mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 09:32:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #5698 from ronald-cron-arm/tls13-misc

Browse Source 
TLS 1.3 - miscellaneous
The "merge TLS testing" job of the internal CI ran successfully thus CI is OK.
This commit is contained in:
Ronald Cron 2022-04-21 09:57:36 +02:00 committed by GitHub
commit 771e42a270
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 2949 additions and 3066 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
include/mbedtls/ssl.h
View File

@ -1128,8 +1128,8 @@ struct mbedtls_ssl_session
unsigned char MBEDTLS_PRIVATE(exported);
/*!< TLS version negotiated in the session. Used if and when renegotiating
* or resuming a session instead of the configured minor TLS version.
/** TLS version negotiated in the session. Used if and when renegotiating
* or resuming a session instead of the configured minor TLS version.
*/
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
@ -1514,19 +1514,19 @@ struct mbedtls_ssl_context
renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/*!< Server: Negotiated TLS protocol version.
* Client: Maximum TLS version to be negotiated, then negotiated TLS
* version.
/** Server: Negotiated TLS protocol version.
* Client: Maximum TLS version to be negotiated, then negotiated TLS
* version.
*
* It is initialized as the maximum TLS version to be negotiated in the
* ClientHello writing preparation stage and used throughout the
* ClientHello writing. For a fresh handshake not linked to any previous
* handshake, it is initialized to the configured maximum TLS version
* to be negotiated. When renegotiating or resuming a session, it is
* initialized to the previously negotiated TLS version.
* It is initialized as the maximum TLS version to be negotiated in the
* ClientHello writing preparation stage and used throughout the
* ClientHello writing. For a fresh handshake not linked to any previous
* handshake, it is initialized to the configured maximum TLS version
* to be negotiated. When renegotiating or resuming a session, it is
* initialized to the previously negotiated TLS version.
*
* Updated to the negotiated TLS version as soon as the ServerHello is
* received.
* Updated to the negotiated TLS version as soon as the ServerHello is
* received.
*/
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);

138
library/ecdh.c
View File

@ -32,8 +32,6 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include "ecdh_misc.h"
#include <string.h>
/* Parameter validation macros based on platform_util.h */
@ -727,140 +725,4 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
}
#endif
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
size_t *out_len, int point_format,
unsigned char *buf, size_t buf_len,
int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ctx->grp.pbits == 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
f_rng, p_rng ) ) != 0 )
return( ret );
ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format,
out_len, buf, buf_len );
if( ret != 0 )
return( ret );
return( 0 );
}
int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *out_len,
unsigned char *buf, size_t buf_len,
int ( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng )
{
ECDH_VALIDATE_RET( ctx != NULL );
ECDH_VALIDATE_RET( out_len != NULL );
ECDH_VALIDATE_RET( buf != NULL );
ECDH_VALIDATE_RET( f_rng != NULL );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ctx-> restart_enabled )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_tls13_make_params_internal( ctx, out_len, ctx->point_format,
buf, buf_len, f_rng, p_rng ) );
#else
switch( ctx->var )
{
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh,
out_len, ctx->point_format,
buf, buf_len, f_rng, p_rng ) );
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}
/*
* Setup context without Everest
*/
int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
mbedtls_ecp_group_id grp_id )
{
ECDH_VALIDATE_RET( ctx != NULL );
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_setup_internal( ctx, grp_id ) );
#else
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
ctx->grp_id = grp_id;
ecdh_init_internal( &ctx->ctx.mbed_ecdh );
return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
#endif
}
static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
const unsigned char *buf,
size_t buf_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
size_t data_len;
if( buf_len < 3 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
data_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
if( data_len < 1 || data_len != ( buf_len - 2 ) )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if( ( ret = mbedtls_ecp_point_read_binary( &ctx->grp,
&ctx->Qp, p, data_len ) ) != 0)
{
return( ret );
}
return( 0 );
}
/*
* Parse and import the client's TLS 1.3 public value
*/
int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf,
size_t buf_len )
{
ECDH_VALIDATE_RET( ctx != NULL );
ECDH_VALIDATE_RET( buf != NULL );
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_tls13_read_public_internal( ctx, buf, buf_len ) );
#else
switch( ctx->var )
{
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_tls13_read_public_internal( &ctx->ctx.mbed_ecdh,
buf, buf_len ) );
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_ECDH_C */

57
library/ecdh_misc.h
View File

@ -1,57 +0,0 @@
/**
* \file ecdh_misc.h
*
* \brief Internal functions shared by the ECDH module
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 ( the "License" ); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if !defined(MBEDTLS_ECDH_MISC_H)
#define MBEDTLS_ECDH_MISC_H
#include "mbedtls/ecdh.h"
#include "mbedtls/ecp.h"
#if defined(MBEDTLS_ECDH_C)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/*
* Setup context without Everest
*/
int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
mbedtls_ecp_group_id grp_id );
/*
* TLS 1.3 version of mbedtls_ecdh_make_params
*/
int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t buf_len,
int ( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng );
/*
* TLS 1.3 version of mbedtls_ecdh_read_public
*/
int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf,
size_t buf_len );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_ECDH_C */
#endif /* !MBEDTLS_ECDH_MISC_H */

1
library/ssl_client.c
View File

@ -42,7 +42,6 @@
#include "ssl_client.h"
#include "ssl_misc.h"
#include "ecdh_misc.h"
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"

30
library/ssl_misc.h
View File

@ -514,23 +514,23 @@ struct mbedtls_ssl_handshake_params
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_CLI_C)
/*!< Minimum TLS version to be negotiated.
/** Minimum TLS version to be negotiated.
*
* It is set up in the ClientHello writing preparation stage and used
* throughout the ClientHello writing. Not relevant anymore as soon as
* the protocol version has been negotiated thus as soon as the
* ServerHello is received.
* For a fresh handshake not linked to any previous handshake, it is
* equal to the configured minimum minor version to be negotiated. When
* renegotiating or resuming a session, it is equal to the previously
* negotiated minor version.
* It is set up in the ClientHello writing preparation stage and used
* throughout the ClientHello writing. Not relevant anymore as soon as
* the protocol version has been negotiated thus as soon as the
* ServerHello is received.
* For a fresh handshake not linked to any previous handshake, it is
* equal to the configured minimum minor version to be negotiated. When
* renegotiating or resuming a session, it is equal to the previously
* negotiated minor version.
*
* There is no maximum TLS version field in this handshake context.
* From the start of the handshake, we need to define a current protocol
* version for the record layer which we define as the maximum TLS
* version to be negotiated. The `tls_version` field of the SSL context is
* used to store this maximum value until it contains the actual
* negotiated value.
* There is no maximum TLS version field in this handshake context.
* From the start of the handshake, we need to define a current protocol
* version for the record layer which we define as the maximum TLS
* version to be negotiated. The `tls_version` field of the SSL context is
* used to store this maximum value until it contains the actual
* negotiated value.
*/
mbedtls_ssl_protocol_version min_tls_version;
#endif

51
library/ssl_tls13_client.c
View File

@ -30,7 +30,6 @@
#include "mbedtls/platform.h"
#include "ssl_misc.h"
#include "ecdh_misc.h"
#include "ssl_client.h"
#include "ssl_tls13_keys.h"
@ -711,6 +710,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
/*
* Functions for parsing and processing Server Hello
*/
/**
* \brief Detect if the ServerHello contains a supported_versions extension
* or not.
@ -792,6 +792,36 @@ static int ssl_tls13_is_supported_versions_ext_present(
return( 0 );
}
/* Returns a negative value on failure, and otherwise
* - 1 if the last eight bytes of the ServerHello random bytes indicate that
* the server is TLS 1.3 capable but negotiating TLS 1.2 or below.
* - 0 otherwise
*/
static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
{
/* First seven bytes of the magic downgrade strings, see RFC 8446 4.1.3 */
static const unsigned char magic_downgrade_string[] =
{ 0x44, 0x4F, 0x57, 0x4E, 0x47, 0x52, 0x44 };
const unsigned char *last_eight_bytes_of_random;
unsigned char last_byte_of_random;
MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2 );
last_eight_bytes_of_random = buf + 2 + MBEDTLS_SERVER_HELLO_RANDOM_LEN - 8;
if( memcmp( last_eight_bytes_of_random,
magic_downgrade_string,
sizeof( magic_downgrade_string ) ) == 0 )
{
last_byte_of_random = last_eight_bytes_of_random[7];
return( last_byte_of_random == 0 ||
last_byte_of_random == 1 );
}
return( 0 );
}
/* Returns a negative value on failure, and otherwise
* - SSL_SERVER_HELLO_COORDINATE_HELLO or
* - SSL_SERVER_HELLO_COORDINATE_HRR
@ -846,20 +876,27 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
size_t *buf_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *end;
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
MBEDTLS_SSL_HS_SERVER_HELLO,
buf, buf_len ) );
end = *buf + *buf_len;
MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_is_supported_versions_ext_present(
ssl, *buf, *buf + *buf_len ) );
ssl, *buf, end ) );
if( ret == 0 )
{
/* If the supported versions extension is not present but we were
* expecting it, abort the handshake. Otherwise, switch to TLS 1.2
* handshake.
MBEDTLS_SSL_PROC_CHK_NEG(
ssl_tls13_is_downgrade_negotiation( ssl, *buf, end ) );
/* If the server is negotiating TLS 1.2 or below and:
* . we did not propose TLS 1.2 or
* . the server responded it is TLS 1.3 capable but negotiating a lower
* version of the protocol and thus we are under downgrade attack
* abort the handshake with an "illegal parameter" alert.
*/
if( ssl->handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 )
if( ssl->handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 || ret )
{
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
@ -881,7 +918,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
return( SSL_SERVER_HELLO_COORDINATE_TLS1_2 );
}
ret = ssl_server_hello_is_hrr( ssl, *buf, *buf + *buf_len );
ret = ssl_server_hello_is_hrr( ssl, *buf, end );
switch( ret )
{
case SSL_SERVER_HELLO_COORDINATE_HELLO:

5652
tests/opt-testcases/tls13-compat.sh
View File

File diff suppressed because it is too large Load Diff

28
tests/scripts/generate_tls13_compat_tests.py
View File

@ -349,12 +349,12 @@ SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ}
CLIENT_CLASSES = {'mbedTLS': MbedTLSCli}
def generate_compat_test(server=None, client=None, cipher=None, sig_alg=None, named_group=None):
def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None):
"""
Generate test case with `ssl-opt.sh` format.
"""
name = 'TLS 1.3 {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format(
client=client, server=server, cipher=cipher, sig_alg=sig_alg, named_group=named_group)
client=client, server=server, cipher=cipher[4:], sig_alg=sig_alg, named_group=named_group)
server_object = SERVER_CLASSES[server](ciphersuite=cipher,
named_group=named_group,
@ -375,8 +375,9 @@ def generate_compat_test(server=None, client=None, cipher=None, sig_alg=None, na
return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd])
def generate_hrr_compat_test(client=None, server=None, cert_sig_alg=None,
client_named_group=None, server_named_group=None):
def generate_hrr_compat_test(client=None, server=None,
client_named_group=None, server_named_group=None,
cert_sig_alg=None):
"""
Generate Hello Retry Request test case with `ssl-opt.sh` format.
"""
@ -480,14 +481,15 @@ def main():
def get_all_test_cases():
# Generate normal compat test cases
for cipher, sig_alg, named_group, server, client in \
itertools.product(CIPHER_SUITE_IANA_VALUE.keys(),
SIG_ALG_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys(),
for client, server, cipher, named_group, sig_alg in \
itertools.product(CLIENT_CLASSES.keys(),
SERVER_CLASSES.keys(),
CLIENT_CLASSES.keys()):
yield generate_compat_test(cipher=cipher, sig_alg=sig_alg, named_group=named_group,
server=server, client=client)
CIPHER_SUITE_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys(),
SIG_ALG_IANA_VALUE.keys()):
yield generate_compat_test(client=client, server=server,
cipher=cipher, named_group=named_group,
sig_alg=sig_alg)
# Generate Hello Retry Request compat test cases
for client, server, client_named_group, server_named_group in \
@ -497,9 +499,9 @@ def main():
NAMED_GROUP_IANA_VALUE.keys()):
if client_named_group != server_named_group:
yield generate_hrr_compat_test(client=client, server=server,
cert_sig_alg="ecdsa_secp256r1_sha256",
client_named_group=client_named_group,
server_named_group=server_named_group)
server_named_group=server_named_group,
cert_sig_alg="ecdsa_secp256r1_sha256")
if args.generate_all_tls13_compat_tests:
if args.output:

32
tests/ssl-opt.sh
View File

@ -1749,37 +1749,37 @@ run_test "SHA-256 allowed by default in client certificate" \
# ssl_client2/ssl_server2 example programs works.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: PSK only" \
run_test "TLS 1.3: key exchange mode parameter passing: PSK only" \
"$P_SRV tls13_kex_modes=psk debug_level=4" \
"$P_CLI tls13_kex_modes=psk debug_level=4" \
0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \
run_test "TLS 1.3: key exchange mode parameter passing: PSK-ephemeral only" \
"$P_SRV tls13_kex_modes=psk_ephemeral" \
"$P_CLI tls13_kex_modes=psk_ephemeral" \
0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \
run_test "TLS 1.3: key exchange mode parameter passing: Pure-ephemeral only" \
"$P_SRV tls13_kex_modes=ephemeral" \
"$P_CLI tls13_kex_modes=ephemeral" \
0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: All ephemeral" \
run_test "TLS 1.3: key exchange mode parameter passing: All ephemeral" \
"$P_SRV tls13_kex_modes=ephemeral_all" \
"$P_CLI tls13_kex_modes=ephemeral_all" \
0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: All PSK" \
run_test "TLS 1.3: key exchange mode parameter passing: All PSK" \
"$P_SRV tls13_kex_modes=psk_all" \
"$P_CLI tls13_kex_modes=psk_all" \
0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: All" \
run_test "TLS 1.3: key exchange mode parameter passing: All" \
"$P_SRV tls13_kex_modes=all" \
"$P_CLI tls13_kex_modes=all" \
0
@ -9789,7 +9789,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_gnutls_tls1_3
run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.0" \
run_test "TLS 1.3: Not supported version check:gnutls: srv max TLS 1.0" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0 -d 4" \
"$P_CLI debug_level=4" \
1 \
@ -9802,7 +9802,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_gnutls_tls1_3
run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.1" \
run_test "TLS 1.3: Not supported version check:gnutls: srv max TLS 1.1" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1 -d 4" \
"$P_CLI debug_level=4" \
1 \
@ -9815,7 +9815,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_gnutls_tls1_3
run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.2" \
run_test "TLS 1.3: Not supported version check:gnutls: srv max TLS 1.2" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 -d 4" \
"$P_CLI force_version=tls13 debug_level=4" \
1 \
@ -9829,7 +9829,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_openssl_next
run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.0" \
run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.0" \
"$O_NEXT_SRV -msg -tls1" \
"$P_CLI debug_level=4" \
1 \
@ -9843,7 +9843,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_openssl_next
run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.1" \
run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.1" \
"$O_NEXT_SRV -msg -tls1_1" \
"$P_CLI debug_level=4" \
1 \
@ -9857,7 +9857,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_openssl_next
run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \
run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.2" \
"$O_NEXT_SRV -msg -tls1_2" \
"$P_CLI force_version=tls13 debug_level=4" \
1 \
@ -10159,7 +10159,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_openssl_tls1_3
run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \
"$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
0 \
@ -10174,7 +10174,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_openssl_tls1_3
run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \
"$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
0 \
@ -10190,7 +10190,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
"$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
0 \
@ -10206,7 +10206,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \
"$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
0 \