; then
- dd if=/dev/urandom of="seedfile" bs=64 count=1
+if [ ! -f "../tf-psa-crypto/tests/seedfile" ]; then
+ cp "seedfile" "../tf-psa-crypto/tests/seedfile"
fi
echo
# Step 2a - Unit Tests (keep going even if some tests fail)
echo '################ Unit tests ################'
-cd $MBEDTLS_ROOT_DIR/tests
-perl scripts/run-test-suites.pl -v 2 |tee tls-x509-unit-test-$TEST_OUTPUT
-cd $MBEDTLS_ROOT_DIR/tf-psa-crypto/tests
-perl $MBEDTLS_ROOT_DIR/tests/scripts/run-test-suites.pl -v 2 |tee ../../tests/crypto-unit-test-$TEST_OUTPUT
+perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT
echo '^^^^^^^^^^^^^^^^ Unit tests ^^^^^^^^^^^^^^^^'
echo
-cd $MBEDTLS_ROOT_DIR/tests
# Step 2b - System Tests (keep going even if some tests fail)
echo
echo '################ ssl-opt.sh ################'
@@ -151,13 +144,13 @@
cd tests
- # Step 4a - TLS and x509 unit tests
- echo "TLS and x509 unit tests - tests/scripts/run-test-suites.pl"
+ # Step 4a - Unit tests
+ echo "Unit tests - tests/scripts/run-test-suites.pl"
- PASSED_TESTS=$(tail -n6 tls-x509-unit-test-$TEST_OUTPUT|sed -n -e 's/test cases passed :[\t]*\([0-9]*\)/\1/p'| tr -d ' ')
- SKIPPED_TESTS=$(tail -n6 tls-x509-unit-test-$TEST_OUTPUT|sed -n -e 's/skipped :[ \t]*\([0-9]*\)/\1/p'| tr -d ' ')
- TOTAL_SUITES=$(tail -n6 tls-x509-unit-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) .*, [0-9]* tests run)/\1/p'| tr -d ' ')
- FAILED_TESTS=$(tail -n6 tls-x509-unit-test-$TEST_OUTPUT|sed -n -e 's/failed :[\t]*\([0-9]*\)/\1/p' |tr -d ' ')
+ PASSED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/test cases passed :[\t]*\([0-9]*\)/\1/p'| tr -d ' ')
+ SKIPPED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/skipped :[ \t]*\([0-9]*\)/\1/p'| tr -d ' ')
+ TOTAL_SUITES=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) .*, [0-9]* tests run)/\1/p'| tr -d ' ')
+ FAILED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/failed :[\t]*\([0-9]*\)/\1/p' |tr -d ' ')
echo "No test suites : $TOTAL_SUITES"
echo "Passed : $PASSED_TESTS"
@@ -173,29 +166,7 @@
TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))
TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS))
- # Step 4b - Crypto unit tests
- echo "Crypto unit tests - tests/scripts/run-test-suites.pl"
-
- PASSED_TESTS=$(tail -n6 crypto-unit-test-$TEST_OUTPUT|sed -n -e 's/test cases passed :[\t]*\([0-9]*\)/\1/p'| tr -d ' ')
- SKIPPED_TESTS=$(tail -n6 crypto-unit-test-$TEST_OUTPUT|sed -n -e 's/skipped :[ \t]*\([0-9]*\)/\1/p'| tr -d ' ')
- TOTAL_SUITES=$(tail -n6 crypto-unit-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) .*, [0-9]* tests run)/\1/p'| tr -d ' ')
- FAILED_TESTS=$(tail -n6 crypto-unit-test-$TEST_OUTPUT|sed -n -e 's/failed :[\t]*\([0-9]*\)/\1/p' |tr -d ' ')
-
- echo "No test suites : $TOTAL_SUITES"
- echo "Passed : $PASSED_TESTS"
- echo "Failed : $FAILED_TESTS"
- echo "Skipped : $SKIPPED_TESTS"
- echo "Total exec'd tests : $(($PASSED_TESTS + $FAILED_TESTS))"
- echo "Total avail tests : $(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))"
- echo
-
- TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
- TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
- TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
- TOTAL_AVAIL=$(($TOTAL_AVAIL + $PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))
- TOTAL_EXED=$(($TOTAL_EXED + $PASSED_TESTS + $FAILED_TESTS))
-
- # Step 4c - TLS Options tests
+ # Step 4b - TLS Options tests
echo "TLS Options tests - tests/ssl-opt.sh"
PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p')
@@ -217,7 +188,7 @@
TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS))
- # Step 4d - System Compatibility tests
+ # Step 4c - System Compatibility tests
echo "System/Compatibility tests - tests/compat.sh"
PASSED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
@@ -239,7 +210,7 @@
TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS))
- # Step 4e - Grand totals
+ # Step 4d - Grand totals
echo "-------------------------------------------------------------------------"
echo "Total tests"
@@ -251,13 +222,12 @@
echo
- # Step 4f - Coverage report
+ # Step 4e - Coverage report
echo "Coverage statistics:"
sed -n '1,/^Overall coverage/d; /%/p' cov-$TEST_OUTPUT
echo
- rm tls-x509-unit-test-$TEST_OUTPUT
- rm crypto-unit-test-$TEST_OUTPUT
+ rm unit-test-$TEST_OUTPUT
rm sys-test-$TEST_OUTPUT
rm compat-test-$TEST_OUTPUT
rm cov-$TEST_OUTPUT
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 3be5e95..c57ff04 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -174,6 +174,7 @@
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl ${builtin_drivers_dir}/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
+ check tests/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't
# care about their content, but the files must exist. So it must run after
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index 9f563a9..683ac84 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -229,40 +229,6 @@
! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
}
-component_test_no_psa_crypto_full_cmake_asan () {
- # full minus MBEDTLS_PSA_CRYPTO_C: run the same set of tests as basic-build-test.sh
- msg "build: cmake, full config minus PSA crypto, ASan"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.py unset MBEDTLS_LMS_C
- scripts/config.py unset MBEDTLS_LMS_PRIVATE
- CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: main suites (full minus PSA crypto)"
- make test
-
- # Note: ssl-opt.sh has some test cases that depend on
- # MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO
- # This is the only component where those tests are not skipped.
- msg "test: ssl-opt.sh (full minus PSA crypto)"
- tests/ssl-opt.sh
-
- # Note: the next two invocations cover all compat.sh test cases.
- # We should use the same here and in basic-build-test.sh.
- msg "test: compat.sh: default version (full minus PSA crypto)"
- tests/compat.sh -e 'ARIA\|CHACHA'
-
- msg "test: compat.sh: next: ARIA, Chacha (full minus PSA crypto)"
- env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
-}
-
component_build_tfm () {
# Check that the TF-M configuration can build cleanly with various
# warning flags enabled. We don't build or run tests, since the
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
index dde37b7..b9dcff4 100755
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@@ -66,7 +66,7 @@
# pylint: disable=too-many-arguments
def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
- cert_sig_alg=None, compat_mode=True):
+ cert_sig_alg=None):
self._ciphers = []
self._sig_algs = []
self._named_groups = []
@@ -79,7 +79,6 @@
self.add_signature_algorithms(signature_algorithm)
if cert_sig_alg:
self.add_cert_signature_algorithms(cert_sig_alg)
- self._compat_mode = compat_mode
# add_ciphersuites should not override by sub class
def add_ciphersuites(self, *ciphersuites):
@@ -157,8 +156,6 @@
ret += ["-groups {named_groups}".format(named_groups=named_groups)]
ret += ['-msg -tls1_3']
- if not self._compat_mode:
- ret += ['-no_middlebox']
return ret
@@ -248,8 +245,7 @@
def pre_checks(self):
return ["requires_gnutls_tls1_3",
- "requires_gnutls_next_no_ticket",
- "requires_gnutls_next_disable_tls13_compat", ]
+ "requires_gnutls_next_no_ticket"]
def cmd(self):
ret = super().cmd()
@@ -288,9 +284,6 @@
priority_string = ':+'.join(priority_string_list)
priority_string += ':%NO_TICKETS'
- if not self._compat_mode:
- priority_string += [':%DISABLE_TLS13_COMPAT_MODE']
-
ret += ['--priority={priority_string}'.format(
priority_string=priority_string)]
return ret
@@ -370,9 +363,6 @@
ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED']
- if self._compat_mode:
- ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
-
if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
ret.append(
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
@@ -533,21 +523,13 @@
client_object.pre_checks() +
[cmd])
-SSL_OUTPUT_HEADER = '''#!/bin/sh
-
-# {filename}
+SSL_OUTPUT_HEADER = '''\
+# TLS 1.3 interoperability test cases (equivalent of compat.sh for TLS 1.3).
#
+# Automatically generated by {cmd}. Do not edit!
+
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# List TLS1.3 compat test cases. They are generated by
-# `{cmd}`.
-#
-# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
-# AND REGENERATE THIS FILE.
-#
'''
DATA_FILES_PATH_VAR = '''
DATA_FILES_PATH=../framework/data_files
@@ -559,11 +541,16 @@
"""
parser = argparse.ArgumentParser()
- parser.add_argument('-o', '--output', nargs='?',
- default=None, help='Output file path if `-a` was set')
+ parser.add_argument('-o', '--output',
+ default='tests/opt-testcases/tls13-compat.sh',
+ help='Output file path (not used with -1)')
- parser.add_argument('-a', '--generate-all-tls13-compat-tests', action='store_true',
- default=False, help='Generate all available tls13 compat tests')
+ parser.add_argument('-1', '--single', action='store_true',
+ help='Print a single test case')
+ # Single mode used to be the default.
+ parser.add_argument('-a', '--generate-all-tls13-compat-tests',
+ action='store_false', dest='single',
+ help='Generate all test cases (negates -1) (default)')
parser.add_argument('--list-ciphers', action='store_true',
default=False, help='List supported ciphersuites')
@@ -626,11 +613,12 @@
server_named_group=server_named_group,
cert_sig_alg="ecdsa_secp256r1_sha256")
- if args.generate_all_tls13_compat_tests:
+ if not args.single:
if args.output:
with open(args.output, 'w', encoding="utf-8") as f:
f.write(SSL_OUTPUT_HEADER.format(
- filename=os.path.basename(args.output), cmd=' '.join(sys.argv)))
+ filename=os.path.basename(args.output),
+ cmd=os.path.basename(sys.argv[0])))
f.write(DATA_FILES_PATH_VAR)
f.write('\n\n'.join(get_all_test_cases()))
f.write('\n')
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 408deaf..e01d44f 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -28,6 +28,7 @@
use utf8;
use open qw(:std utf8);
+use Cwd qw(getcwd);
use Getopt::Long qw(:config auto_help gnu_compat);
use Pod::Usage;
@@ -40,7 +41,8 @@
# All test suites = executable files with a .datax file.
my @suites = ();
-for my $data_file (glob 'test_suite_*.datax') {
+my @test_dirs = qw(../tf-psa-crypto/tests .);
+for my $data_file (map {glob "$_/test_suite_*.datax"} @test_dirs) {
(my $base = $data_file) =~ s/\.datax$//;
push @suites, $base if -x $base;
push @suites, "$base.exe" if -e "$base.exe";
@@ -59,15 +61,8 @@
')(\z|\.)' );
# in case test suites are linked dynamically
-if (-d '../../tf-psa-crypto') {
- $ENV{'LD_LIBRARY_PATH'} = '../../library';
- $ENV{'DYLD_LIBRARY_PATH'} = '../../library';
-}
-else
-{
- $ENV{'LD_LIBRARY_PATH'} = '../library';
- $ENV{'DYLD_LIBRARY_PATH'} = '../library';
-}
+$ENV{'LD_LIBRARY_PATH'} = getcwd() . "/../library";
+$ENV{'DYLD_LIBRARY_PATH'} = $ENV{'LD_LIBRARY_PATH'}; # For macOS
my $prefix = $^O eq "MSWin32" ? '' : './';
@@ -82,8 +77,13 @@
print $padchar x( $padlen ), " $string ", $padchar x( $padlen ), "\n";
}
-for my $suite (@suites)
+for my $suite_path (@suites)
{
+ my ($dir, $suite) = ('.', $suite_path);
+ if ($suite =~ m!(.*)/([^/]*)!) {
+ $dir = $1;
+ $suite = $2;
+ }
print "$suite ", "." x ( 72 - length($suite) - 2 - 4 ), " ";
if( $suite =~ /$skip_re/o ) {
print "SKIP\n";
@@ -91,7 +91,7 @@
next;
}
- my $command = "$prefix$suite";
+ my $command = "cd $dir && $prefix$suite";
if( $verbose ) {
$command .= ' -v';
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index beb9aa5..e7eef1a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -491,6 +491,37 @@
requires_certificate_authentication;;
esac
+ case " $CMD_LINE " in
+ *"programs/ssl/dtls_client "*|\
+ *"programs/ssl/ssl_client1 "*)
+ requires_config_enabled MBEDTLS_CTR_DRBG_C
+ requires_config_enabled MBEDTLS_ENTROPY_C
+ requires_config_enabled MBEDTLS_PEM_PARSE_C
+ requires_config_enabled MBEDTLS_SSL_CLI_C
+ requires_certificate_authentication
+ ;;
+ *"programs/ssl/dtls_server "*|\
+ *"programs/ssl/ssl_fork_server "*|\
+ *"programs/ssl/ssl_pthread_server "*|\
+ *"programs/ssl/ssl_server "*)
+ requires_config_enabled MBEDTLS_CTR_DRBG_C
+ requires_config_enabled MBEDTLS_ENTROPY_C
+ requires_config_enabled MBEDTLS_PEM_PARSE_C
+ requires_config_enabled MBEDTLS_SSL_SRV_C
+ requires_certificate_authentication
+ # The actual minimum depends on the configuration since it's
+ # mostly about the certificate size.
+ # In config-suite-b.h, for the test certificates (server5.crt),
+ # 1024 is not enough.
+ requires_config_value_at_least MBEDTLS_SSL_OUT_CONTENT_LEN 2000
+ ;;
+ esac
+
+ case " $CMD_LINE " in
+ *"programs/ssl/ssl_pthread_server "*)
+ requires_config_enabled MBEDTLS_THREADING_PTHREAD;;
+ esac
+
case "$CMD_LINE" in
*[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK
*/server5*|\
@@ -1252,7 +1283,7 @@
# check if the given command uses dtls and sets global variable DTLS
detect_dtls() {
case "$1" in
- *dtls=1*|*-dtls*|*-u*) DTLS=1;;
+ *dtls=1*|*-dtls*|*-u*|*/dtls_*) DTLS=1;;
*) DTLS=0;;
esac
}
@@ -1372,9 +1403,13 @@
# Outputs:
# * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked.
analyze_test_commands() {
- # if the test uses DTLS but no custom proxy, add a simple proxy
- # as it provides timing info that's useful to debug failures
- if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then
+ # If the test uses DTLS, does not force a specific port, and does not
+ # specify a custom proxy, add a simple proxy.
+ # It provides timing info that's useful to debug failures.
+ if [ "$DTLS" -eq 1 ] &&
+ [ "$THIS_SRV_PORT" = "$SRV_PORT" ] &&
+ [ -z "$PXY_CMD" ]
+ then
PXY_CMD="$P_PXY"
case " $SRV_CMD " in
*' server_addr=::1 '*)
@@ -1410,7 +1445,20 @@
if [ -n "$PXY_CMD" ]; then
CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
else
- CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g )
+ CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$THIS_SRV_PORT/g )
+ fi
+
+ # If the test forces a specific port and the server is OpenSSL or
+ # GnuTLS, override its port specification.
+ if [ "$THIS_SRV_PORT" != "$SRV_PORT" ]; then
+ case "$SRV_CMD" in
+ "$G_SRV"*|"$G_NEXT_SRV"*)
+ SRV_CMD=$(
+ printf %s "$SRV_CMD " |
+ sed -e "s/ -p $SRV_PORT / -p $THIS_SRV_PORT /"
+ );;
+ "$O_SRV"*|"$O_NEXT_SRV"*) SRV_CMD="$SRV_CMD -accept $THIS_SRV_PORT";;
+ esac
fi
# prepend valgrind to our commands if active
@@ -1609,7 +1657,7 @@
printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
SRV_PID=$!
- wait_server_start "$SRV_PORT" "$SRV_PID"
+ wait_server_start "$THIS_SRV_PORT" "$SRV_PID"
printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
# The client must be a subprocess of the script in order for killing it to
@@ -1732,7 +1780,7 @@
esac
fi
- # does this test use a proxy?
+ # Does this test specify a proxy?
if [ "X$1" = "X-p" ]; then
PXY_CMD="$2"
shift 2
@@ -1740,6 +1788,14 @@
PXY_CMD=""
fi
+ # Does this test force a specific port?
+ if [ "$1" = "-P" ]; then
+ THIS_SRV_PORT="$2"
+ shift 2
+ else
+ THIS_SRV_PORT="$SRV_PORT"
+ fi
+
# get commands and client output
SRV_CMD="$1"
CLI_CMD="$2"
@@ -1761,7 +1817,10 @@
# Check if we are trying to use an external tool which does not support ECDH
EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD")
- # Guess the TLS version which is going to be used
+ # Guess the TLS version which is going to be used.
+ # Note that this detection is wrong in some cases, which causes unduly
+ # skipped test cases in builds with TLS 1.3 but not TLS 1.2.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9560
if [ "$EXT_WO_ECDH" = "no" ]; then
TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD")
else
@@ -4901,7 +4960,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \
@@ -4915,7 +4975,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \
@@ -4947,7 +5008,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \
@@ -4966,7 +5028,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \
@@ -4985,7 +5048,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \
@@ -5004,7 +5068,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \
@@ -5020,7 +5085,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \
@@ -5036,7 +5102,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \
@@ -5052,7 +5119,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \
@@ -5068,7 +5136,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \
@@ -5084,7 +5153,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \
@@ -5100,7 +5170,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 1 fragment" \
@@ -5116,7 +5187,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 2 fragments" \
@@ -5132,7 +5204,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 3 fragments" \
@@ -5148,7 +5221,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 1 fragment" \
@@ -5164,7 +5238,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 2 fragments" \
@@ -5180,7 +5255,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 3 fragments" \
@@ -5196,7 +5272,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 1 fragment" \
@@ -5212,7 +5289,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 2 fragments" \
@@ -5228,7 +5306,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 3 fragments" \
@@ -5246,7 +5325,9 @@
# MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of
# RecordSizeLimit, we need to modify value of RecordSizeLimit in below test.
requires_config_value_equals "MBEDTLS_SSL_IN_CONTENT_LEN" 16384
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (default)" \
@@ -7102,7 +7183,8 @@
# Tests for version negotiation, MbedTLS client and server
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Version nego m->m: cli 1.2, srv 1.2 -> 1.2" \
@@ -7114,8 +7196,10 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Version nego m->m: cli max=1.2, srv max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7126,8 +7210,9 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Version nego m->m: cli 1.3, srv 1.3 -> 1.3" \
"$P_SRV" \
@@ -7138,9 +7223,11 @@
-s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Version nego m->m: cli min=1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$P_CLI min_version=tls13" \
@@ -7150,9 +7237,11 @@
-s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Version nego m->m: cli 1.2+1.3, srv 1.2+1.3 -> 1.3" \
"$P_SRV" \
"$P_CLI" \
@@ -7162,9 +7251,11 @@
-s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Version nego m->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$P_CLI" \
@@ -7174,8 +7265,10 @@
-s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Version nego m->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7186,8 +7279,10 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Version nego m->m: cli max=1.2, srv 1.2+1.3 -> 1.2" \
"$P_SRV" \
@@ -7198,9 +7293,11 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Version nego m->m: cli min=1.3, srv 1.2+1.3 -> 1.3" \
"$P_SRV" \
"$P_CLI min_version=tls13" \
@@ -7210,8 +7307,10 @@
-s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version m->m: cli max=1.2, srv min=1.3" \
"$P_SRV min_version=tls13" \
"$P_CLI max_version=tls12" \
@@ -7222,8 +7321,10 @@
-S "Protocol is TLSv1.3" \
-C "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version m->m: cli min=1.3, srv max=1.2" \
"$P_SRV max_version=tls12" \
"$P_CLI min_version=tls13" \
@@ -7236,7 +7337,8 @@
# Tests of version negotiation on server side against GnuTLS client
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego G->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \
"$P_SRV" \
@@ -7245,8 +7347,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego G->m: cli 1.2, srv max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7255,9 +7358,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego G->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
@@ -7265,10 +7368,10 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego G->m: cli 1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
@@ -7276,9 +7379,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego G->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$G_NEXT_CLI localhost --priority=NORMAL" \
@@ -7287,8 +7390,9 @@
-s "Protocol is TLSv1.3"
requires_gnutls_next_disable_tls13_compat
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego G->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$G_NEXT_CLI localhost --priority=NORMAL:%DISABLE_TLS13_COMPAT_MODE" \
@@ -7304,19 +7408,19 @@
# if TLS 1.2 was its preferred version. Keeping the test even if the
# handshake fails eventually as it exercices parts of the Mbed TLS
# implementation that are otherwise not exercised.
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Server version nego G->m: cli 1.2+1.3 (1.2 preferred!), srv 1.2+1.3 -> 1.2" \
"$P_SRV" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" \
1 \
-c "Detected downgrade to TLS 1.2 from TLS 1.3"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego G->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$G_NEXT_CLI localhost --priority=NORMAL" \
@@ -7334,8 +7438,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego G->m: cli 1.2+1.3, max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7379,8 +7484,9 @@
-s "The handshake negotiation failed" \
-S "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version G->m: cli 1.2, srv min=1.3" \
"$P_SRV min_version=tls13" \
"$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
@@ -7388,8 +7494,9 @@
-s "Handshake protocol not within min/max boundaries" \
-S "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version G->m: cli 1.3, srv max=1.2" \
"$P_SRV max_version=tls12" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
@@ -7400,7 +7507,8 @@
# Tests of version negotiation on server side against OpenSSL client
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego O->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \
"$P_SRV" \
@@ -7409,8 +7517,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego O->m: cli 1.2, srv max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7420,9 +7529,9 @@
-s "Protocol is TLSv1.2"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego O->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$O_NEXT_CLI -tls1_3" \
@@ -7431,10 +7540,10 @@
-s "Protocol is TLSv1.3"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego O->m: cli 1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$O_NEXT_CLI -tls1_3" \
@@ -7443,9 +7552,9 @@
-s "Protocol is TLSv1.3"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego O->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$O_NEXT_CLI" \
@@ -7454,8 +7563,9 @@
-s "Protocol is TLSv1.3"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego O->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$O_NEXT_CLI -no_middlebox" \
@@ -7464,10 +7574,10 @@
-s "Protocol is TLSv1.3"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego O->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$O_NEXT_CLI" \
@@ -7485,8 +7595,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego O->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7530,8 +7641,9 @@
-s "The handshake negotiation failed" \
-S "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version O->m: cli 1.2, srv min=1.3" \
"$P_SRV min_version=tls13" \
"$O_NEXT_CLI -tls1_2" \
@@ -7539,8 +7651,9 @@
-s "Handshake protocol not within min/max boundaries" \
-S "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version O->m: cli 1.3, srv max=1.2" \
"$P_SRV max_version=tls12" \
"$O_NEXT_CLI -tls1_3" \
@@ -7889,8 +8002,7 @@
-c "! Usage does not match the keyUsage extension"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \
@@ -7901,8 +8013,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \
@@ -7913,8 +8024,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
@@ -7928,8 +8038,7 @@
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \
@@ -7943,8 +8052,7 @@
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ds.crt" \
@@ -7955,8 +8063,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ke.crt" \
@@ -7970,8 +8077,7 @@
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
@@ -8066,8 +8172,7 @@
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
@@ -8078,8 +8183,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEncipherment: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
@@ -8090,8 +8194,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
@@ -8103,8 +8206,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server2.key \
@@ -8118,8 +8220,7 @@
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8130,8 +8231,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8142,8 +8242,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server5.key \
@@ -8241,8 +8340,7 @@
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv.crt" \
@@ -8253,8 +8351,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
@@ -8265,8 +8362,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
@@ -8277,8 +8373,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign -> fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
@@ -8344,8 +8439,7 @@
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8355,8 +8449,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8366,8 +8459,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8377,8 +8469,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8390,8 +8481,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server5.key \
@@ -12563,8 +12653,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: minimal feature sets - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=3" \
@@ -12596,8 +12685,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: minimal feature sets - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=3" \
@@ -12630,8 +12718,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_ALPN
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: alpn - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \
"$P_CLI debug_level=3 alpn=h2" \
@@ -12665,8 +12752,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_ALPN
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: alpn - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \
"$P_CLI debug_level=3 alpn=h2" \
@@ -12729,8 +12815,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no client certificate - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \
"$P_CLI debug_level=4 crt_file=none key_file=none" \
@@ -12745,8 +12830,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@@ -12789,8 +12873,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
@@ -12805,8 +12888,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
@@ -12820,8 +12902,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
@@ -12836,8 +12917,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
@@ -12851,8 +12931,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -12867,8 +12946,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -12883,8 +12961,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -12900,8 +12977,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -12916,8 +12992,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -12933,8 +13008,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -12949,8 +13023,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -12966,8 +13039,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -12982,8 +13054,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
-sigalgs ecdsa_secp256r1_sha256" \
@@ -13000,8 +13071,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -13047,8 +13117,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
@@ -13064,8 +13133,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
@@ -13080,8 +13148,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
@@ -13097,8 +13164,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
@@ -13113,8 +13179,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -13130,8 +13195,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -13147,8 +13211,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -13165,8 +13228,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -13182,8 +13244,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -13200,8 +13261,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -13217,8 +13277,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -13235,8 +13294,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -13252,8 +13310,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
-sigalgs ecdsa_secp256r1_sha256" \
@@ -13271,8 +13328,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -13286,8 +13342,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \
"$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -13301,8 +13356,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \
"$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -13318,8 +13372,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
"$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -13335,8 +13388,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \
"$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -13525,8 +13577,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl with sni" \
"$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
@@ -13538,8 +13589,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls with sni" \
"$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
@@ -13551,8 +13601,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with sni" \
"$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
@@ -13587,8 +13636,8 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m both with middlebox compat support" \
"$P_SRV debug_level=4 tickets=0" \
"$P_CLI debug_level=4" \
@@ -13619,14 +13668,15 @@
run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
- 1 \
- -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O both with middlebox compat support" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -13658,15 +13708,16 @@
run_test "TLS 1.3 m->G server with middlebox compat support, not client" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
- 1 \
- -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G both with middlebox compat support" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -13690,8 +13741,8 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug -no_middlebox" \
@@ -13702,8 +13753,8 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug" \
@@ -13732,8 +13783,8 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -13748,8 +13799,8 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -13777,8 +13828,8 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 groups=secp384r1 tickets=0" \
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
@@ -13811,15 +13862,16 @@
run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
- 1 \
+ 0 \
-c "received HelloRetryRequest message" \
- -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O HRR both with middlebox compat support" \
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
@@ -13852,17 +13904,18 @@
run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
- 1 \
+ 0 \
-c "received HelloRetryRequest message" \
- -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G HRR both with middlebox compat support" \
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
@@ -13886,8 +13939,8 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
@@ -13898,8 +13951,8 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384" \
@@ -13929,8 +13982,8 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -13946,8 +13999,8 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -13959,8 +14012,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->O" \
"$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key
-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
@@ -13975,8 +14027,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->G" \
"$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key
-d 4
@@ -13991,8 +14042,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14010,8 +14060,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, O->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14028,8 +14077,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, G->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14047,8 +14095,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14063,8 +14110,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14079,8 +14125,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14094,8 +14139,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, G->m" \
"$P_SRV debug_level=4
crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
@@ -14108,8 +14152,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, O->m" \
"$P_SRV debug_level=4
crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
@@ -14122,8 +14165,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, m->m" \
"$P_SRV debug_level=4
crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
@@ -14136,8 +14178,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->O" \
"$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key
-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
@@ -14150,8 +14191,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->G" \
"$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key
-d 4
@@ -14164,8 +14204,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14210,7 +14249,6 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_3072
@@ -14235,7 +14273,6 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_3072
@@ -14254,7 +14291,6 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_4096
@@ -14279,7 +14315,6 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_4096
@@ -14298,7 +14333,6 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_6144
@@ -14322,7 +14356,6 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_6144
@@ -14341,7 +14374,6 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_8192
@@ -14366,7 +14398,6 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_8192
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 510b0a3..143d676 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -3439,3 +3439,52 @@
X509 CRT parse Authority Key Id - Wrong Issuer sequence
depends_on:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C
x509_crt_parse_authoritykeyid:"../framework/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+OID get numeric string - hardware module name
+oid_get_numeric_string:"2B06010505070804":0:"1.3.6.1.5.5.7.8.4"
+
+OID get numeric string - multi-byte subidentifier
+oid_get_numeric_string:"29903C":0:"1.1.2108"
+
+OID get numeric string - second component greater than 39
+oid_get_numeric_string:"81010000863A00":0:"2.49.0.0.826.0"
+
+OID get numeric string - multi-byte first subidentifier
+oid_get_numeric_string:"8837":0:"2.999"
+
+OID get numeric string - second subidentifier not terminated
+oid_get_numeric_string:"0081":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+
+OID get numeric string - empty oid buffer
+oid_get_numeric_string:"":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+
+OID get numeric string - no final / all bytes have top bit set
+oid_get_numeric_string:"818181":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+
+OID get numeric string - 0.39
+oid_get_numeric_string:"27":0:"0.39"
+
+OID get numeric string - 1.0
+oid_get_numeric_string:"28":0:"1.0"
+
+OID get numeric string - 1.39
+oid_get_numeric_string:"4f":0:"1.39"
+
+OID get numeric string - 2.0
+oid_get_numeric_string:"50":0:"2.0"
+
+OID get numeric string - 1 byte first subidentifier beyond 2.39
+oid_get_numeric_string:"7f":0:"2.47"
+
+# Encodes the number 0x0400000000 as a subidentifier which overflows 32-bits
+OID get numeric string - 32-bit overflow
+oid_get_numeric_string:"C080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID get numeric string - 32-bit overflow, second subidentifier
+oid_get_numeric_string:"2BC080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID get numeric string - overlong encoding
+oid_get_numeric_string:"8001":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID get numeric string - overlong encoding, second subidentifier
+oid_get_numeric_string:"2B8001":MBEDTLS_ERR_ASN1_INVALID_DATA:""
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 9fc0e55..fae3657 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -10,6 +10,8 @@
#include "mbedtls/base64.h"
#include "mbedtls/error.h"
#include "mbedtls/pk.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
#include "string.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
@@ -1747,3 +1749,27 @@
mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
+void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str)
+{
+ char buf[256];
+ mbedtls_asn1_buf input_oid = { 0, 0, NULL };
+ int ret;
+
+ input_oid.tag = MBEDTLS_ASN1_OID;
+ /* Test that an empty OID is not dereferenced */
+ input_oid.p = oid->len ? oid->x : (void *) 1;
+ input_oid.len = oid->len;
+
+ ret = mbedtls_oid_get_numeric_string(buf, sizeof(buf), &input_oid);
+
+ if (error_ret == 0) {
+ TEST_EQUAL(ret, strlen(result_str));
+ TEST_ASSERT(ret >= 3);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
+ } else {
+ TEST_EQUAL(ret, error_ret);
+ }
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 3fbb721..e4e08da 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -268,3 +268,52 @@
Check max extension length
x509_set_extension_length_check:
+
+OID from numeric string - hardware module name
+oid_from_numeric_string:"1.3.6.1.5.5.7.8.4":0:"2B06010505070804"
+
+OID from numeric string - multi-byte subidentifier
+oid_from_numeric_string:"1.1.2108":0:"29903C"
+
+OID from numeric string - second component greater than 39
+oid_from_numeric_string:"2.49.0.0.826.0":0:"81010000863A00"
+
+OID from numeric string - multi-byte first subidentifier
+oid_from_numeric_string:"2.999":0:"8837"
+
+OID from numeric string - empty string input
+oid_from_numeric_string:"":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - first component not a number
+oid_from_numeric_string:"abc.1.2":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - second component not a number
+oid_from_numeric_string:"1.abc.2":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - first component too large
+oid_from_numeric_string:"3.1":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - first component < 2, second > 39
+oid_from_numeric_string:"1.40":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - third component not a number
+oid_from_numeric_string:"1.2.abc":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - non-'.' separator between first and second
+oid_from_numeric_string:"1/2.3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - non-'.' separator between second and third
+oid_from_numeric_string:"1.2/3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - non-'.' separator between third and fourth
+oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - OID greater than max length (129 components)
+oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - OID with maximum subidentifier
+oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F"
+
+OID from numeric string - OID with overflowing subidentifier
+oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index eb3c2f7..64b4e9e 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -6,6 +6,7 @@
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/rsa.h"
+#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/pk.h"
#include "mbedtls/psa_util.h"
@@ -761,3 +762,29 @@
TEST_ASSERT(MBEDTLS_ERR_X509_BAD_INPUT_DATA == ret);
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
+void oid_from_numeric_string(char *oid_str, int error_ret,
+ data_t *exp_oid_buf)
+{
+ mbedtls_asn1_buf oid = { 0, 0, NULL };
+ mbedtls_asn1_buf exp_oid = { 0, 0, NULL };
+ int ret;
+
+ exp_oid.tag = MBEDTLS_ASN1_OID;
+ exp_oid.p = exp_oid_buf->x;
+ exp_oid.len = exp_oid_buf->len;
+
+ ret = mbedtls_oid_from_numeric_string(&oid, oid_str, strlen(oid_str));
+
+ if (error_ret == 0) {
+ TEST_EQUAL(oid.len, exp_oid.len);
+ TEST_ASSERT(memcmp(oid.p, exp_oid.p, oid.len) == 0);
+ mbedtls_free(oid.p);
+ oid.p = NULL;
+ oid.len = 0;
+ } else {
+ TEST_EQUAL(ret, error_ret);
+ }
+}
+/* END_CASE */
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h
index 0366944..e0ad35e 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h
@@ -483,38 +483,6 @@
} mbedtls_oid_descriptor_t;
/**
- * \brief Translate an ASN.1 OID into its numeric representation
- * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
- *
- * \param buf buffer to put representation in
- * \param size size of the buffer
- * \param oid OID to translate
- *
- * \return Length of the string written (excluding final NULL) or
- * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
- */
-int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid);
-
-/**
- * \brief Translate a string containing a dotted-decimal
- * representation of an ASN.1 OID into its encoded form
- * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D").
- * On success, this function allocates oid->buf from the
- * heap. It must be freed by the caller using mbedtls_free().
- *
- * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID
- * \param oid_str string representation of the OID to parse
- * \param size length of the OID string, not including any null terminator
- *
- * \return 0 if successful
- * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not
- * represent a valid OID
- * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to
- * allocate oid->buf
- */
-int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size);
-
-/**
* \brief Translate an X.509 extension OID into local values
*
* \param oid OID to use
diff --git a/tf-psa-crypto/drivers/builtin/src/oid.c b/tf-psa-crypto/drivers/builtin/src/oid.c
index 862f09d..ae30dfe 100644
--- a/tf-psa-crypto/drivers/builtin/src/oid.c
+++ b/tf-psa-crypto/drivers/builtin/src/oid.c
@@ -918,249 +918,4 @@
cipher_alg)
#endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_C */
-/* Return the x.y.z.... style numeric string for the given OID */
-int mbedtls_oid_get_numeric_string(char *buf, size_t size,
- const mbedtls_asn1_buf *oid)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- char *p = buf;
- size_t n = size;
- unsigned int value = 0;
-
- if (size > INT_MAX) {
- /* Avoid overflow computing return value */
- return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
- }
-
- if (oid->len <= 0) {
- /* OID must not be empty */
- return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
- }
-
- for (size_t i = 0; i < oid->len; i++) {
- /* Prevent overflow in value. */
- if (value > (UINT_MAX >> 7)) {
- return MBEDTLS_ERR_ASN1_INVALID_DATA;
- }
- if ((value == 0) && ((oid->p[i]) == 0x80)) {
- /* Overlong encoding is not allowed */
- return MBEDTLS_ERR_ASN1_INVALID_DATA;
- }
-
- value <<= 7;
- value |= oid->p[i] & 0x7F;
-
- if (!(oid->p[i] & 0x80)) {
- /* Last byte */
- if (n == size) {
- int component1;
- unsigned int component2;
- /* First subidentifier contains first two OID components */
- if (value >= 80) {
- component1 = '2';
- component2 = value - 80;
- } else if (value >= 40) {
- component1 = '1';
- component2 = value - 40;
- } else {
- component1 = '0';
- component2 = value;
- }
- ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2);
- } else {
- ret = mbedtls_snprintf(p, n, ".%u", value);
- }
- if (ret < 2 || (size_t) ret >= n) {
- return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
- }
- n -= (size_t) ret;
- p += ret;
- value = 0;
- }
- }
-
- if (value != 0) {
- /* Unterminated subidentifier */
- return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
- }
-
- return (int) (size - n);
-}
-
-static int oid_parse_number(unsigned int *num, const char **p, const char *bound)
-{
- int ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
-
- *num = 0;
-
- while (*p < bound && **p >= '0' && **p <= '9') {
- ret = 0;
- if (*num > (UINT_MAX / 10)) {
- return MBEDTLS_ERR_ASN1_INVALID_DATA;
- }
- *num *= 10;
- *num += **p - '0';
- (*p)++;
- }
- return ret;
-}
-
-static size_t oid_subidentifier_num_bytes(unsigned int value)
-{
- size_t num_bytes = 0;
-
- do {
- value >>= 7;
- num_bytes++;
- } while (value != 0);
-
- return num_bytes;
-}
-
-static int oid_subidentifier_encode_into(unsigned char **p,
- unsigned char *bound,
- unsigned int value)
-{
- size_t num_bytes = oid_subidentifier_num_bytes(value);
-
- if ((size_t) (bound - *p) < num_bytes) {
- return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
- }
- (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f);
- value >>= 7;
-
- for (size_t i = 2; i <= num_bytes; i++) {
- (*p)[num_bytes - i] = 0x80 | (unsigned char) (value & 0x7f);
- value >>= 7;
- }
- *p += num_bytes;
-
- return 0;
-}
-
-/* Return the OID for the given x.y.z.... style numeric string */
-int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid,
- const char *oid_str, size_t size)
-{
- int ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
- const char *str_ptr = oid_str;
- const char *str_bound = oid_str + size;
- unsigned int val = 0;
- unsigned int component1, component2;
- size_t encoded_len;
- unsigned char *resized_mem;
-
- /* Count the number of dots to get a worst-case allocation size. */
- size_t num_dots = 0;
- for (size_t i = 0; i < size; i++) {
- if (oid_str[i] == '.') {
- num_dots++;
- }
- }
- /* Allocate maximum possible required memory:
- * There are (num_dots + 1) integer components, but the first 2 share the
- * same subidentifier, so we only need num_dots subidentifiers maximum. */
- if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) {
- return MBEDTLS_ERR_ASN1_INVALID_DATA;
- }
- /* Each byte can store 7 bits, calculate number of bytes for a
- * subidentifier:
- *
- * bytes = ceil(subidentifer_size * 8 / 7)
- */
- size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7)
- + 1;
- size_t max_possible_bytes = num_dots * bytes_per_subidentifier;
- oid->p = mbedtls_calloc(max_possible_bytes, 1);
- if (oid->p == NULL) {
- return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
- }
- unsigned char *out_ptr = oid->p;
- unsigned char *out_bound = oid->p + max_possible_bytes;
-
- ret = oid_parse_number(&component1, &str_ptr, str_bound);
- if (ret != 0) {
- goto error;
- }
- if (component1 > 2) {
- /* First component can't be > 2 */
- ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
- goto error;
- }
- if (str_ptr >= str_bound || *str_ptr != '.') {
- ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
- goto error;
- }
- str_ptr++;
-
- ret = oid_parse_number(&component2, &str_ptr, str_bound);
- if (ret != 0) {
- goto error;
- }
- if ((component1 < 2) && (component2 > 39)) {
- /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */
- ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
- goto error;
- }
- if (str_ptr < str_bound) {
- if (*str_ptr == '.') {
- str_ptr++;
- } else {
- ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
- goto error;
- }
- }
-
- if (component2 > (UINT_MAX - (component1 * 40))) {
- ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
- goto error;
- }
- ret = oid_subidentifier_encode_into(&out_ptr, out_bound,
- (component1 * 40) + component2);
- if (ret != 0) {
- goto error;
- }
-
- while (str_ptr < str_bound) {
- ret = oid_parse_number(&val, &str_ptr, str_bound);
- if (ret != 0) {
- goto error;
- }
- if (str_ptr < str_bound) {
- if (*str_ptr == '.') {
- str_ptr++;
- } else {
- ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
- goto error;
- }
- }
-
- ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val);
- if (ret != 0) {
- goto error;
- }
- }
-
- encoded_len = (size_t) (out_ptr - oid->p);
- resized_mem = mbedtls_calloc(encoded_len, 1);
- if (resized_mem == NULL) {
- ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED;
- goto error;
- }
- memcpy(resized_mem, oid->p, encoded_len);
- mbedtls_free(oid->p);
- oid->p = resized_mem;
- oid->len = encoded_len;
-
- oid->tag = MBEDTLS_ASN1_OID;
-
- return 0;
-
-error:
- mbedtls_free(oid->p);
- oid->p = NULL;
- oid->len = 0;
- return ret;
-}
-
#endif /* MBEDTLS_OID_C */
diff --git a/tf-psa-crypto/tests/suites/test_suite_oid.data b/tf-psa-crypto/tests/suites/test_suite_oid.data
index 8919d42..42b0505 100644
--- a/tf-psa-crypto/tests/suites/test_suite_oid.data
+++ b/tf-psa-crypto/tests/suites/test_suite_oid.data
@@ -105,103 +105,6 @@
OID hash id - invalid oid
oid_get_md_alg_id:"2B864886f70d0204":-1
-OID get numeric string - hardware module name
-oid_get_numeric_string:"2B06010505070804":0:"1.3.6.1.5.5.7.8.4"
-
-OID get numeric string - multi-byte subidentifier
-oid_get_numeric_string:"29903C":0:"1.1.2108"
-
-OID get numeric string - second component greater than 39
-oid_get_numeric_string:"81010000863A00":0:"2.49.0.0.826.0"
-
-OID get numeric string - multi-byte first subidentifier
-oid_get_numeric_string:"8837":0:"2.999"
-
-OID get numeric string - second subidentifier not terminated
-oid_get_numeric_string:"0081":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
-
-OID get numeric string - empty oid buffer
-oid_get_numeric_string:"":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
-
-OID get numeric string - no final / all bytes have top bit set
-oid_get_numeric_string:"818181":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
-
-OID get numeric string - 0.39
-oid_get_numeric_string:"27":0:"0.39"
-
-OID get numeric string - 1.0
-oid_get_numeric_string:"28":0:"1.0"
-
-OID get numeric string - 1.39
-oid_get_numeric_string:"4f":0:"1.39"
-
-OID get numeric string - 2.0
-oid_get_numeric_string:"50":0:"2.0"
-
-OID get numeric string - 1 byte first subidentifier beyond 2.39
-oid_get_numeric_string:"7f":0:"2.47"
-
-# Encodes the number 0x0400000000 as a subidentifier which overflows 32-bits
-OID get numeric string - 32-bit overflow
-oid_get_numeric_string:"C080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID get numeric string - 32-bit overflow, second subidentifier
-oid_get_numeric_string:"2BC080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID get numeric string - overlong encoding
-oid_get_numeric_string:"8001":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID get numeric string - overlong encoding, second subidentifier
-oid_get_numeric_string:"2B8001":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - hardware module name
-oid_from_numeric_string:"1.3.6.1.5.5.7.8.4":0:"2B06010505070804"
-
-OID from numeric string - multi-byte subidentifier
-oid_from_numeric_string:"1.1.2108":0:"29903C"
-
-OID from numeric string - second component greater than 39
-oid_from_numeric_string:"2.49.0.0.826.0":0:"81010000863A00"
-
-OID from numeric string - multi-byte first subidentifier
-oid_from_numeric_string:"2.999":0:"8837"
-
-OID from numeric string - empty string input
-oid_from_numeric_string:"":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - first component not a number
-oid_from_numeric_string:"abc.1.2":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - second component not a number
-oid_from_numeric_string:"1.abc.2":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - first component too large
-oid_from_numeric_string:"3.1":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - first component < 2, second > 39
-oid_from_numeric_string:"1.40":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - third component not a number
-oid_from_numeric_string:"1.2.abc":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - non-'.' separator between first and second
-oid_from_numeric_string:"1/2.3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - non-'.' separator between second and third
-oid_from_numeric_string:"1.2/3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - non-'.' separator between third and fourth
-oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - OID greater than max length (129 components)
-oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
-OID from numeric string - OID with maximum subidentifier
-oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F"
-
-OID from numeric string - OID with overflowing subidentifier
-oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-
mbedtls_oid_get_md_hmac - RIPEMD160
depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160
diff --git a/tf-psa-crypto/tests/suites/test_suite_oid.function b/tf-psa-crypto/tests/suites/test_suite_oid.function
index 337f843..e96425e 100644
--- a/tf-psa-crypto/tests/suites/test_suite_oid.function
+++ b/tf-psa-crypto/tests/suites/test_suite_oid.function
@@ -118,53 +118,3 @@
}
}
/* END_CASE */
-
-/* BEGIN_CASE */
-void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str)
-{
- char buf[256];
- mbedtls_asn1_buf input_oid = { 0, 0, NULL };
- int ret;
-
- input_oid.tag = MBEDTLS_ASN1_OID;
- /* Test that an empty OID is not dereferenced */
- input_oid.p = oid->len ? oid->x : (void *) 1;
- input_oid.len = oid->len;
-
- ret = mbedtls_oid_get_numeric_string(buf, sizeof(buf), &input_oid);
-
- if (error_ret == 0) {
- TEST_EQUAL(ret, strlen(result_str));
- TEST_ASSERT(ret >= 3);
- TEST_EQUAL(strcmp(buf, result_str), 0);
- } else {
- TEST_EQUAL(ret, error_ret);
- }
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void oid_from_numeric_string(char *oid_str, int error_ret,
- data_t *exp_oid_buf)
-{
- mbedtls_asn1_buf oid = { 0, 0, NULL };
- mbedtls_asn1_buf exp_oid = { 0, 0, NULL };
- int ret;
-
- exp_oid.tag = MBEDTLS_ASN1_OID;
- exp_oid.p = exp_oid_buf->x;
- exp_oid.len = exp_oid_buf->len;
-
- ret = mbedtls_oid_from_numeric_string(&oid, oid_str, strlen(oid_str));
-
- if (error_ret == 0) {
- TEST_EQUAL(oid.len, exp_oid.len);
- TEST_ASSERT(memcmp(oid.p, exp_oid.p, oid.len) == 0);
- mbedtls_free(oid.p);
- oid.p = NULL;
- oid.len = 0;
- } else {
- TEST_EQUAL(ret, error_ret);
- }
-}
-/* END_CASE */
diff --git a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data
index 4f00e46..67a846b 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data
+++ b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data
@@ -79,11 +79,11 @@
pk_write_key_check:"../../framework/data_files/ec_prv.sec1.der":TEST_DER
Private key write check EC 256 bits (top bit set)
-depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_256
pk_write_key_check:"../../framework/data_files/ec_256_long_prv.pem":TEST_PEM
Private key write check EC 256 bits (top bit set) (DER)
-depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256
pk_write_key_check:"../../framework/data_files/ec_256_long_prv.der":TEST_DER
Private key write check EC 521 bits