commit 4bb67736400540f3f2afb38e2abfae6cfd02018a
author Ronald Cron <ronald.cron@arm.com> Thu Feb 16 15:51:18 2023 +0100
committer Ronald Cron <ronald.cron@arm.com> Mon Feb 20 11:42:19 2023 +0100
tree 63ec48c24f9a3398512fba8c3cec26d32c782230
parent b18c67af5fc7c47f6251c6ea0b64fcec12109ee7

tls13: Apply same preference rules for ciphersuites as for TLS 1.2

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 6864138..3b493ee 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -11470,7 +11470,7 @@
 # TLS1.3 test cases
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_ciphersuite_enabled TLS1-3-AES-128-GCM-SHA256
+requires_ciphersuite_enabled TLS1-3-CHACHA20-POLY1305-SHA256
 requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
 requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -11479,7 +11479,7 @@
             "$P_CLI allow_sha1=0" \
             0 \
             -s "Protocol is TLSv1.3" \
-            -s "Ciphersuite is TLS1-3-AES-128-GCM-SHA256" \
+            -s "Ciphersuite is TLS1-3-CHACHA20-POLY1305-SHA256" \
             -s "ECDH group: x25519" \
             -s "selected signature algorithm ecdsa_secp256r1_sha256"
 
@@ -11503,7 +11503,7 @@
             -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
             -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
             -c "<= ssl_tls13_process_server_hello" \
-            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+            -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
             -c "ECDH curve: x25519" \
             -c "=> ssl_tls13_process_server_hello" \
             -c "<= parse encrypted extensions" \
@@ -11537,7 +11537,7 @@
             -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
             -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
             -c "<= ssl_tls13_process_server_hello" \
-            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+            -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
             -c "ECDH curve: x25519" \
             -c "=> ssl_tls13_process_server_hello" \
             -c "<= parse encrypted extensions" \
@@ -11570,7 +11570,7 @@
             -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
             -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
             -c "<= ssl_tls13_process_server_hello" \
-            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+            -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
             -c "ECDH curve: x25519" \
             -c "=> ssl_tls13_process_server_hello" \
             -c "<= parse encrypted extensions" \
@@ -11606,7 +11606,7 @@
             -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
             -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
             -c "<= ssl_tls13_process_server_hello" \
-            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+            -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
             -c "ECDH curve: x25519" \
             -c "=> ssl_tls13_process_server_hello" \
             -c "<= parse encrypted extensions" \