From 7b39bf178e966b19465357c6ebdf5957d30f6401 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 24 May 2022 16:04:14 +0200 Subject: [PATCH 1/8] Send dummy change_cipher_spec records from TLS 1.3 server Signed-off-by: Gabor Mezei --- include/mbedtls/ssl.h | 2 ++ library/ssl_tls13_server.c | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 79d7dddeae..6e593ab0de 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -647,6 +647,8 @@ typedef enum MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, + MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, + MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST, } mbedtls_ssl_states; diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5be338d3ff..d50be5d532 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1273,7 +1273,16 @@ static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_server_hello( ssl ) ); +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + /* The server sends a dummy change_cipher_spec record immediately + * after its first handshake message. This may either be after + * a ServerHello or a HelloRetryRequest. + */ + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO ); +#else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ cleanup: @@ -1339,7 +1348,16 @@ static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl ) ssl->handshake->hello_retry_request_count++; +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + /* The server sends a dummy change_cipher_spec record immediately + * after its first handshake message. This may either be after + * a ServerHello or a HelloRetryRequest. + */ + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST ); +#else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ cleanup: MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello retry request" ) ); @@ -1719,6 +1737,23 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* + * Injection of dummy-CCS's for middlebox compatibility + */ +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST: + ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl ); + if( ret == 0 ) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); + break; + + case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: + ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl ); + if( ret == 0 ) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); + break; +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ + case MBEDTLS_SSL_SERVER_FINISHED: ret = ssl_tls13_write_server_finished( ssl ); break; From 7e2dbafe2deee55a93ba1d782fe1cfdaee9aff12 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 24 May 2022 16:05:29 +0200 Subject: [PATCH 2/8] Add test for dummy CCS records Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 354 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 346 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f507a3251b..6713d9cd2e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11444,6 +11444,35 @@ do done unset TEST_SUITE_NAME +# Test 1.3 compatibility mode +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 force_version=tls13 tickets=0" \ + "$P_CLI debug_level=4 force_version=tls13" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -c "The SSL configuration is tls13 only." \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->m both with middlebox compat support" \ + "$P_SRV debug_level=4 force_version=tls13 tickets=0" \ + "$P_CLI debug_level=4 force_version=tls13" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -c "The SSL configuration is tls13 only." \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE @@ -11451,10 +11480,11 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \ "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=3" \ + "$P_CLI debug_level=4 force_version=tls13" \ 0 \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 ok" + -c "The SSL configuration is tls13 only." \ + -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -11463,10 +11493,23 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->O server with middlebox compat support, not client" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=3" \ + "$P_CLI debug_level=4 force_version=tls13" \ 1 \ + -c "The SSL configuration is tls13 only." \ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->O both with middlebox compat support" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI debug_level=4 force_version=tls13" \ + 0 \ + -c "The SSL configuration is tls13 only." \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -11476,10 +11519,11 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ - "$P_CLI debug_level=3" \ + "$P_CLI debug_level=4 force_version=tls13" \ 0 \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" + -c "The SSL configuration is tls13 only." \ + -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -11489,10 +11533,304 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->G server with middlebox compat support, not client" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=3" \ + "$P_CLI debug_level=4 force_version=tls13" \ 1 \ + -c "The SSL configuration is tls13 only." \ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->G both with middlebox compat support" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ + "$P_CLI debug_level=4 force_version=tls13" \ + 0 \ + -c "The SSL configuration is tls13 only." \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -C "14 03 03 00 01" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m both with middlebox compat support" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$O_NEXT_CLI -msg -debug -tls1_3" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -c "14 03 03 00 01" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -C "SSL 3.3 ChangeCipherSpec packet received" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -c "SSL 3.3 ChangeCipherSpec packet received" \ + -c "discarding change cipher spec in TLS1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m both with middlebox compat support" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ + -c "SSL 3.3 ChangeCipherSpec packet received" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \ + "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -c "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ + "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \ + "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -c "Protocol is TLSv1.3" \ + -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \ + "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \ + "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + 0 \ + -c "The SSL configuration is tls13 only." \ + -c "received HelloRetryRequest message" \ + -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \ + "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \ + "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + 1 \ + -c "The SSL configuration is tls13 only." \ + -c "received HelloRetryRequest message" \ + -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ + "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + 0 \ + -c "The SSL configuration is tls13 only." \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \ + "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ + "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + 0 \ + -c "The SSL configuration is tls13 only." \ + -c "received HelloRetryRequest message" \ + -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ + -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \ + "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ + "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + 1 \ + -c "The SSL configuration is tls13 only." \ + -c "received HelloRetryRequest message" \ + -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ + "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ + "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + 0 \ + -c "The SSL configuration is tls13 only." \ + -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$O_NEXT_CLI -msg -debug -tls1_3 -groups P-256:P-384 -no_middlebox" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -C "14 03 03 00 01" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$O_NEXT_CLI -msg -debug -tls1_3 -groups P-256:P-384 -no_middlebox" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$O_NEXT_CLI -msg -debug -tls1_3 -groups P-256:P-384" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -c "14 03 03 00 01" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -C "SSL 3.3 ChangeCipherSpec packet received" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -c "SSL 3.3 ChangeCipherSpec packet received" \ + -c "discarding change cipher spec in TLS1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "The SSL configuration is tls13 only." \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -c "SSL 3.3 ChangeCipherSpec packet received" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 96ec83138540d7399d9e17a68f304425661ee9e5 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 22 Jun 2022 13:17:28 +0200 Subject: [PATCH 3/8] Do not encrypt CCS records According to the TLS 1.3 standard the CCS records must be unencrypted. When a record is not encrypted the counter, used in the dynamic IV creation, is not incremented. Signed-off-by: Gabor Mezei --- library/ssl_misc.h | 3 ++- library/ssl_msg.c | 42 ++++++++++++++++++++++++------------- library/ssl_tls13_generic.c | 2 +- 3 files changed, 30 insertions(+), 17 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b1f0c90b5f..b9a191f33b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1271,7 +1271,8 @@ static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl, size_t buf_len, size_t msg_len ); -int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ); +int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush, + int encrypt ); int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 4c9a177968..c4756d929e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -151,6 +151,9 @@ exit: #define SSL_DONT_FORCE_FLUSH 0 #define SSL_FORCE_FLUSH 1 +#define SSL_DONT_ENCRYPT_RECORD 0 +#define SSL_ENCRYPT_RECORD 1 + #if defined(MBEDTLS_SSL_PROTO_DTLS) /* Forward declarations for functions related to message buffering. */ @@ -2324,7 +2327,8 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) } /* Actually send the message out */ - if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 ) + if( ( ret = mbedtls_ssl_write_record( ssl, force_flush, + SSL_ENCRYPT_RECORD ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); @@ -2570,7 +2574,8 @@ int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl, else #endif { - if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 ) + if( ( ret = mbedtls_ssl_write_record( ssl, force_flush, + SSL_ENCRYPT_RECORD ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret ); return( ret ); @@ -2610,7 +2615,8 @@ cleanup: * - ssl->out_msglen: length of the record content (excl headers) * - ssl->out_msg: record content */ -int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ) +int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush, + int encrypt ) { int ret, done = 0; size_t len = ssl->out_msglen; @@ -2642,7 +2648,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ) memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0); - if( ssl->transform_out != NULL ) + if( ssl->transform_out != NULL && encrypt ) { mbedtls_record rec; @@ -2714,17 +2720,21 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ) ssl->out_left += protected_record_size; ssl->out_hdr += protected_record_size; - mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); + mbedtls_ssl_update_out_pointers( ssl, encrypt ? ssl->transform_out : NULL ); - for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) - if( ++ssl->cur_out_ctr[i - 1] != 0 ) - break; - - /* The loop goes to its end iff the counter is wrapping */ - if( i == mbedtls_ssl_ep_len( ssl ) ) + /* Do not increment the counter for CCS records. */ + if( encrypt ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) + if( ++ssl->cur_out_ctr[i - 1] != 0 ) + break; + + /* The loop goes to its end iff the counter is wrapping */ + if( i == mbedtls_ssl_ep_len( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); + return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + } } } @@ -4812,7 +4822,8 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, ssl->out_msg[0] = level; ssl->out_msg[1] = message; - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) + if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH, + SSL_ENCRYPT_RECORD ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); @@ -5602,7 +5613,8 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; memcpy( ssl->out_msg, buf, len ); - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) + if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH, + SSL_ENCRYPT_RECORD ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f508bcad36..c7a9a091a8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1341,7 +1341,7 @@ int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ) ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; /* Dispatch message */ - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 0 ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 0, 0 ) ); cleanup: From 05ebf3be74692b2c101a0ff34ed407c6ad36acc3 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 28 Jun 2022 11:55:35 +0200 Subject: [PATCH 4/8] Revert "Do not encrypt CCS records" This reverts commit 96ec83138540d7399d9e17a68f304425661ee9e5. Signed-off-by: Gabor Mezei --- library/ssl_misc.h | 3 +-- library/ssl_msg.c | 42 +++++++++++++------------------------ library/ssl_tls13_generic.c | 2 +- 3 files changed, 17 insertions(+), 30 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b9a191f33b..b1f0c90b5f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1271,8 +1271,7 @@ static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl, size_t buf_len, size_t msg_len ); -int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush, - int encrypt ); +int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ); int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c4756d929e..4c9a177968 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -151,9 +151,6 @@ exit: #define SSL_DONT_FORCE_FLUSH 0 #define SSL_FORCE_FLUSH 1 -#define SSL_DONT_ENCRYPT_RECORD 0 -#define SSL_ENCRYPT_RECORD 1 - #if defined(MBEDTLS_SSL_PROTO_DTLS) /* Forward declarations for functions related to message buffering. */ @@ -2327,8 +2324,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) } /* Actually send the message out */ - if( ( ret = mbedtls_ssl_write_record( ssl, force_flush, - SSL_ENCRYPT_RECORD ) ) != 0 ) + if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); @@ -2574,8 +2570,7 @@ int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl, else #endif { - if( ( ret = mbedtls_ssl_write_record( ssl, force_flush, - SSL_ENCRYPT_RECORD ) ) != 0 ) + if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret ); return( ret ); @@ -2615,8 +2610,7 @@ cleanup: * - ssl->out_msglen: length of the record content (excl headers) * - ssl->out_msg: record content */ -int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush, - int encrypt ) +int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ) { int ret, done = 0; size_t len = ssl->out_msglen; @@ -2648,7 +2642,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush, memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0); - if( ssl->transform_out != NULL && encrypt ) + if( ssl->transform_out != NULL ) { mbedtls_record rec; @@ -2720,21 +2714,17 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush, ssl->out_left += protected_record_size; ssl->out_hdr += protected_record_size; - mbedtls_ssl_update_out_pointers( ssl, encrypt ? ssl->transform_out : NULL ); + mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); - /* Do not increment the counter for CCS records. */ - if( encrypt ) + for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) + if( ++ssl->cur_out_ctr[i - 1] != 0 ) + break; + + /* The loop goes to its end iff the counter is wrapping */ + if( i == mbedtls_ssl_ep_len( ssl ) ) { - for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) - if( ++ssl->cur_out_ctr[i - 1] != 0 ) - break; - - /* The loop goes to its end iff the counter is wrapping */ - if( i == mbedtls_ssl_ep_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); - } + MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); + return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); } } @@ -4822,8 +4812,7 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, ssl->out_msg[0] = level; ssl->out_msg[1] = message; - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH, - SSL_ENCRYPT_RECORD ) ) != 0 ) + if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); @@ -5613,8 +5602,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; memcpy( ssl->out_msg, buf, len ); - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH, - SSL_ENCRYPT_RECORD ) ) != 0 ) + if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index c7a9a091a8..f508bcad36 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1341,7 +1341,7 @@ int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ) ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; /* Dispatch message */ - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 0, 0 ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 0 ) ); cleanup: From 54719122698ca2cc8d1753d422520161d1776521 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 28 Jun 2022 11:34:56 +0200 Subject: [PATCH 5/8] Move switching to handshake transform after sending CCS record Signed-off-by: Gabor Mezei --- library/ssl_tls13_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d50be5d532..29d4ffdf58 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1239,11 +1239,6 @@ static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl ) return( ret ); } - mbedtls_ssl_set_outbound_transform( ssl, - ssl->handshake->transform_handshake ); - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "switching to handshake transform for outbound data" ) ); - return( ret ); } @@ -1407,6 +1402,11 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl ) unsigned char *buf; size_t buf_len, msg_len; + mbedtls_ssl_set_outbound_transform( ssl, + ssl->handshake->transform_handshake ); + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "switching to handshake transform for outbound data" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) ); MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl, From 96ae92657236a7c3c753c5a8f741d014e19e4dbe Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 28 Jun 2022 11:45:18 +0200 Subject: [PATCH 6/8] Typo Signed-off-by: Gabor Mezei --- library/ssl_msg.c | 2 +- library/ssl_tls13_server.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 4c9a177968..d0b8a64db8 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2720,7 +2720,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ) if( ++ssl->cur_out_ctr[i - 1] != 0 ) break; - /* The loop goes to its end iff the counter is wrapping */ + /* The loop goes to its end if the counter is wrapping */ if( i == mbedtls_ssl_ep_len( ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 29d4ffdf58..a8aed63a26 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1273,8 +1273,8 @@ static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl ) * after its first handshake message. This may either be after * a ServerHello or a HelloRetryRequest. */ - mbedtls_ssl_handshake_set_state( ssl, - MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO ); + mbedtls_ssl_handshake_set_state( + ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO ); #else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ @@ -1348,8 +1348,8 @@ static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl ) * after its first handshake message. This may either be after * a ServerHello or a HelloRetryRequest. */ - mbedtls_ssl_handshake_set_state( ssl, - MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST ); + mbedtls_ssl_handshake_set_state( + ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST ); #else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ From f7044eaec8c2c68c83f9580e376f35eba49c0a90 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 28 Jun 2022 16:01:49 +0200 Subject: [PATCH 7/8] Fix name Signed-off-by: Gabor Mezei --- include/mbedtls/ssl.h | 2 +- library/ssl_tls13_server.c | 4 ++-- tests/ssl-opt.sh | 16 ++++++++-------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6e593ab0de..ad7b8f04d1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -648,7 +648,7 @@ typedef enum MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, - MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST, + MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST, } mbedtls_ssl_states; diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index a8aed63a26..7afaa8c230 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1349,7 +1349,7 @@ static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl ) * a ServerHello or a HelloRetryRequest. */ mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST ); + ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST ); #else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ @@ -1741,7 +1741,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) * Injection of dummy-CCS's for middlebox compatibility */ #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST: + case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST: ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl ); if( ret == 0 ) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6713d9cd2e..aabe7d2cda 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11647,7 +11647,7 @@ run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" -s "The SSL configuration is tls13 only." \ -c "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -11662,7 +11662,7 @@ run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ -s "The SSL configuration is tls13 only." \ -c "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 @@ -11757,7 +11757,7 @@ run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" "$O_NEXT_CLI -msg -debug -tls1_3 -groups P-256:P-384 -no_middlebox" \ 0 \ -s "The SSL configuration is tls13 only." \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -C "14 03 03 00 01" requires_openssl_tls1_3 @@ -11770,7 +11770,7 @@ run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" "$O_NEXT_CLI -msg -debug -tls1_3 -groups P-256:P-384 -no_middlebox" \ 0 \ -s "The SSL configuration is tls13 only." \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -11782,7 +11782,7 @@ run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ "$O_NEXT_CLI -msg -debug -tls1_3 -groups P-256:P-384" \ 0 \ -s "The SSL configuration is tls13 only." \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -c "14 03 03 00 01" requires_gnutls_tls1_3 @@ -11797,7 +11797,7 @@ run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "The SSL configuration is tls13 only." \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -C "SSL 3.3 ChangeCipherSpec packet received" requires_gnutls_tls1_3 @@ -11812,7 +11812,7 @@ run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "The SSL configuration is tls13 only." \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -c "SSL 3.3 ChangeCipherSpec packet received" \ -c "discarding change cipher spec in TLS1.3" @@ -11828,7 +11828,7 @@ run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ -s "The SSL configuration is tls13 only." \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REUEST" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -c "SSL 3.3 ChangeCipherSpec packet received" # Test heap memory usage after handshake From 9e4b7bd199d71d4c53e310a2ad9d3600e9d81103 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 28 Jun 2022 16:22:14 +0200 Subject: [PATCH 8/8] Do not force TLS 1.3 on client side for TLS 1.3 middlebox compatibility tests Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 112 +++++++++++++++++++++++------------------------ 1 file changed, 54 insertions(+), 58 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index aabe7d2cda..ba49177317 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11452,10 +11452,10 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \ "$P_SRV debug_level=4 force_version=tls13 tickets=0" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 0 \ - -s "The SSL configuration is tls13 only." \ - -c "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ + -c "Protocol is TLSv1.3" \ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" @@ -11466,10 +11466,10 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->m both with middlebox compat support" \ "$P_SRV debug_level=4 force_version=tls13 tickets=0" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 0 \ - -s "The SSL configuration is tls13 only." \ - -c "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ + -c "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" @@ -11480,9 +11480,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \ "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 0 \ - -c "The SSL configuration is tls13 only." \ + -c "Protocol is TLSv1.3" \ -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" @@ -11493,9 +11493,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->O server with middlebox compat support, not client" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 1 \ - -c "The SSL configuration is tls13 only." \ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" requires_openssl_tls1_3 @@ -11505,9 +11504,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->O both with middlebox compat support" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 0 \ - -c "The SSL configuration is tls13 only." \ + -c "Protocol is TLSv1.3" \ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_gnutls_tls1_3 @@ -11519,9 +11518,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 0 \ - -c "The SSL configuration is tls13 only." \ + -c "Protocol is TLSv1.3" \ -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" @@ -11533,9 +11532,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->G server with middlebox compat support, not client" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 1 \ - -c "The SSL configuration is tls13 only." \ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" requires_gnutls_tls1_3 @@ -11546,9 +11544,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->G both with middlebox compat support" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 0 \ - -c "The SSL configuration is tls13 only." \ + -c "Protocol is TLSv1.3" \ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 @@ -11558,9 +11556,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ - "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ + "$O_NEXT_CLI -msg -debug -no_middlebox" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ -C "14 03 03 00 01" @@ -11571,9 +11569,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ - "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ + "$O_NEXT_CLI -msg -debug -no_middlebox" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" requires_openssl_tls1_3 @@ -11583,9 +11581,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 O->m both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ - "$O_NEXT_CLI -msg -debug -tls1_3" \ + "$O_NEXT_CLI -msg -debug" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ -c "14 03 03 00 01" @@ -11598,9 +11596,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + "$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ -C "SSL 3.3 ChangeCipherSpec packet received" @@ -11613,9 +11611,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ -c "SSL 3.3 ChangeCipherSpec packet received" \ -c "discarding change cipher spec in TLS1.3" @@ -11629,9 +11627,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 G->m both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ -c "SSL 3.3 ChangeCipherSpec packet received" @@ -11642,9 +11640,9 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \ "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \ - "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ @@ -11657,9 +11655,9 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \ - "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ @@ -11672,9 +11670,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \ - "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ 0 \ - -c "The SSL configuration is tls13 only." \ + -c "Protocol is TLSv1.3" \ -c "received HelloRetryRequest message" \ -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" @@ -11686,9 +11684,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \ - "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ 1 \ - -c "The SSL configuration is tls13 only." \ -c "received HelloRetryRequest message" \ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" @@ -11699,9 +11696,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ 0 \ - -c "The SSL configuration is tls13 only." \ + -c "Protocol is TLSv1.3" \ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_gnutls_tls1_3 @@ -11713,9 +11710,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ - "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ 0 \ - -c "The SSL configuration is tls13 only." \ + -c "Protocol is TLSv1.3" \ -c "received HelloRetryRequest message" \ -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" @@ -11728,9 +11725,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ 1 \ - -c "The SSL configuration is tls13 only." \ -c "received HelloRetryRequest message" \ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" @@ -11742,9 +11738,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ 0 \ - -c "The SSL configuration is tls13 only." \ + -c "Protocol is TLSv1.3" \ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 @@ -11754,9 +11750,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ - "$O_NEXT_CLI -msg -debug -tls1_3 -groups P-256:P-384 -no_middlebox" \ + "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -C "14 03 03 00 01" @@ -11767,9 +11763,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ - "$O_NEXT_CLI -msg -debug -tls1_3 -groups P-256:P-384 -no_middlebox" \ + "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ requires_openssl_tls1_3 @@ -11779,9 +11775,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ - "$O_NEXT_CLI -msg -debug -tls1_3 -groups P-256:P-384" \ + "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -c "14 03 03 00 01" @@ -11794,9 +11790,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -C "SSL 3.3 ChangeCipherSpec packet received" @@ -11809,9 +11805,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -c "SSL 3.3 ChangeCipherSpec packet received" \ -c "discarding change cipher spec in TLS1.3" @@ -11825,9 +11821,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 0 \ - -s "The SSL configuration is tls13 only." \ + -s "Protocol is TLSv1.3" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -c "SSL 3.3 ChangeCipherSpec packet received"