diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index a78ec382e8..1e909143ff 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -439,79 +439,6 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -s "Certificate verification was skipped" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -926,79 +853,6 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ -s "Certificate verification was skipped" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -1413,79 +1267,6 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" -s "Certificate verification was skipped" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -1900,79 +1681,6 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -s "Certificate verification was skipped" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -2387,79 +2095,6 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -s "Certificate verification was skipped" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -2922,83 +2557,6 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -s "Certificate verification was skipped" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -3461,83 +3019,6 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ -s "Certificate verification was skipped" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -4000,83 +3481,6 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" -s "Certificate verification was skipped" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -4539,83 +3943,6 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -s "Certificate verification was skipped" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -5078,83 +4405,6 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -s "Certificate verification was skipped" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -5593,83 +4843,6 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -6108,83 +5281,6 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -6623,83 +5719,6 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -7138,83 +6157,6 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -7653,83 +6595,6 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -8216,87 +7081,6 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -8783,87 +7567,6 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -9350,87 +8053,6 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -9917,87 +8539,6 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -10484,87 +9025,6 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -11201,112 +9661,6 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -11943,112 +10297,6 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -12685,112 +10933,6 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -13427,112 +11569,6 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -14169,112 +12205,6 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x403" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0403 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ - "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x503" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0503 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ - "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x603" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0603 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -14350,22 +12280,6 @@ run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: ffdhe2048" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -14441,22 +12355,6 @@ run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: ffdhe2048" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -14532,22 +12430,6 @@ run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: ffdhe2048" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -14623,22 +12505,6 @@ run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: ffdhe2048" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -14714,22 +12580,6 @@ run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: ffdhe2048" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR x448 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -14805,118 +12655,6 @@ run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x448" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: x448" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR ffdhe2048 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:ffdhe8192 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp256r1" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-256 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp384r1" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-384 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp521r1" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-521 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x25519" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X25519 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x448" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X448 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -run_test "TLS 1.3 O->m: HRR ffdhe8192 -> ffdhe2048" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:ffdhe2048 -msg -tls1_3" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe2048(0100)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe2048" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -15002,23 +12740,6 @@ run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe2048" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: ffdhe2048" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -15104,23 +12825,6 @@ run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe2048" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: ffdhe2048" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -15206,23 +12910,6 @@ run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe2048" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: ffdhe2048" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -15308,23 +12995,6 @@ run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe2048" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: ffdhe2048" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -15410,23 +13080,6 @@ run_test "TLS 1.3 G->m: HRR x448 -> ffdhe2048" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: ffdhe2048" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR x448 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -15512,125 +13165,6 @@ run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x448" \ -s "Certificate verification was skipped" \ -s "HRR selected_group: x448" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR ffdhe2048 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe8192" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp256r1" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp384r1" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp521r1" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR ffdhe8192 -> x25519" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR ffdhe8192 -> x448" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: HRR ffdhe8192 -> ffdhe2048" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe2048(0100)" \ - -s "Certificate verification was skipped" \ - -s "HRR selected_group: ffdhe2048" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -15722,26 +13256,6 @@ run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe8192" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -15833,26 +13347,6 @@ run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe8192" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -15944,26 +13438,6 @@ run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe8192" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -16055,26 +13529,6 @@ run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe8192" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -16166,26 +13620,6 @@ run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR x448 -> ffdhe8192" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C @@ -16281,138 +13715,6 @@ run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 30 )" -requires_openssl_tls1_3_with_ffdh -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR ffdhe2048 -> ffdhe8192" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe2048 ( 100 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp256r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 23 )" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp384r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 24 )" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp521r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 25 )" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR ffdhe8192 -> x25519" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 29 )" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR ffdhe8192 -> x448" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 30 )" - -requires_openssl_tls1_3_with_ffdh -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->O: HRR ffdhe8192 -> ffdhe2048" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \ - 0 \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: ffdhe2048 ( 100 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 256 )" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -16514,27 +13816,6 @@ run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe8192" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -16636,27 +13917,6 @@ run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe8192" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -16758,27 +14018,6 @@ run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe8192" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -16880,27 +14119,6 @@ run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe8192" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -17002,27 +14220,6 @@ run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR x448 -> ffdhe8192" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -17128,151 +14325,6 @@ run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 30 )" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR ffdhe2048 -> ffdhe8192" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe2048 ( 100 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp256r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 23 )" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp384r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 24 )" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp521r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 25 )" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR ffdhe8192 -> x25519" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 29 )" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR ffdhe8192 -> x448" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 30 )" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->G: HRR ffdhe8192 -> ffdhe2048" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: ffdhe2048 ( 100 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 256 )" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -17399,32 +14451,6 @@ run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: ffdhe8192" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -17551,32 +14577,6 @@ run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: ffdhe8192" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -17703,32 +14703,6 @@ run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: ffdhe8192" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -17855,32 +14829,6 @@ run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: ffdhe8192" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -18007,32 +14955,6 @@ run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 256 )" -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR x448 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: ffdhe8192" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -18162,183 +15084,3 @@ run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \ -s "HRR selected_group: x448" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 30 )" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR ffdhe2048 -> ffdhe8192" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe2048 ( 100 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: ffdhe8192" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 260 )" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp256r1" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp256r1" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 23 )" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp384r1" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp384r1" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 24 )" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp521r1" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp521r1" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 25 )" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR ffdhe8192 -> x25519" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: x25519" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 29 )" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR ffdhe8192 -> x448" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: x448" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 30 )" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled PSA_WANT_ALG_FFDH -run_test "TLS 1.3 m->m: HRR ffdhe8192 -> ffdhe2048" \ - "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: ffdhe2048(0100)" \ - -s "Certificate verification was skipped" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "NamedGroup: ffdhe2048 ( 100 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: ffdhe2048" \ - -c "received HelloRetryRequest message" \ - -c "selected_group ( 256 )" diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index b869e94c5d..e66aefabe2 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -68,7 +68,6 @@ NAMED_GROUP_IANA_VALUE = { 'x25519': 0x1d, 'x448': 0x1e, 'ffdhe2048': 0x100, - 'ffdhe8192': 0x104, } @@ -149,7 +148,6 @@ class OpenSSLBase(TLSProgram): 'x25519': 'X25519', 'x448': 'X448', 'ffdhe2048': 'ffdhe2048', - 'ffdhe8192': 'ffdhe8192', } def cmd(self): @@ -180,16 +178,11 @@ class OpenSSLBase(TLSProgram): ret = ["requires_openssl_tls1_3"] # ffdh groups require at least openssl 3.0 - ffdh_groups = ['ffdhe2048', 'ffdhe8192'] + ffdh_groups = ['ffdhe2048'] if any(x in ffdh_groups for x in self._named_groups): ret = ["requires_openssl_tls1_3_with_ffdh"] - # ffdhe8192 has very long keys and requires intensive computation. - # The test may fail on CI when executor is just very loaded. Give a second chance. - if 'ffdhe8192' in self._named_groups: - ret.append('client_needs_more_time 2') - return ret @@ -263,7 +256,6 @@ class GnuTLSBase(TLSProgram): 'x25519': ['GROUP-X25519'], 'x448': ['GROUP-X448'], 'ffdhe2048': ['GROUP-FFDHE2048'], - 'ffdhe8192': ['GROUP-FFDHE8192'], } def pre_checks(self): @@ -385,7 +377,7 @@ class MbedTLSBase(TLSProgram): 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') ec_groups = ['secp256r1', 'secp384r1', 'secp521r1', 'x25519', 'x448'] - ffdh_groups = ['ffdhe2048', 'ffdhe8192'] + ffdh_groups = ['ffdhe2048'] if any(x in ec_groups for x in self._named_groups): ret.append('requires_config_enabled PSA_WANT_ALG_ECDH') diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ad2fe8b4a3..1374bca5ee 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13194,6 +13194,174 @@ run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled PSA_WANT_ALG_FFDH +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: ffdhe3072(0101)" \ + -s "Certificate verification was skipped" \ + -C "received HelloRetryRequest message" + + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled PSA_WANT_ALG_FFDH +run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: ffdhe3072 ( 101 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled PSA_WANT_ALG_FFDH +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: ffdhe4096(0102)" \ + -s "Certificate verification was skipped" \ + -C "received HelloRetryRequest message" + + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled PSA_WANT_ALG_FFDH +run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: ffdhe4096 ( 102 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled PSA_WANT_ALG_FFDH +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: ffdhe6144(0103)" \ + -s "Certificate verification was skipped" \ + -C "received HelloRetryRequest message" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled PSA_WANT_ALG_FFDH +run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: ffdhe6144 ( 103 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled PSA_WANT_ALG_FFDH +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +client_needs_more_time 4 +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: ffdhe8192(0104)" \ + -s "Certificate verification was skipped" \ + -C "received HelloRetryRequest message" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled PSA_WANT_ALG_FFDH +client_needs_more_time 4 +run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: ffdhe8192 ( 104 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG