From 3cf41457eee7d27b16002297b445211cf92c008a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 10 Mar 2024 10:44:14 +0100 Subject: [PATCH] ssl-opt.sh: Move m->m resumption tests Move m->m resumption tests just before resumption and early data tests against GnuTLS and OpenSSL. Signed-off-by: Ronald Cron --- tests/opt-testcases/tls13-misc.sh | 714 +++++++++++++++--------------- 1 file changed, 357 insertions(+), 357 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index ab4805f777..7fc3af9644 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -71,6 +71,196 @@ run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ -S "key exchange mode: ephemeral$" \ -s "ticket is not authentic" +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ + "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ + "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "key exchange mode: psk$" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ + "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "key exchange mode: psk_ephemeral$" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ + "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "key exchange mode: ephemeral$" + +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "got new session ticket ( 3 )" \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "HTTP/1.0 200 OK" \ + -s "=> write NewSessionTicket msg" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ + -s "key exchange mode: ephemeral" \ + -s "key exchange mode: psk_ephemeral" \ + -s "found pre_shared_key extension" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ + MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: NewSessionTicket: Ticket lifetime max value (7d)" \ + "$P_SRV debug_level=1 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604800 tickets=1" \ + "$P_CLI reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "HTTP/1.0 200 OK" \ + -c "got new session ticket" \ + -c "Reconnecting with saved session... ok" \ + -s "Protocol is TLSv1.3" \ + -S "Ticket lifetime (604800) is greater than 7 days." + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ + MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: NewSessionTicket: Ticket lifetime too long (7d + 1s)" \ + "$P_SRV debug_level=1 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604801 tickets=1" \ + "$P_CLI reco_mode=1 reconnect=1" \ + 1 \ + -c "Protocol is TLSv1.3" \ + -C "HTTP/1.0 200 OK" \ + -C "got new session ticket" \ + -C "Reconnecting with saved session... ok" \ + -S "Protocol is TLSv1.3" \ + -s "Ticket lifetime (604801) is greater than 7 days." + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ + MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: NewSessionTicket: ticket lifetime=0" \ + "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=0 tickets=1" \ + "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \ + 1 \ + -c "Protocol is TLSv1.3" \ + -c "HTTP/1.0 200 OK" \ + -c "Discard new session ticket" \ + -C "got new session ticket" \ + -c "Reconnecting with saved session... failed" \ + -s "Protocol is TLSv1.3" \ + -s "<= write new session ticket" + +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4 \ + sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ + "$P_CLI debug_level=4 server_name=localhost reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "got new session ticket." \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "HTTP/1.0 200 OK" \ + -s "=> write NewSessionTicket msg" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ + -s "key exchange mode: ephemeral" \ + -s "key exchange mode: psk_ephemeral" \ + -s "found pre_shared_key extension" + +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4 \ + sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ + "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \ + 1 \ + -c "Protocol is TLSv1.3" \ + -c "got new session ticket." \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "Hostname mismatch the session ticket, disable session resumption." \ + -s "=> write NewSessionTicket msg" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" + requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ @@ -185,72 +375,177 @@ run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window -S "Ticket age exceeds limitation" \ -s "Ticket age outside tolerance window" -requires_gnutls_tls1_3 -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "key exchange mode: psk$" +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ + "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -s "No suitable PSK key exchange mode" \ + -s "No usable PSK or ticket" -requires_gnutls_tls1_3 -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ + "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "No suitable PSK key exchange mode" \ + -s "found matched identity" + +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ + "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -s "No suitable PSK key exchange mode" \ + -s "No usable PSK or ticket" + +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ + "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "No suitable PSK key exchange mode" \ + -s "found matched identity" + +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "key exchange mode: psk_ephemeral$" +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ + "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -s "No suitable PSK key exchange mode" \ + -s "No usable PSK or ticket" -requires_gnutls_tls1_3 -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "key exchange mode: ephemeral$" +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ + "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -s "No suitable PSK key exchange mode" \ + -s "No usable PSK or ticket" + +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemeral." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ + "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "No suitable PSK key exchange mode" \ + -s "found matched identity" \ + -s "key exchange mode: psk_ephemeral" + +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ + "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "No suitable PSK key exchange mode" \ + -s "found matched identity" \ + -s "key exchange mode: psk_ephemeral" + +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ + "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -s "No suitable PSK key exchange mode" \ + -s "No usable PSK or ticket" + +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ + "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "No suitable PSK key exchange mode" \ + -s "found matched identity" + +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ + "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "No suitable PSK key exchange mode" \ + -s "found matched identity" \ + -s "key exchange mode: psk_ephemeral" + +requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ + "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "No suitable PSK key exchange mode" \ + -s "found matched identity" \ + -s "key exchange mode: psk_ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ @@ -615,301 +910,6 @@ run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \ -S "ClientHello: early_data(42) extension exists." \ -S "EncryptedExtensions: early_data(42) extension exists." -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "got new session ticket ( 3 )" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -s "=> write NewSessionTicket msg" \ - -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ - -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ - -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -s "found pre_shared_key extension" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ - MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ - MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: NewSessionTicket: Ticket lifetime max value (7d)" \ - "$P_SRV debug_level=1 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604800 tickets=1" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" \ - -c "got new session ticket" \ - -c "Reconnecting with saved session... ok" \ - -s "Protocol is TLSv1.3" \ - -S "Ticket lifetime (604800) is greater than 7 days." - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ - MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ - MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: NewSessionTicket: Ticket lifetime too long (7d + 1s)" \ - "$P_SRV debug_level=1 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604801 tickets=1" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -C "HTTP/1.0 200 OK" \ - -C "got new session ticket" \ - -C "Reconnecting with saved session... ok" \ - -S "Protocol is TLSv1.3" \ - -s "Ticket lifetime (604801) is greater than 7 days." - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ - MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ - MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: NewSessionTicket: ticket lifetime=0" \ - "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=0 tickets=1" \ - "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" \ - -c "Discard new session ticket" \ - -C "got new session ticket" \ - -c "Reconnecting with saved session... failed" \ - -s "Protocol is TLSv1.3" \ - -s "<= write new session ticket" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4 \ - sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ - "$P_CLI debug_level=4 server_name=localhost reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "got new session ticket." \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -s "=> write NewSessionTicket msg" \ - -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ - -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ - -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -s "found pre_shared_key extension" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4 \ - sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ - "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -c "got new session ticket." \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "Hostname mismatch the session ticket, disable session resumption." \ - -s "=> write NewSessionTicket msg" \ - -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ - -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "No suitable PSK key exchange mode" \ - -s "found matched identity" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "No suitable PSK key exchange mode" \ - -s "found matched identity" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemeral." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "No suitable PSK key exchange mode" \ - -s "found matched identity" \ - -s "key exchange mode: psk_ephemeral" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "No suitable PSK key exchange mode" \ - -s "found matched identity" \ - -s "key exchange mode: psk_ephemeral" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "No suitable PSK key exchange mode" \ - -s "found matched identity" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "No suitable PSK key exchange mode" \ - -s "found matched identity" \ - -s "key exchange mode: psk_ephemeral" - -requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "No suitable PSK key exchange mode" \ - -s "found matched identity" \ - -s "key exchange mode: psk_ephemeral" - requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \