diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 79d7dddeae..ad7b8f04d1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -647,6 +647,8 @@ typedef enum MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, + MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, + MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST, } mbedtls_ssl_states; diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 4c9a177968..d0b8a64db8 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2720,7 +2720,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ) if( ++ssl->cur_out_ctr[i - 1] != 0 ) break; - /* The loop goes to its end iff the counter is wrapping */ + /* The loop goes to its end if the counter is wrapping */ if( i == mbedtls_ssl_ep_len( ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index bfb2204d70..ffbbbcfa5e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1261,11 +1261,6 @@ static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl ) return( ret ); } - mbedtls_ssl_set_outbound_transform( ssl, - ssl->handshake->transform_handshake ); - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "switching to handshake transform for outbound data" ) ); - return( ret ); } @@ -1295,7 +1290,16 @@ static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_server_hello( ssl ) ); +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + /* The server sends a dummy change_cipher_spec record immediately + * after its first handshake message. This may either be after + * a ServerHello or a HelloRetryRequest. + */ + mbedtls_ssl_handshake_set_state( + ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO ); +#else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ cleanup: @@ -1360,7 +1364,16 @@ static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl ) ssl->handshake->hello_retry_request_count++; +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + /* The server sends a dummy change_cipher_spec record immediately + * after its first handshake message. This may either be after + * a ServerHello or a HelloRetryRequest. + */ + mbedtls_ssl_handshake_set_state( + ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST ); +#else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ cleanup: MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello retry request" ) ); @@ -1421,6 +1434,11 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl ) unsigned char *buf; size_t buf_len, msg_len; + mbedtls_ssl_set_outbound_transform( ssl, + ssl->handshake->transform_handshake ); + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "switching to handshake transform for outbound data" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) ); MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl, @@ -1748,6 +1766,23 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* + * Injection of dummy-CCS's for middlebox compatibility + */ +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST: + ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl ); + if( ret == 0 ) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); + break; + + case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: + ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl ); + if( ret == 0 ) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); + break; +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ + case MBEDTLS_SSL_SERVER_FINISHED: ret = ssl_tls13_write_server_finished( ssl ); break; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0b6711cdd4..afabb64529 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11499,6 +11499,35 @@ do done unset TEST_SUITE_NAME +# Test 1.3 compatibility mode +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 force_version=tls13 tickets=0" \ + "$P_CLI debug_level=4" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -c "Protocol is TLSv1.3" \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->m both with middlebox compat support" \ + "$P_SRV debug_level=4 force_version=tls13 tickets=0" \ + "$P_CLI debug_level=4" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -c "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE @@ -11506,10 +11535,11 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \ "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=3" \ + "$P_CLI debug_level=4" \ 0 \ -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 ok" + -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -11518,10 +11548,22 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->O server with middlebox compat support, not client" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=3" \ + "$P_CLI debug_level=4" \ 1 \ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->O both with middlebox compat support" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI debug_level=4" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -11531,10 +11573,11 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ - "$P_CLI debug_level=3" \ + "$P_CLI debug_level=4" \ 0 \ -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" + -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -11544,10 +11587,301 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->G server with middlebox compat support, not client" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=3" \ + "$P_CLI debug_level=4" \ 1 \ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->G both with middlebox compat support" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ + "$P_CLI debug_level=4" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$O_NEXT_CLI -msg -debug -no_middlebox" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -C "14 03 03 00 01" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$O_NEXT_CLI -msg -debug -no_middlebox" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m both with middlebox compat support" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$O_NEXT_CLI -msg -debug" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -c "14 03 03 00 01" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -C "SSL 3.3 ChangeCipherSpec packet received" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -c "SSL 3.3 ChangeCipherSpec packet received" \ + -c "discarding change cipher spec in TLS1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m both with middlebox compat support" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -c "SSL 3.3 ChangeCipherSpec packet received" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -c "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ + "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -c "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \ + "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "received HelloRetryRequest message" \ + -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \ + "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ + 1 \ + -c "received HelloRetryRequest message" \ + -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ + "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \ + "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "received HelloRetryRequest message" \ + -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \ + "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ + 1 \ + -c "received HelloRetryRequest message" \ + -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ + "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ + -C "14 03 03 00 01" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ + -c "14 03 03 00 01" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ + -C "SSL 3.3 ChangeCipherSpec packet received" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ + -c "SSL 3.3 ChangeCipherSpec packet received" \ + -c "discarding change cipher spec in TLS1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ + -c "SSL 3.3 ChangeCipherSpec packet received" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG