Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext

TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2025-02-05 18:40:01 +00:00 · 2024-01-12 13:39:15 +00:00 · 2024-01-12 13:39:15 +00:00 · f1ba1933cf
commit f1ba1933cf
parent 3519cfb3d8 f0ccf46713
10 changed files with 294 additions and 49 deletions
--- a/ChangeLog.d/add-record-size-limit-extension-support.txt
+++ b/ChangeLog.d/add-record-size-limit-extension-support.txt
@ -0,0 +1,5 @@
 Features
   * Add support for record size limit extension as defined by RFC 8449
     and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT.
     Application data sent and received will be fragmented according to
     Record size limits negotiated during handshake.
--- a/include/mbedtls/config_adjust_ssl.h
+++ b/include/mbedtls/config_adjust_ssl.h
@ -65,6 +65,7 @@
 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
 #undef MBEDTLS_SSL_EARLY_DATA
 #undef MBEDTLS_SSL_RECORD_SIZE_LIMIT
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -2704,12 +2704,18 @@ int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
 #define MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH (2)
-#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN (64)
+#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN (64)      /* As defined in RFC 8449 */
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
                                                  const unsigned char *buf,
                                                  const unsigned char *end);
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl,
                                                  unsigned char *buf,
                                                  const unsigned char *end,
                                                  size_t *out_len);
 #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
 #if defined(MBEDTLS_SSL_ALPN)
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3521,15 +3521,15 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
    if (ssl->transform_out != NULL &&
        ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
-        /* RFC 8449, section 4:
+        /*
-         *
+         * In TLS 1.3 case, when records are protected, `max_len` as computed
-         * This value [record_size_limit] is the length of the plaintext
+         * above is the maximum length of the TLSInnerPlaintext structure that
-         * of a protected record.
+         * along the plaintext payload contains the inner content type (one byte)
-         * The value includes the content type and padding added in TLS 1.3
+         * and some zero padding. Given the algorithm used for padding
-         * (that is, the complete length of TLSInnerPlaintext).
+         * in mbedtls_ssl_encrypt_buf(), compute the maximum length for
-         *
+         * the plaintext payload. Round down to a multiple of
-         * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
+         * MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY and
-         * and subtract 1 (for the content type that will be added later)
+         * subtract 1.
         */
        max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) *
                   MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1;
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -1160,6 +1160,15 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
    }
    p += ext_len;
 #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
    ret = mbedtls_ssl_tls13_write_record_size_limit_ext(
        ssl, p, end, &ext_len);
    if (ret != 0) {
        return ret;
    }
    p += ext_len;
 #endif
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
    if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) {
        ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len);
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -1698,6 +1698,7 @@ int mbedtls_ssl_tls13_check_received_extension(
 }
 #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
 /* RFC 8449, section 4:
 *
 * The ExtensionData of the "record_size_limit" extension is
@ -1738,6 +1739,8 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
     * as a fatal error and generate an "illegal_parameter" alert.
     */
    if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) {
        MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes",
                                  record_size_limit));
        MBEDTLS_SSL_PEND_FATAL_ALERT(
            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
            MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
@ -1749,6 +1752,36 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
    return 0;
 }
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl,
                                                  unsigned char *buf,
                                                  const unsigned char *end,
                                                  size_t *out_len)
 {
    unsigned char *p = buf;
    *out_len = 0;
    MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_IN_CONTENT_LEN >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN,
                          "MBEDTLS_SSL_IN_CONTENT_LEN is less than the "
                          "minimum record size limit");
    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT, p, 0);
    MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH,
                          p, 2);
    MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_IN_CONTENT_LEN, p, 4);
    *out_len = 6;
    MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %d Bytes",
                              MBEDTLS_SSL_IN_CONTENT_LEN));
    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT);
    return 0;
 }
 #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
 #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -2540,6 +2540,17 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl,
    }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
    if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) {
        ret = mbedtls_ssl_tls13_write_record_size_limit_ext(
            ssl, p, end, &output_len);
        if (ret != 0) {
            return ret;
        }
        p += output_len;
    }
 #endif
    extensions_len = (p - p_extensions_len) - 2;
    MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0);
--- a/scripts/config.py
+++ b/scripts/config.py
@ -207,7 +207,6 @@ EXCLUDE_FROM_FULL = frozenset([
    'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT
    'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
    'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient
    'MBEDTLS_SSL_RECORD_SIZE_LIMIT', # in development, currently breaks other tests
    'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
    'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
    'MBEDTLS_X509_REMOVE_INFO', # removes a feature
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@ -5646,6 +5646,7 @@ support_build_armcc () {
 component_test_tls13_only () {
    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2"
    scripts/config.py set MBEDTLS_SSL_EARLY_DATA
    scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT
    make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
    msg "test: TLS 1.3 only, all key exchange modes enabled"
@ -5808,18 +5809,6 @@ component_test_tls13_no_compatibility_mode () {
    tests/ssl-opt.sh
 }
 component_test_tls13_only_record_size_limit () {
    msg "build: TLS 1.3 only from default, record size limit extension enabled"
    scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT
    make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
    msg "test_suite_ssl: TLS 1.3 only, record size limit extension enabled"
    cd tests; ./test_suite_ssl; cd ..
    msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension enabled)"
    tests/ssl-opt.sh
 }
 component_build_mingw () {
    msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
    make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -4836,8 +4836,9 @@ run_test    "Max fragment length: DTLS client, larger message" \
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \
            "$P_SRV debug_level=3 force_version=tls13" \
            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \
@ -4849,28 +4850,30 @@ run_test    "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
-requires_gnutls_next_disable_tls13_compat
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \
-            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert -d 4" \
            "$P_CLI debug_level=4 force_version=tls13" \
            0 \
-            -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'"
+            -c "Sent RecordSizeLimit: 16384 Bytes"                                      \
-# The P_CLI can not yet send the Record Size Limit extension. Thus, the G_NEXT_SRV does not send
+            -c "ClientHello: record_size_limit(28) extension exists."                   \
-# a response in its EncryptedExtensions record.
+            -c "EncryptedExtensions: record_size_limit(28) extension received."         \
-#            -c "RecordSizeLimit: 16385 Bytes"
+            -c "RecordSizeLimit: 16385 Bytes"                                           \
-# In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the
+# In the following tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the
-# maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size".
+# maximum record size using gnutls_record_set_max_size()
-# There is currently a lower limit of 512, caused by this function not respecting the
+# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size).
-# "%ALLOW_SMALL_RECORDS" priority string and not using the more recent function
+# There is currently a lower limit of 512, caused by gnutls_record_set_max_size()
-# https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size.
+# not respecting the "%ALLOW_SMALL_RECORDS" priority string and not using the
 # more recent function gnutls_record_set_max_recv_size()
 # (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size).
 # There is currently an upper limit of 4096, caused by the cli arg parser:
 # https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395.
-# Thus, these tests are currently limit to that value range.
+# Thus, these tests are currently limited to the value range 512-4096.
-# Moreover, the value sent in the extension is expected to be larger by one compared
+# Also, the value sent in the extension will be one larger than the value
-# to the value passed on the cli:
+# set at the command line:
 # https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142
 # Currently test certificates being used do not fit in 513 record size limit
@ -4886,10 +4889,13 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
            "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \
                    psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \
                    response_size=256" \
-                    "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \
+            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \
-                         --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
+                    --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
            0 \
            -s "RecordSizeLimit: 513 Bytes" \
            -s "ClientHello: record_size_limit(28) extension exists." \
            -s "Sent RecordSizeLimit: 16384 Bytes" \
            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
            -s "Maximum outgoing record payload length is 511" \
            -s "256 bytes written in 1 fragments"
@ -4906,6 +4912,9 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
                         --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
            0 \
            -s "RecordSizeLimit: 513 Bytes" \
            -s "ClientHello: record_size_limit(28) extension exists." \
            -s "Sent RecordSizeLimit: 16384 Bytes" \
            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
            -s "Maximum outgoing record payload length is 511" \
            -s "768 bytes written in 2 fragments"
@ -4922,6 +4931,9 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
                         --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
            0 \
            -s "RecordSizeLimit: 513 Bytes" \
            -s "ClientHello: record_size_limit(28) extension exists." \
            -s "Sent RecordSizeLimit: 16384 Bytes" \
            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
            -s "Maximum outgoing record payload length is 511" \
            -s "1280 bytes written in 3 fragments"
@ -4936,6 +4948,8 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
            0 \
            -s "RecordSizeLimit: 1024 Bytes" \
            -s "ClientHello: record_size_limit(28) extension exists." \
            -s "Sent RecordSizeLimit: 16384 Bytes" \
            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
            -s "Maximum outgoing record payload length is 1023" \
            -s "512 bytes written in 1 fragments"
@ -4950,6 +4964,8 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
            0 \
            -s "RecordSizeLimit: 1024 Bytes" \
            -s "ClientHello: record_size_limit(28) extension exists." \
            -s "Sent RecordSizeLimit: 16384 Bytes" \
            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
            -s "Maximum outgoing record payload length is 1023" \
            -s "1536 bytes written in 2 fragments"
@ -4964,6 +4980,8 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
            0 \
            -s "RecordSizeLimit: 1024 Bytes" \
            -s "ClientHello: record_size_limit(28) extension exists." \
            -s "Sent RecordSizeLimit: 16384 Bytes" \
            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
            -s "Maximum outgoing record payload length is 1023" \
            -s "2560 bytes written in 3 fragments"
@ -4978,6 +4996,8 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
            0 \
            -s "RecordSizeLimit: 4096 Bytes" \
            -s "ClientHello: record_size_limit(28) extension exists." \
            -s "Sent RecordSizeLimit: 16384 Bytes" \
            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
            -s "Maximum outgoing record payload length is 4095" \
            -s "2048 bytes written in 1 fragments"
@ -4992,6 +5012,8 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
            0 \
            -s "RecordSizeLimit: 4096 Bytes" \
            -s "ClientHello: record_size_limit(28) extension exists." \
            -s "Sent RecordSizeLimit: 16384 Bytes" \
            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
            -s "Maximum outgoing record payload length is 4095" \
            -s "6144 bytes written in 2 fragments"
@ -5006,11 +5028,181 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
            0 \
            -s "RecordSizeLimit: 4096 Bytes" \
            -s "ClientHello: record_size_limit(28) extension exists." \
            -s "Sent RecordSizeLimit: 16384 Bytes" \
            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
            -s "Maximum outgoing record payload length is 4095" \
            -s "10240 bytes written in 3 fragments"
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 1 fragment" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \
            "$P_CLI debug_level=4 force_version=tls13 request_size=256" \
            0 \
            -c "Sent RecordSizeLimit: 16384 Bytes" \
            -c "ClientHello: record_size_limit(28) extension exists." \
            -c "RecordSizeLimit: 513 Bytes" \
            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
            -c "Maximum outgoing record payload length is 511" \
            -c "256 bytes written in 1 fragments"
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 2 fragments" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \
            "$P_CLI debug_level=4 force_version=tls13 request_size=768" \
            0 \
            -c "Sent RecordSizeLimit: 16384 Bytes" \
            -c "ClientHello: record_size_limit(28) extension exists." \
            -c "RecordSizeLimit: 513 Bytes" \
            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
            -c "Maximum outgoing record payload length is 511" \
            -c "768 bytes written in 2 fragments"
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 3 fragments" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \
            "$P_CLI debug_level=4 force_version=tls13 request_size=1280" \
            0 \
            -c "Sent RecordSizeLimit: 16384 Bytes" \
            -c "ClientHello: record_size_limit(28) extension exists." \
            -c "RecordSizeLimit: 513 Bytes" \
            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
            -c "Maximum outgoing record payload length is 511" \
            -c "1280 bytes written in 3 fragments"
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 1 fragment" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \
            "$P_CLI debug_level=4 force_version=tls13 request_size=512" \
            0 \
            -c "Sent RecordSizeLimit: 16384 Bytes" \
            -c "ClientHello: record_size_limit(28) extension exists." \
            -c "RecordSizeLimit: 1024 Bytes" \
            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
            -c "Maximum outgoing record payload length is 1023" \
            -c "512 bytes written in 1 fragments"
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 2 fragments" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \
            "$P_CLI debug_level=4 force_version=tls13 request_size=1536" \
            0 \
            -c "Sent RecordSizeLimit: 16384 Bytes" \
            -c "ClientHello: record_size_limit(28) extension exists." \
            -c "RecordSizeLimit: 1024 Bytes" \
            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
            -c "Maximum outgoing record payload length is 1023" \
            -c "1536 bytes written in 2 fragments"
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 3 fragments" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \
            "$P_CLI debug_level=4 force_version=tls13 request_size=2560" \
            0 \
            -c "Sent RecordSizeLimit: 16384 Bytes" \
            -c "ClientHello: record_size_limit(28) extension exists." \
            -c "RecordSizeLimit: 1024 Bytes" \
            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
            -c "Maximum outgoing record payload length is 1023" \
            -c "2560 bytes written in 3 fragments"
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 1 fragment" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \
            "$P_CLI debug_level=4 force_version=tls13 request_size=2048" \
            0 \
            -c "Sent RecordSizeLimit: 16384 Bytes" \
            -c "ClientHello: record_size_limit(28) extension exists." \
            -c "RecordSizeLimit: 4096 Bytes" \
            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
            -c "Maximum outgoing record payload length is 4095" \
            -c "2048 bytes written in 1 fragments"
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 2 fragments" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \
            "$P_CLI debug_level=4 force_version=tls13 request_size=6144" \
            0 \
            -c "Sent RecordSizeLimit: 16384 Bytes" \
            -c "ClientHello: record_size_limit(28) extension exists." \
            -c "RecordSizeLimit: 4096 Bytes" \
            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
            -c "Maximum outgoing record payload length is 4095" \
            -c "6144 bytes written in 2 fragments"
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 3 fragments" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \
            "$P_CLI debug_level=4 force_version=tls13 request_size=10240" \
            0 \
            -c "Sent RecordSizeLimit: 16384 Bytes" \
            -c "ClientHello: record_size_limit(28) extension exists." \
            -c "RecordSizeLimit: 4096 Bytes" \
            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
            -c "Maximum outgoing record payload length is 4095" \
            -c "10240 bytes written in 3 fragments"
 # TODO: For time being, we send fixed value of RecordSizeLimit defined by
 # MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of
 # RecordSizeLimit, we need to modify value of RecordSizeLimit in below test.
 requires_config_value_equals "MBEDTLS_SSL_IN_CONTENT_LEN" 16384
 requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (default)" \
            "$P_SRV debug_level=4 force_version=tls13" \
            "$P_CLI debug_level=4" \
            0 \
            -c "Sent RecordSizeLimit: $MAX_IN_LEN Bytes"         \
            -c "RecordSizeLimit: $MAX_IN_LEN Bytes"              \
            -s "RecordSizeLimit: $MAX_IN_LEN Bytes"              \
            -s "Sent RecordSizeLimit: $MAX_IN_LEN Bytes"         \
            -s "Maximum outgoing record payload length is 16383" \
            -s "Maximum incoming record payload length is 16384"
 # End of Record size limit tests
 # Tests for renegotiation
 # G_NEXT_SRV is used in renegotiation tests becuase of the increased
 # extensions limit since we exceed the limit in G_SRV when we send
 # TLS 1.3 extensions in the initial handshake.
 # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION
 run_test    "Renegotiation: none, for reference" \
            "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
@ -5341,7 +5533,7 @@ requires_gnutls
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Renegotiation: gnutls server strict, client-initiated" \
-            "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
            "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
            0 \
            -c "client hello, adding renegotiation extension" \
@ -5355,7 +5547,7 @@ requires_gnutls
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Renegotiation: gnutls server unsafe, client-initiated default" \
-            "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
            "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
            1 \
            -c "client hello, adding renegotiation extension" \
@ -5369,7 +5561,7 @@ requires_gnutls
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
-            "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
            "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
             allow_legacy=0" \
            1 \
@ -5384,7 +5576,7 @@ requires_gnutls
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Renegotiation: gnutls server unsafe, client-inititated legacy" \
-            "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
            "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
             allow_legacy=1" \
            0 \
@ -5445,7 +5637,7 @@ requires_gnutls
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Renegotiation: DTLS, gnutls server, client-initiated" \
-            "$G_SRV -u --mtu 4096" \
+            "$G_NEXT_SRV -u --mtu 4096" \
            "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
            0 \
            -c "client hello, adding renegotiation extension" \
@ -5460,7 +5652,7 @@ run_test    "Renegotiation: DTLS, gnutls server, client-initiated" \
 requires_gnutls
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Renego ext: gnutls server strict, client default" \
-            "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
            "$P_CLI debug_level=3" \
            0 \
            -c "found renegotiation extension" \
@ -5470,7 +5662,7 @@ run_test    "Renego ext: gnutls server strict, client default" \
 requires_gnutls
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Renego ext: gnutls server unsafe, client default" \
-            "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
            "$P_CLI debug_level=3" \
            0 \
            -C "found renegotiation extension" \
@ -5480,7 +5672,7 @@ run_test    "Renego ext: gnutls server unsafe, client default" \
 requires_gnutls
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Renego ext: gnutls server unsafe, client break legacy" \
-            "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
            "$P_CLI debug_level=3 allow_legacy=-1" \
            1 \
            -C "found renegotiation extension" \