mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-29 13:20:21 +00:00
ssl-opt.sh: Remove unnecessary TLS 1.3 forcing on client side
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
c341ad717e
commit
65f9029741
@ -11926,7 +11926,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \
|
||||
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
|
||||
"$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
|
||||
key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
|
||||
0 \
|
||||
-c "got a certificate request" \
|
||||
@ -11943,7 +11943,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
|
||||
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
|
||||
"$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
|
||||
"$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
|
||||
0 \
|
||||
-c "got a certificate request" \
|
||||
@ -11959,7 +11959,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \
|
||||
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
|
||||
"$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
|
||||
key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
|
||||
0 \
|
||||
-c "got a certificate request" \
|
||||
@ -11976,7 +11976,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
|
||||
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
|
||||
"$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
|
||||
"$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
|
||||
0 \
|
||||
-c "got a certificate request" \
|
||||
@ -12194,7 +12194,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \
|
||||
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
|
||||
"$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
|
||||
key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
|
||||
0 \
|
||||
-c "got a certificate request" \
|
||||
@ -12212,7 +12212,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \
|
||||
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
|
||||
"$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
|
||||
"$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
|
||||
0 \
|
||||
-c "got a certificate request" \
|
||||
@ -12229,7 +12229,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \
|
||||
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
|
||||
"$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
|
||||
key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
|
||||
0 \
|
||||
-c "got a certificate request" \
|
||||
@ -12247,7 +12247,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \
|
||||
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
|
||||
"$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
|
||||
"$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
|
||||
0 \
|
||||
-c "got a certificate request" \
|
||||
@ -12436,7 +12436,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Server side check - mbedtls" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
|
||||
"$P_CLI debug_level=4 force_version=tls13" \
|
||||
"$P_CLI debug_level=4" \
|
||||
0 \
|
||||
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
|
||||
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
|
||||
@ -12455,7 +12455,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Server side check - mbedtls with client authentication" \
|
||||
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
|
||||
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \
|
||||
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
|
||||
0 \
|
||||
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
|
||||
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
|
||||
@ -12472,7 +12472,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \
|
||||
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
|
||||
"$P_CLI debug_level=4 crt_file=none key_file=none force_version=tls13" \
|
||||
"$P_CLI debug_level=4 crt_file=none key_file=none" \
|
||||
1 \
|
||||
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
|
||||
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
|
||||
@ -12490,7 +12490,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \
|
||||
"$P_SRV debug_level=4 auth_mode=optional crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 crt_file=none key_file=none" \
|
||||
"$P_CLI debug_level=4 crt_file=none key_file=none" \
|
||||
0 \
|
||||
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
|
||||
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
|
||||
@ -12507,7 +12507,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: server: HRR check - mbedtls" \
|
||||
"$P_SRV debug_level=4 force_version=tls13 curves=secp384r1" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \
|
||||
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
|
||||
0 \
|
||||
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
|
||||
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
|
||||
@ -12524,7 +12524,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: Server side check, no server certificate available" \
|
||||
"$P_SRV debug_level=4 crt_file=none key_file=none force_version=tls13" \
|
||||
"$P_CLI debug_level=4 force_version=tls13" \
|
||||
"$P_CLI debug_level=4" \
|
||||
1 \
|
||||
-s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
|
||||
-s "No certificate available."
|
||||
@ -12563,8 +12563,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
run_test "TLS 1.3: Server side check - mbedtls with sni" \
|
||||
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \
|
||||
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
|
||||
"$P_CLI debug_level=4 server_name=localhost crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
force_version=tls13" \
|
||||
"$P_CLI debug_level=4 server_name=localhost crt_file=data_files/server5.crt key_file=data_files/server5.key" \
|
||||
0 \
|
||||
-s "parse ServerName extension" \
|
||||
-s "HTTP/1.0 200 OK"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user