From d5d5b60c077fc0a2c14d9936d2cde564d930113a Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Mon, 23 May 2022 09:16:20 +0000 Subject: [PATCH 1/5] Add comprehensive test cases for TLS1.3 server side Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a Signed-off-by: XiaokangQian --- programs/ssl/ssl_server2.c | 20 ++ tests/scripts/generate_tls13_compat_tests.py | 302 +++++++++++++++++++ tests/ssl-opt.sh | 4 + 3 files changed, 326 insertions(+) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c144b0563..425181752 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2382,6 +2382,22 @@ int main( int argc, char *argv[] ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; } + else if( strcmp( q, "rsa_pss_rsae_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; + } + else if( strcmp( q, "rsa_pss_rsae_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; + } + else if( strcmp( q, "rsa_pss_rsae_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; + } + else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + } else { mbedtls_printf( "unknown signature algorithm %s\n", q ); @@ -2389,6 +2405,10 @@ int main( int argc, char *argv[] ) mbedtls_printf( "ecdsa_secp256r1_sha256 " ); mbedtls_printf( "ecdsa_secp384r1_sha384 " ); mbedtls_printf( "ecdsa_secp521r1_sha512 " ); + mbedtls_printf( "rsa_pss_rsae_sha256 " ); + mbedtls_printf( "rsa_pss_rsae_sha384 " ); + mbedtls_printf( "rsa_pss_rsae_sha512 " ); + mbedtls_printf( "rsa_pkcs1_sha256 " ); mbedtls_printf( "\n" ); goto exit; } diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index d67c222df..3b139b358 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -275,6 +275,232 @@ class GnuTLSServ(TLSProgram): return ret +class MbedTLSServ(TLSProgram): + """ + Generate test commands for mbedTLS server. + """ + + CIPHER_SUITE = { + 'TLS_AES_256_GCM_SHA384': 'TLS1-3-AES-256-GCM-SHA384', + 'TLS_AES_128_GCM_SHA256': 'TLS1-3-AES-128-GCM-SHA256', + 'TLS_CHACHA20_POLY1305_SHA256': 'TLS1-3-CHACHA20-POLY1305-SHA256', + 'TLS_AES_128_CCM_SHA256': 'TLS1-3-AES-128-CCM-SHA256', + 'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'} + + def cmd(self): + super().cmd() + ret = ['$P_SRV_NO_CERT'] + ret += ['server_addr=127.0.0.1', 'server_port=$SRV_PORT', + 'debug_level=4', 'force_version=tls13'] + for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): + ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)] + ret += ['ca_file={cafile}'.format( + cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] + + if self._ciphers: + ciphers = ','.join( + map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers)) + ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)] + + if self._sig_algs + self._cert_sig_algs: + ret += ['sig_algs={sig_algs}'.format( + sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))] + + if self._named_groups: + named_groups = ','.join(self._named_groups) + ret += ["curves={named_groups}".format(named_groups=named_groups)] + + ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0'] + ret = ' '.join(ret) + return ret + + def pre_checks(self): + ret = ['requires_config_enabled MBEDTLS_DEBUG_C', + 'requires_config_enabled MBEDTLS_SSL_CLI_C', + 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3'] + + if self._compat_mode: + ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE'] + + if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs: + ret.append( + 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') + return ret + + def post_checks(self): + check_strings = ["Protocol is TLSv1.3"] + if self._ciphers: + check_strings.append( + "server hello, chosen ciphersuite: {} ( id={:04d} )".format( + self.CIPHER_SUITE[self._ciphers[0]], + CIPHER_SUITE_IANA_VALUE[self._ciphers[0]])) + if self._sig_algs: + check_strings.append( + "received signature algorithm: 0x{:x}".format( + SIG_ALG_IANA_VALUE[self._sig_algs[0]])) + + for named_group in self._named_groups: + check_strings += ['got named group: {named_group}({iana_value:04x})'.format( + named_group=named_group, + iana_value=NAMED_GROUP_IANA_VALUE[named_group])] + + check_strings.append("Verifying peer X.509 certificate... ok") + return ['-s "{}"'.format(i) for i in check_strings] + + +class OpenSSLCli(TLSProgram): + """ + Generate test commands for OpenSSL client. + """ + + NAMED_GROUP = { + 'secp256r1': 'P-256', + 'secp384r1': 'P-384', + 'secp521r1': 'P-521', + 'x25519': 'X25519', + 'x448': 'X448', + } + + def cmd(self): + super().cmd() + ret = ['$O_NEXT_CLI_NO_CERT'] + for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): + ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)] + + ret += ['-CAfile {cafile}'.format( + cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] + + if self._ciphers: + ciphersuites = ':'.join(self._ciphers) + ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)] + + if self._sig_algs: + signature_algorithms = set(self._sig_algs + self._cert_sig_algs) + signature_algorithms = ':'.join(signature_algorithms) + ret += ["-sigalgs {signature_algorithms}".format( + signature_algorithms=signature_algorithms)] + + if self._named_groups: + named_groups = ':'.join( + map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups)) + ret += ["-groups {named_groups}".format(named_groups=named_groups)] + + ret += ['-msg -tls1_3'] + if not self._compat_mode: + ret += ['-no_middlebox'] + + return ' '.join(ret) + + def pre_checks(self): + return ["requires_openssl_tls1_3"] + + def post_checks(self): + return ['-s "HTTP/1.0 200 OK"'] + + +class GnuTLSCli(TLSProgram): + """ + Generate test commands for GnuTLS client. + """ + + CIPHER_SUITE = { + 'TLS_AES_256_GCM_SHA384': [ + 'AES-256-GCM', + 'SHA384', + 'AEAD'], + 'TLS_AES_128_GCM_SHA256': [ + 'AES-128-GCM', + 'SHA256', + 'AEAD'], + 'TLS_CHACHA20_POLY1305_SHA256': [ + 'CHACHA20-POLY1305', + 'SHA256', + 'AEAD'], + 'TLS_AES_128_CCM_SHA256': [ + 'AES-128-CCM', + 'SHA256', + 'AEAD'], + 'TLS_AES_128_CCM_8_SHA256': [ + 'AES-128-CCM-8', + 'SHA256', + 'AEAD']} + + SIGNATURE_ALGORITHM = { + 'ecdsa_secp256r1_sha256': ['SIGN-ECDSA-SECP256R1-SHA256'], + 'ecdsa_secp521r1_sha512': ['SIGN-ECDSA-SECP521R1-SHA512'], + 'ecdsa_secp384r1_sha384': ['SIGN-ECDSA-SECP384R1-SHA384'], + 'rsa_pss_rsae_sha256': ['SIGN-RSA-PSS-RSAE-SHA256']} + + NAMED_GROUP = { + 'secp256r1': ['GROUP-SECP256R1'], + 'secp384r1': ['GROUP-SECP384R1'], + 'secp521r1': ['GROUP-SECP521R1'], + 'x25519': ['GROUP-X25519'], + 'x448': ['GROUP-X448'], + } + + def pre_checks(self): + return ["requires_gnutls_tls1_3", + "requires_gnutls_next_no_ticket", + "requires_gnutls_next_disable_tls13_compat", ] + + def post_checks(self): + return ['-c "HTTP/1.0 200 OK"'] + + def cmd(self): + super().cmd() + ret = ['$G_NEXT_CLI_NO_CERT', '--debug=4'] + ret += ['localhost', '-p $SRV_PORT', '--single-key-share'] + ret += ['--x509cafile {cafile}'.format( + cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] + + for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): + ret += ['--x509certfile {cert} --x509keyfile {key}'.format( + cert=cert, key=key)] + + priority_string_list = [] + + def update_priority_string_list(items, map_table): + for item in items: + for i in map_table[item]: + if i not in priority_string_list: + yield i + + if self._ciphers: + priority_string_list.extend(update_priority_string_list( + self._ciphers, self.CIPHER_SUITE)) + else: + priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL']) + + if self._sig_algs: + signature_algorithms = set(self._sig_algs + self._cert_sig_algs) + priority_string_list.extend(update_priority_string_list( + signature_algorithms, self.SIGNATURE_ALGORITHM)) + else: + priority_string_list.append('SIGN-ALL') + + + if self._named_groups: + priority_string_list.extend(update_priority_string_list( + self._named_groups, self.NAMED_GROUP)) + else: + priority_string_list.append('GROUP-ALL') + + priority_string_list = ['NONE'] + \ + priority_string_list + ['VERS-TLS1.3'] + + priority_string = ':+'.join(priority_string_list) + priority_string += ':%NO_TICKETS' + + if not self._compat_mode: + priority_string += [':%DISABLE_TLS13_COMPAT_MODE'] + + ret += ['--priority={priority_string}'.format( + priority_string=priority_string)] + ret = ' '.join(ret) + return ret + + class MbedTLSCli(TLSProgram): """ Generate test commands for mbedTLS client. @@ -348,6 +574,8 @@ class MbedTLSCli(TLSProgram): SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ} CLIENT_CLASSES = {'mbedTLS': MbedTLSCli} +SERVER_SERVER_CLASSES = {'mbedTLS': MbedTLSServ} +SERVER_CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli} def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None): """ @@ -375,6 +603,33 @@ def generate_compat_test(client=None, server=None, cipher=None, named_group=None return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd]) +def generate_server_side_compat_test(client=None, server=None, cipher=None, + named_group=None, sig_alg=None): + """ + Generate server side test case with `ssl-opt.sh` format. + """ + name = 'TLS 1.3 server side {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format( + client=client, server=server, cipher=cipher[4:], sig_alg=sig_alg, named_group=named_group) + + server_object = SERVER_SERVER_CLASSES[server](ciphersuite=cipher, + named_group=named_group, + signature_algorithm=sig_alg, + cert_sig_alg=sig_alg) + client_object = SERVER_CLIENT_CLASSES[client](ciphersuite=cipher, + named_group=named_group, + signature_algorithm=sig_alg, + cert_sig_alg=sig_alg) + + cmd = ['run_test "{}"'.format(name), '"{}"'.format( + server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] + cmd += server_object.post_checks() + cmd += client_object.post_checks() + cmd += ['-C "received HelloRetryRequest message"'] + prefix = ' \\\n' + (' '*9) + cmd = prefix.join(cmd) + return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd]) + + def generate_hrr_compat_test(client=None, server=None, client_named_group=None, server_named_group=None, cert_sig_alg=None): @@ -404,6 +659,32 @@ def generate_hrr_compat_test(client=None, server=None, client_object.pre_checks() + [cmd]) +def generate_server_hrr_compat_test(client=None, server=None, + client_named_group=None, server_named_group=None, + cert_sig_alg=None): + """ + Generate server side Hello Retry Request test case with `ssl-opt.sh` format. + """ + name = 'TLS 1.3 {client[0]}->{server[0]}: Server HRR {c_named_group} -> {s_named_group}'.format( + client=client, server=server, c_named_group=client_named_group, + s_named_group=server_named_group) + server_object = SERVER_SERVER_CLASSES[server](named_group=server_named_group, + cert_sig_alg=cert_sig_alg) + + client_object = SERVER_CLIENT_CLASSES[client](named_group=client_named_group, + cert_sig_alg=cert_sig_alg) + client_object.add_named_groups(server_named_group) + + cmd = ['run_test "{}"'.format(name), '"{}"'.format( + server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] + cmd += server_object.post_checks() + cmd += client_object.post_checks() + cmd += ['-s "HRR selected_group: {:s}"'.format(server_named_group)] + prefix = ' \\\n' + (' '*9) + cmd = prefix.join(cmd) + return '\n'.join(server_object.pre_checks() + + client_object.pre_checks() + + [cmd]) SSL_OUTPUT_HEADER = '''#!/bin/sh @@ -491,6 +772,16 @@ def main(): cipher=cipher, named_group=named_group, sig_alg=sig_alg) + for client, server, cipher, named_group, sig_alg in \ + itertools.product(SERVER_CLIENT_CLASSES.keys(), + SERVER_SERVER_CLASSES.keys(), + CIPHER_SUITE_IANA_VALUE.keys(), + NAMED_GROUP_IANA_VALUE.keys(), + SIG_ALG_IANA_VALUE.keys()): + yield generate_server_side_compat_test(client=client, server=server, + cipher=cipher, named_group=named_group, + sig_alg=sig_alg) + # Generate Hello Retry Request compat test cases for client, server, client_named_group, server_named_group in \ itertools.product(CLIENT_CLASSES.keys(), @@ -503,6 +794,17 @@ def main(): server_named_group=server_named_group, cert_sig_alg="ecdsa_secp256r1_sha256") + for client, server, client_named_group, server_named_group in \ + itertools.product(SERVER_CLIENT_CLASSES.keys(), + SERVER_SERVER_CLASSES.keys(), + NAMED_GROUP_IANA_VALUE.keys(), + NAMED_GROUP_IANA_VALUE.keys()): + if client_named_group != server_named_group: + yield generate_server_hrr_compat_test(client=client, server=server, + client_named_group=client_named_group, + server_named_group=server_named_group, + cert_sig_alg="ecdsa_secp256r1_sha256") + if args.generate_all_tls13_compat_tests: if args.output: with open(args.output, 'w', encoding="utf-8") as f: diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6eaa53477..aafe0e00b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -82,6 +82,7 @@ if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile data_files/test-ca_cat12.crt" + O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" else O_NEXT_SRV=false O_NEXT_SRV_NO_CERT=false @@ -98,6 +99,7 @@ fi if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt" + G_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI" else G_NEXT_CLI=false fi @@ -1538,6 +1540,7 @@ SRV_DELAY_SECONDS=0 # Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many # machines that will resolve to ::1, and we don't want ipv6 here. P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" +P_SRV_NO_CERT="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT" @@ -1554,6 +1557,7 @@ if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" + O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT" fi if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then From b1847a234e78420485221723047eb8668dc6f2fe Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Wed, 8 Jun 2022 07:49:31 +0000 Subject: [PATCH 2/5] Re-structure to share more common code Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07 Signed-off-by: XiaokangQian --- tests/opt-testcases/tls13-compat.sh | 8105 +++++++++++++++++- tests/scripts/generate_tls13_compat_tests.py | 517 +- tests/ssl-opt.sh | 1 + 3 files changed, 8059 insertions(+), 564 deletions(-) diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index 2914e1e52..ae49312db 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -1,37 +1,3660 @@ -#!/bin/sh +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -C "received HelloRetryRequest message" -# tls13-compat.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Purpose -# -# List TLS1.3 compat test cases. They are generated by -# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`. -# -# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py` -# AND REGENERATE THIS FILE. -# requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -48,7 +3671,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -65,7 +3688,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -83,7 +3706,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -100,7 +3723,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -117,7 +3740,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -134,7 +3757,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -152,7 +3775,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -169,7 +3792,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -186,7 +3809,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -203,7 +3826,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -221,7 +3844,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -238,7 +3861,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -255,7 +3878,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -272,7 +3895,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -290,7 +3913,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -307,7 +3930,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -324,7 +3947,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -341,7 +3964,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -359,7 +3982,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -376,7 +3999,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -393,7 +4016,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -410,7 +4033,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -428,7 +4051,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -445,7 +4068,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -462,7 +4085,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -479,7 +4102,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -497,7 +4120,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -514,7 +4137,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -531,7 +4154,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -548,7 +4171,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -566,7 +4189,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -583,7 +4206,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -600,7 +4223,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -617,7 +4240,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -635,7 +4258,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -652,7 +4275,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -669,7 +4292,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -686,7 +4309,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -704,7 +4327,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -721,7 +4344,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -738,7 +4361,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -755,7 +4378,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -773,7 +4396,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -790,7 +4413,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -807,7 +4430,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -824,7 +4447,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -842,7 +4465,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -859,7 +4482,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -876,7 +4499,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -893,7 +4516,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -911,7 +4534,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -928,7 +4551,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -945,7 +4568,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -962,7 +4585,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -980,7 +4603,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -997,7 +4620,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1014,7 +4637,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1031,7 +4654,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1049,7 +4672,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1066,7 +4689,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1083,7 +4706,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1100,7 +4723,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1118,7 +4741,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1135,7 +4758,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1152,7 +4775,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1169,7 +4792,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1187,7 +4810,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1204,7 +4827,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1221,7 +4844,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1238,7 +4861,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1256,7 +4879,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1273,7 +4896,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1290,7 +4913,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1307,7 +4930,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1325,7 +4948,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1342,7 +4965,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1359,7 +4982,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1376,7 +4999,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1394,7 +5017,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1411,7 +5034,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1428,7 +5051,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1445,7 +5068,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1463,7 +5086,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1480,7 +5103,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1497,7 +5120,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1514,7 +5137,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1532,7 +5155,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1549,7 +5172,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1566,7 +5189,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1583,7 +5206,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1601,7 +5224,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1618,7 +5241,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1635,7 +5258,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1652,7 +5275,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1670,7 +5293,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1687,7 +5310,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1704,7 +5327,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1721,7 +5344,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1739,7 +5362,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1758,7 +5381,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1777,7 +5400,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1796,7 +5419,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1816,7 +5439,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1835,7 +5458,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1854,7 +5477,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1873,7 +5496,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1893,7 +5516,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1912,7 +5535,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1931,7 +5554,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1950,7 +5573,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1970,7 +5593,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1989,7 +5612,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2008,7 +5631,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2027,7 +5650,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2047,7 +5670,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2066,7 +5689,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2085,7 +5708,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2104,7 +5727,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2124,7 +5747,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2143,7 +5766,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2162,7 +5785,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2181,7 +5804,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2201,7 +5824,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2220,7 +5843,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2239,7 +5862,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2258,7 +5881,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2278,7 +5901,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2297,7 +5920,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2316,7 +5939,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2335,7 +5958,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2355,7 +5978,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2374,7 +5997,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2393,7 +6016,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2412,7 +6035,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2432,7 +6055,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2451,7 +6074,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2470,7 +6093,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2489,7 +6112,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2509,7 +6132,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2528,7 +6151,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2547,7 +6170,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2566,7 +6189,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2586,7 +6209,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2605,7 +6228,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2624,7 +6247,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2643,7 +6266,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2663,7 +6286,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2682,7 +6305,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2701,7 +6324,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2720,7 +6343,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2740,7 +6363,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2759,7 +6382,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2778,7 +6401,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2797,7 +6420,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2817,7 +6440,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2836,7 +6459,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2855,7 +6478,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2874,7 +6497,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2894,7 +6517,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2913,7 +6536,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2932,7 +6555,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2951,7 +6574,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2971,7 +6594,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2990,7 +6613,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3009,7 +6632,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3028,7 +6651,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3048,7 +6671,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3067,7 +6690,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3086,7 +6709,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3105,7 +6728,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3125,7 +6748,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3144,7 +6767,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3163,7 +6786,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3182,7 +6805,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3202,7 +6825,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3221,7 +6844,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3240,7 +6863,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3259,7 +6882,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3279,7 +6902,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3298,7 +6921,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3317,7 +6940,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3336,7 +6959,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3356,7 +6979,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3375,7 +6998,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3394,7 +7017,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3413,7 +7036,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3433,7 +7056,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3452,7 +7075,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3471,7 +7094,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3490,7 +7113,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3510,7 +7133,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3529,7 +7152,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3548,7 +7171,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3567,7 +7190,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3587,7 +7210,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3606,7 +7229,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3625,7 +7248,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3644,7 +7267,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3664,7 +7287,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3675,13 +7298,2463 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x403" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0403 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x503" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0503 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x603" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0603 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ + -s "received signature algorithm: 0x804" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -C "received HelloRetryRequest message" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3698,7 +9771,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3715,7 +9788,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3732,7 +9805,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3749,7 +9822,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3766,7 +9839,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3783,7 +9856,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3800,7 +9873,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3817,7 +9890,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3834,7 +9907,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3851,7 +9924,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3868,7 +9941,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3885,7 +9958,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3902,7 +9975,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3919,7 +9992,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3936,7 +10009,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> x448" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3953,7 +10026,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3970,7 +10043,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -3987,7 +10060,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -4004,7 +10077,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> x25519" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -4023,7 +10096,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4042,7 +10115,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4061,7 +10134,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4080,7 +10153,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4099,7 +10172,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4118,7 +10191,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4137,7 +10210,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4156,7 +10229,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4175,7 +10248,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4194,7 +10267,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4213,7 +10286,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4232,7 +10305,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4251,7 +10324,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4270,7 +10343,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4289,7 +10362,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4308,7 +10381,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> x448" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4327,7 +10400,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4346,7 +10419,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4365,7 +10438,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4384,7 +10457,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> x25519" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -4394,3 +10467,1503 @@ run_test "TLS 1.3 m->G: HRR x448 -> x25519" \ -c "Verifying peer X.509 certificate... ok" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 29 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR x25519 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: HRR x448 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp256r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp256r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp256r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp256r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp384r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp384r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp384r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp384r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp521r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp521r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp521r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR secp521r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR x25519 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR x25519 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR x25519 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR x25519 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR x448 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR x448 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR x448 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: Server HRR x448 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp256r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp256r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp256r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp256r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp384r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp384r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp384r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp384r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp521r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp521r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp521r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR secp521r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR x25519 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR x25519 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR x25519 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR x25519 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR x448 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR x448 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR x448 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: Server HRR x448 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp256r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp256r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp256r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp256r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp384r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp384r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp384r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp384r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp521r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp521r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp521r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR secp521r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR x25519 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR x25519 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR x25519 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR x25519 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR x448 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR x448 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR x448 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->m: Server HRR x448 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "Protocol is TLSv1.3" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x25519" diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index 3b139b358..808fbed3c 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -125,10 +125,13 @@ class TLSProgram(metaclass=abc.ABCMeta): def post_checks(self): return [] + def pre_cmd(self): + return [] -class OpenSSLServ(TLSProgram): + +class OpenSSLBase(TLSProgram): """ - Generate test commands for OpenSSL server. + Generate base test commands for OpenSSL. """ NAMED_GROUP = { @@ -141,234 +144,9 @@ class OpenSSLServ(TLSProgram): def cmd(self): super().cmd() - ret = ['$O_NEXT_SRV_NO_CERT'] + ret = [] for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)] - ret += ['-accept $SRV_PORT'] - - if self._ciphers: - ciphersuites = ':'.join(self._ciphers) - ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)] - - if self._sig_algs: - signature_algorithms = set(self._sig_algs + self._cert_sig_algs) - signature_algorithms = ':'.join(signature_algorithms) - ret += ["-sigalgs {signature_algorithms}".format( - signature_algorithms=signature_algorithms)] - - if self._named_groups: - named_groups = ':'.join( - map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups)) - ret += ["-groups {named_groups}".format(named_groups=named_groups)] - - ret += ['-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache'] - if not self._compat_mode: - ret += ['-no_middlebox'] - - return ' '.join(ret) - - def pre_checks(self): - return ["requires_openssl_tls1_3"] - - def post_checks(self): - return ['-c "HTTP/1.0 200 ok"'] - - -class GnuTLSServ(TLSProgram): - """ - Generate test commands for GnuTLS server. - """ - - CIPHER_SUITE = { - 'TLS_AES_256_GCM_SHA384': [ - 'AES-256-GCM', - 'SHA384', - 'AEAD'], - 'TLS_AES_128_GCM_SHA256': [ - 'AES-128-GCM', - 'SHA256', - 'AEAD'], - 'TLS_CHACHA20_POLY1305_SHA256': [ - 'CHACHA20-POLY1305', - 'SHA256', - 'AEAD'], - 'TLS_AES_128_CCM_SHA256': [ - 'AES-128-CCM', - 'SHA256', - 'AEAD'], - 'TLS_AES_128_CCM_8_SHA256': [ - 'AES-128-CCM-8', - 'SHA256', - 'AEAD']} - - SIGNATURE_ALGORITHM = { - 'ecdsa_secp256r1_sha256': ['SIGN-ECDSA-SECP256R1-SHA256'], - 'ecdsa_secp521r1_sha512': ['SIGN-ECDSA-SECP521R1-SHA512'], - 'ecdsa_secp384r1_sha384': ['SIGN-ECDSA-SECP384R1-SHA384'], - 'rsa_pss_rsae_sha256': ['SIGN-RSA-PSS-RSAE-SHA256']} - - NAMED_GROUP = { - 'secp256r1': ['GROUP-SECP256R1'], - 'secp384r1': ['GROUP-SECP384R1'], - 'secp521r1': ['GROUP-SECP521R1'], - 'x25519': ['GROUP-X25519'], - 'x448': ['GROUP-X448'], - } - - def pre_checks(self): - return ["requires_gnutls_tls1_3", - "requires_gnutls_next_no_ticket", - "requires_gnutls_next_disable_tls13_compat", ] - - def post_checks(self): - return ['-c "HTTP/1.0 200 OK"'] - - def cmd(self): - super().cmd() - ret = ['$G_NEXT_SRV_NO_CERT', '--http', - '--disable-client-cert', '--debug=4'] - - for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): - ret += ['--x509certfile {cert} --x509keyfile {key}'.format( - cert=cert, key=key)] - - priority_string_list = [] - - def update_priority_string_list(items, map_table): - for item in items: - for i in map_table[item]: - if i not in priority_string_list: - yield i - - if self._ciphers: - priority_string_list.extend(update_priority_string_list( - self._ciphers, self.CIPHER_SUITE)) - else: - priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL']) - - if self._sig_algs: - signature_algorithms = set(self._sig_algs + self._cert_sig_algs) - priority_string_list.extend(update_priority_string_list( - signature_algorithms, self.SIGNATURE_ALGORITHM)) - else: - priority_string_list.append('SIGN-ALL') - - - if self._named_groups: - priority_string_list.extend(update_priority_string_list( - self._named_groups, self.NAMED_GROUP)) - else: - priority_string_list.append('GROUP-ALL') - - priority_string_list = ['NONE'] + \ - sorted(priority_string_list) + ['VERS-TLS1.3'] - - priority_string = ':+'.join(priority_string_list) - priority_string += ':%NO_TICKETS' - - if not self._compat_mode: - priority_string += [':%DISABLE_TLS13_COMPAT_MODE'] - - ret += ['--priority={priority_string}'.format( - priority_string=priority_string)] - ret = ' '.join(ret) - return ret - - -class MbedTLSServ(TLSProgram): - """ - Generate test commands for mbedTLS server. - """ - - CIPHER_SUITE = { - 'TLS_AES_256_GCM_SHA384': 'TLS1-3-AES-256-GCM-SHA384', - 'TLS_AES_128_GCM_SHA256': 'TLS1-3-AES-128-GCM-SHA256', - 'TLS_CHACHA20_POLY1305_SHA256': 'TLS1-3-CHACHA20-POLY1305-SHA256', - 'TLS_AES_128_CCM_SHA256': 'TLS1-3-AES-128-CCM-SHA256', - 'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'} - - def cmd(self): - super().cmd() - ret = ['$P_SRV_NO_CERT'] - ret += ['server_addr=127.0.0.1', 'server_port=$SRV_PORT', - 'debug_level=4', 'force_version=tls13'] - for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): - ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)] - ret += ['ca_file={cafile}'.format( - cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] - - if self._ciphers: - ciphers = ','.join( - map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers)) - ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)] - - if self._sig_algs + self._cert_sig_algs: - ret += ['sig_algs={sig_algs}'.format( - sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))] - - if self._named_groups: - named_groups = ','.join(self._named_groups) - ret += ["curves={named_groups}".format(named_groups=named_groups)] - - ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0'] - ret = ' '.join(ret) - return ret - - def pre_checks(self): - ret = ['requires_config_enabled MBEDTLS_DEBUG_C', - 'requires_config_enabled MBEDTLS_SSL_CLI_C', - 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3'] - - if self._compat_mode: - ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE'] - - if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs: - ret.append( - 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') - return ret - - def post_checks(self): - check_strings = ["Protocol is TLSv1.3"] - if self._ciphers: - check_strings.append( - "server hello, chosen ciphersuite: {} ( id={:04d} )".format( - self.CIPHER_SUITE[self._ciphers[0]], - CIPHER_SUITE_IANA_VALUE[self._ciphers[0]])) - if self._sig_algs: - check_strings.append( - "received signature algorithm: 0x{:x}".format( - SIG_ALG_IANA_VALUE[self._sig_algs[0]])) - - for named_group in self._named_groups: - check_strings += ['got named group: {named_group}({iana_value:04x})'.format( - named_group=named_group, - iana_value=NAMED_GROUP_IANA_VALUE[named_group])] - - check_strings.append("Verifying peer X.509 certificate... ok") - return ['-s "{}"'.format(i) for i in check_strings] - - -class OpenSSLCli(TLSProgram): - """ - Generate test commands for OpenSSL client. - """ - - NAMED_GROUP = { - 'secp256r1': 'P-256', - 'secp384r1': 'P-384', - 'secp521r1': 'P-521', - 'x25519': 'X25519', - 'x448': 'X448', - } - - def cmd(self): - super().cmd() - ret = ['$O_NEXT_CLI_NO_CERT'] - for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): - ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)] - - ret += ['-CAfile {cafile}'.format( - cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] if self._ciphers: ciphersuites = ':'.join(self._ciphers) @@ -389,18 +167,42 @@ class OpenSSLCli(TLSProgram): if not self._compat_mode: ret += ['-no_middlebox'] +#return ' '.join(ret) + return ret + + def pre_checks(self): + return ["requires_openssl_tls1_3"] + + def post_checks(self): + return [] + + +class OpenSSLServ(OpenSSLBase): + """ + Generate test commands for OpenSSL server. + """ + + def cmd(self): + ret = super().cmd() + ret += ['-accept $SRV_PORT'] + + ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache'] + return ' '.join(ret) def pre_checks(self): return ["requires_openssl_tls1_3"] def post_checks(self): - return ['-s "HTTP/1.0 200 OK"'] + return ['-c "HTTP/1.0 200 ok"'] + + def pre_cmd(self): + return '$O_NEXT_SRV_NO_CERT' -class GnuTLSCli(TLSProgram): +class GnuTLSBase(TLSProgram): """ - Generate test commands for GnuTLS client. + Generate base test commands for GnuTLS. """ CIPHER_SUITE = { @@ -445,14 +247,11 @@ class GnuTLSCli(TLSProgram): "requires_gnutls_next_disable_tls13_compat", ] def post_checks(self): - return ['-c "HTTP/1.0 200 OK"'] + return [] def cmd(self): super().cmd() - ret = ['$G_NEXT_CLI_NO_CERT', '--debug=4'] - ret += ['localhost', '-p $SRV_PORT', '--single-key-share'] - ret += ['--x509cafile {cafile}'.format( - cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] + ret = [] for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): ret += ['--x509certfile {cert} --x509keyfile {key}'.format( @@ -497,13 +296,37 @@ class GnuTLSCli(TLSProgram): ret += ['--priority={priority_string}'.format( priority_string=priority_string)] +#ret = ' '.join(ret) + return ret + +class GnuTLSServ(GnuTLSBase): + """ + Generate test commands for GnuTLS server. + """ + + def pre_checks(self): + return ["requires_gnutls_tls1_3", + "requires_gnutls_next_no_ticket", + "requires_gnutls_next_disable_tls13_compat", ] + + def post_checks(self): + return ['-c "HTTP/1.0 200 OK"'] + + def cmd(self): + ret = super().cmd() + ret += ['--http', + '--disable-client-cert', '--debug=4'] + ret = ' '.join(ret) return ret + def pre_cmd(self): + return '$G_NEXT_SRV_NO_CERT' -class MbedTLSCli(TLSProgram): + +class MbedTLSBase(TLSProgram): """ - Generate test commands for mbedTLS client. + Generate base test commands for mbedTLS. """ CIPHER_SUITE = { @@ -515,8 +338,7 @@ class MbedTLSCli(TLSProgram): def cmd(self): super().cmd() - ret = ['$P_CLI'] - ret += ['server_addr=127.0.0.1', 'server_port=$SRV_PORT', + ret = ['server_addr=127.0.0.1', 'server_port=$SRV_PORT', 'debug_level=4'] ret += ['ca_file={cafile}'.format( cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] @@ -534,6 +356,38 @@ class MbedTLSCli(TLSProgram): named_groups = ','.join(self._named_groups) ret += ["curves={named_groups}".format(named_groups=named_groups)] +#ret = ' '.join(ret) + return ret + + def pre_checks(self): + ret = ['requires_config_enabled MBEDTLS_DEBUG_C', + 'requires_config_enabled MBEDTLS_SSL_CLI_C', + 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3'] + + if self._compat_mode: + ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE'] + + if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs: + ret.append( + 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') + return ret + + def post_checks(self): + return [] + + +class MbedTLSServ(MbedTLSBase): + """ + Generate test commands for mbedTLS server. + """ + + def cmd(self): + ret = super().cmd() + ret += ['force_version=tls13'] + for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): + ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)] + + ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0'] ret = ' '.join(ret) return ret @@ -550,6 +404,107 @@ class MbedTLSCli(TLSProgram): 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') return ret + def post_checks(self): + check_strings = ["Protocol is TLSv1.3"] + if self._ciphers: + check_strings.append( + "server hello, chosen ciphersuite: {} ( id={:04d} )".format( + self.CIPHER_SUITE[self._ciphers[0]], + CIPHER_SUITE_IANA_VALUE[self._ciphers[0]])) + if self._sig_algs: + check_strings.append( + "received signature algorithm: 0x{:x}".format( + SIG_ALG_IANA_VALUE[self._sig_algs[0]])) + + for named_group in self._named_groups: + check_strings += ['got named group: {named_group}({iana_value:04x})'.format( + named_group=named_group, + iana_value=NAMED_GROUP_IANA_VALUE[named_group])] + + check_strings.append("Verifying peer X.509 certificate... ok") + return ['-s "{}"'.format(i) for i in check_strings] + + def pre_cmd(self): + return '$P_SRV_NO_CERT' + + +class OpenSSLCli(OpenSSLBase): + """ + Generate test commands for OpenSSL client. + """ + + def cmd(self): + ret = super().cmd() + + ret += ['-CAfile {cafile}'.format( + cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] + + return ' '.join(ret) + + def pre_checks(self): + return ["requires_openssl_tls1_3"] + + def post_checks(self): + return ['-s "HTTP/1.0 200 OK"'] + + def pre_cmd(self): + return '$O_NEXT_CLI_NO_CERT' + + +class GnuTLSCli(GnuTLSBase): + """ + Generate test commands for GnuTLS client. + """ + + def pre_checks(self): + return ["requires_gnutls_tls1_3", + "requires_gnutls_next_no_ticket", + "requires_gnutls_next_disable_tls13_compat", ] + + def post_checks(self): + return ['-c "HTTP/1.0 200 OK"'] + + def cmd(self): + ret = super().cmd() + ret += ['--debug=4'] + ret += ['localhost', '-p $SRV_PORT', '--single-key-share'] + ret += ['--x509cafile {cafile}'.format( + cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] + + ret = ' '.join(ret) + return ret + + def pre_cmd(self): + return '$G_NEXT_CLI_NO_CERT' + + +class MbedTLSCli(MbedTLSBase): + """ + Generate test commands for mbedTLS client. + """ + + def cmd(self): + ret = super().cmd() + + ret = ' '.join(ret) + return ret + + def pre_cmd(self): + return '$P_CLI' + + def pre_checks(self): + ret = ['requires_config_enabled MBEDTLS_DEBUG_C', + 'requires_config_enabled MBEDTLS_SSL_CLI_C', + 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3'] + + if self._compat_mode: + ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE'] + + if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs: + ret.append( + 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') + return ret + def post_checks(self): check_strings = ["Protocol is TLSv1.3"] if self._ciphers: @@ -571,11 +526,9 @@ class MbedTLSCli(TLSProgram): return ['-c "{}"'.format(i) for i in check_strings] -SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ} -CLIENT_CLASSES = {'mbedTLS': MbedTLSCli} +SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ, 'mbedTLS': MbedTLSServ} +CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli} -SERVER_SERVER_CLASSES = {'mbedTLS': MbedTLSServ} -SERVER_CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli} def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None): """ @@ -593,35 +546,8 @@ def generate_compat_test(client=None, server=None, cipher=None, named_group=None signature_algorithm=sig_alg, cert_sig_alg=sig_alg) - cmd = ['run_test "{}"'.format(name), '"{}"'.format( - server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] - cmd += server_object.post_checks() - cmd += client_object.post_checks() - cmd += ['-C "received HelloRetryRequest message"'] - prefix = ' \\\n' + (' '*9) - cmd = prefix.join(cmd) - return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd]) - - -def generate_server_side_compat_test(client=None, server=None, cipher=None, - named_group=None, sig_alg=None): - """ - Generate server side test case with `ssl-opt.sh` format. - """ - name = 'TLS 1.3 server side {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format( - client=client, server=server, cipher=cipher[4:], sig_alg=sig_alg, named_group=named_group) - - server_object = SERVER_SERVER_CLASSES[server](ciphersuite=cipher, - named_group=named_group, - signature_algorithm=sig_alg, - cert_sig_alg=sig_alg) - client_object = SERVER_CLIENT_CLASSES[client](ciphersuite=cipher, - named_group=named_group, - signature_algorithm=sig_alg, - cert_sig_alg=sig_alg) - - cmd = ['run_test "{}"'.format(name), '"{}"'.format( - server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] + cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(), + server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0'] cmd += server_object.post_checks() cmd += client_object.post_checks() cmd += ['-C "received HelloRetryRequest message"'] @@ -646,8 +572,8 @@ def generate_hrr_compat_test(client=None, server=None, cert_sig_alg=cert_sig_alg) client_object.add_named_groups(server_named_group) - cmd = ['run_test "{}"'.format(name), '"{}"'.format( - server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] + cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(), + server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0'] cmd += server_object.post_checks() cmd += client_object.post_checks() cmd += ['-c "received HelloRetryRequest message"'] @@ -668,15 +594,15 @@ def generate_server_hrr_compat_test(client=None, server=None, name = 'TLS 1.3 {client[0]}->{server[0]}: Server HRR {c_named_group} -> {s_named_group}'.format( client=client, server=server, c_named_group=client_named_group, s_named_group=server_named_group) - server_object = SERVER_SERVER_CLASSES[server](named_group=server_named_group, + server_object = SERVER_CLASSES[server](named_group=server_named_group, cert_sig_alg=cert_sig_alg) - client_object = SERVER_CLIENT_CLASSES[client](named_group=client_named_group, + client_object = CLIENT_CLASSES[client](named_group=client_named_group, cert_sig_alg=cert_sig_alg) client_object.add_named_groups(server_named_group) - cmd = ['run_test "{}"'.format(name), '"{}"'.format( - server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] + cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(), + server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0'] cmd += server_object.post_checks() cmd += client_object.post_checks() cmd += ['-s "HRR selected_group: {:s}"'.format(server_named_group)] @@ -768,19 +694,11 @@ def main(): CIPHER_SUITE_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys(), SIG_ALG_IANA_VALUE.keys()): - yield generate_compat_test(client=client, server=server, + if(server == 'mbedTLS' or client == 'mbedTLS'): + yield generate_compat_test(client=client, server=server, cipher=cipher, named_group=named_group, sig_alg=sig_alg) - for client, server, cipher, named_group, sig_alg in \ - itertools.product(SERVER_CLIENT_CLASSES.keys(), - SERVER_SERVER_CLASSES.keys(), - CIPHER_SUITE_IANA_VALUE.keys(), - NAMED_GROUP_IANA_VALUE.keys(), - SIG_ALG_IANA_VALUE.keys()): - yield generate_server_side_compat_test(client=client, server=server, - cipher=cipher, named_group=named_group, - sig_alg=sig_alg) # Generate Hello Retry Request compat test cases for client, server, client_named_group, server_named_group in \ @@ -788,22 +706,25 @@ def main(): SERVER_CLASSES.keys(), NAMED_GROUP_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys()): - if client_named_group != server_named_group: - yield generate_hrr_compat_test(client=client, server=server, + if(client == 'mbedTLS'): + if client_named_group != server_named_group: + yield generate_hrr_compat_test(client=client, server=server, client_named_group=client_named_group, server_named_group=server_named_group, cert_sig_alg="ecdsa_secp256r1_sha256") for client, server, client_named_group, server_named_group in \ - itertools.product(SERVER_CLIENT_CLASSES.keys(), - SERVER_SERVER_CLASSES.keys(), + itertools.product(CLIENT_CLASSES.keys(), + SERVER_CLASSES.keys(), NAMED_GROUP_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys()): - if client_named_group != server_named_group: - yield generate_server_hrr_compat_test(client=client, server=server, - client_named_group=client_named_group, - server_named_group=server_named_group, - cert_sig_alg="ecdsa_secp256r1_sha256") + if(server == 'mbedTLS'): + if client_named_group != server_named_group: + yield generate_server_hrr_compat_test(client=client, server=server, + client_named_group=client_named_group, + server_named_group=server_named_group, + cert_sig_alg="ecdsa_secp256r1_sha256") + if args.generate_all_tls13_compat_tests: if args.output: diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index aafe0e00b..c7d5aa46c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -86,6 +86,7 @@ if [ -n "${OPENSSL_NEXT:-}" ]; then else O_NEXT_SRV=false O_NEXT_SRV_NO_CERT=false + O_NEXT_CLI_NO_CERT=false O_NEXT_CLI=false fi From fb1a3fe7f38303c774ec397fda86dfa42237e73a Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Thu, 9 Jun 2022 06:37:33 +0000 Subject: [PATCH 3/5] Address comments about python syntax CustomizedGitHooks: yes Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b Signed-off-by: XiaokangQian --- tests/opt-testcases/tls13-compat.sh | 1267 +++++++++--------- tests/scripts/generate_tls13_compat_tests.py | 76 +- tests/ssl-opt.sh | 2 + 3 files changed, 683 insertions(+), 662 deletions(-) diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index ae49312db..05d09f2f8 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -1,5 +1,32 @@ +#!/bin/sh + +# tls13-compat.sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Purpose +# +# List TLS1.3 compat test cases. They are generated by +# `./tests/scripts/generate_tls13_compat_tests.py -a -o tests/opt-testcases/tls13-compat.sh`. +# +# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py` +# AND REGENERATE THIS FILE. +# requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -16,7 +43,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -33,7 +60,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -50,7 +77,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -68,7 +95,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -85,7 +112,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -102,7 +129,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -119,7 +146,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -137,7 +164,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -154,7 +181,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -171,7 +198,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -188,7 +215,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -206,7 +233,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -223,7 +250,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -240,7 +267,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -257,7 +284,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -275,7 +302,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -292,7 +319,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -309,7 +336,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -326,7 +353,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -344,7 +371,7 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -361,7 +388,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -378,7 +405,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -395,7 +422,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -413,7 +440,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -430,7 +457,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -447,7 +474,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -464,7 +491,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -482,7 +509,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -499,7 +526,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -516,7 +543,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -533,7 +560,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -551,7 +578,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -568,7 +595,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -585,7 +612,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -602,7 +629,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -620,7 +647,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -637,7 +664,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -654,7 +681,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -671,7 +698,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -689,7 +716,7 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -706,7 +733,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -723,7 +750,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -740,7 +767,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -758,7 +785,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -775,7 +802,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -792,7 +819,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -809,7 +836,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -827,7 +854,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -844,7 +871,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -861,7 +888,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -878,7 +905,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -896,7 +923,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -913,7 +940,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -930,7 +957,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -947,7 +974,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -965,7 +992,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -982,7 +1009,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -999,7 +1026,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1016,7 +1043,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1034,7 +1061,7 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1051,7 +1078,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1068,7 +1095,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1085,7 +1112,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1103,7 +1130,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1120,7 +1147,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1137,7 +1164,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1154,7 +1181,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1172,7 +1199,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1189,7 +1216,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1206,7 +1233,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1223,7 +1250,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1241,7 +1268,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1258,7 +1285,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1275,7 +1302,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1292,7 +1319,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1310,7 +1337,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1327,7 +1354,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1344,7 +1371,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1361,7 +1388,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1379,7 +1406,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1396,7 +1423,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1413,7 +1440,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1430,7 +1457,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1448,7 +1475,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1465,7 +1492,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1482,7 +1509,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1499,7 +1526,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1517,7 +1544,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1534,7 +1561,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1551,7 +1578,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1568,7 +1595,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1586,7 +1613,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1603,7 +1630,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1620,7 +1647,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1637,7 +1664,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1655,7 +1682,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1672,7 +1699,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1689,7 +1716,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1706,7 +1733,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1724,7 +1751,7 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1732,7 +1759,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1743,7 +1770,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1751,7 +1778,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1762,7 +1789,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1770,7 +1797,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1781,7 +1808,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1790,7 +1817,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1801,7 +1828,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1809,7 +1836,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1820,7 +1847,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1828,7 +1855,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1839,7 +1866,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1847,7 +1874,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1858,7 +1885,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1867,7 +1894,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1878,7 +1905,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1886,7 +1913,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1897,7 +1924,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1905,7 +1932,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1916,7 +1943,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1924,7 +1951,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1935,7 +1962,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1944,7 +1971,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1955,7 +1982,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1963,7 +1990,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1974,7 +2001,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1982,7 +2009,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -1993,7 +2020,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2001,7 +2028,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -2012,7 +2039,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2021,7 +2048,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -2032,7 +2059,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2040,7 +2067,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -2051,7 +2078,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2059,7 +2086,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -2070,7 +2097,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2078,7 +2105,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -2089,7 +2116,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2098,7 +2125,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -2109,7 +2136,7 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2117,7 +2144,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2128,7 +2155,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2136,7 +2163,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2147,7 +2174,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2155,7 +2182,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2166,7 +2193,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2175,7 +2202,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2186,7 +2213,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2194,7 +2221,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2205,7 +2232,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2213,7 +2240,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2224,7 +2251,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2232,7 +2259,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2243,7 +2270,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2252,7 +2279,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2263,7 +2290,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2271,7 +2298,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2282,7 +2309,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2290,7 +2317,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2301,7 +2328,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2309,7 +2336,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2320,7 +2347,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2329,7 +2356,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2340,7 +2367,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2348,7 +2375,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2359,7 +2386,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2367,7 +2394,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2378,7 +2405,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2386,7 +2413,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2397,7 +2424,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2406,7 +2433,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2417,7 +2444,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2425,7 +2452,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2436,7 +2463,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2444,7 +2471,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2455,7 +2482,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2463,7 +2490,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2474,7 +2501,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2483,7 +2510,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -2494,7 +2521,7 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2502,7 +2529,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2513,7 +2540,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2521,7 +2548,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2532,7 +2559,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2540,7 +2567,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2551,7 +2578,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2560,7 +2587,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2571,7 +2598,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2579,7 +2606,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2590,7 +2617,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2598,7 +2625,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2609,7 +2636,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2617,7 +2644,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2628,7 +2655,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2637,7 +2664,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2648,7 +2675,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2656,7 +2683,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2667,7 +2694,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2675,7 +2702,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2686,7 +2713,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2694,7 +2721,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2705,7 +2732,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2714,7 +2741,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2725,7 +2752,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2733,7 +2760,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2744,7 +2771,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2752,7 +2779,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2763,7 +2790,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2771,7 +2798,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2782,7 +2809,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2791,7 +2818,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2802,7 +2829,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2810,7 +2837,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2821,7 +2848,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2829,7 +2856,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2840,7 +2867,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2848,7 +2875,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2859,7 +2886,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2868,7 +2895,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -2879,7 +2906,7 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2887,7 +2914,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -2898,7 +2925,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2906,7 +2933,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -2917,7 +2944,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2925,7 +2952,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -2936,7 +2963,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2945,7 +2972,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -2956,7 +2983,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2964,7 +2991,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -2975,7 +3002,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2983,7 +3010,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -2994,7 +3021,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3002,7 +3029,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3013,7 +3040,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3022,7 +3049,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3033,7 +3060,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3041,7 +3068,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3052,7 +3079,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3060,7 +3087,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3071,7 +3098,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3079,7 +3106,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3090,7 +3117,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3099,7 +3126,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3110,7 +3137,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3118,7 +3145,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3129,7 +3156,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3137,7 +3164,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3148,7 +3175,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3156,7 +3183,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3167,7 +3194,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3176,7 +3203,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3187,7 +3214,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3195,7 +3222,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3206,7 +3233,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3214,7 +3241,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3225,7 +3252,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3233,7 +3260,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3244,7 +3271,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3253,7 +3280,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -3264,7 +3291,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3272,7 +3299,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3283,7 +3310,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3291,7 +3318,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3302,7 +3329,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3310,7 +3337,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3321,7 +3348,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3330,7 +3357,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3341,7 +3368,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3349,7 +3376,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3360,7 +3387,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3368,7 +3395,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3379,7 +3406,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3387,7 +3414,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3398,7 +3425,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3407,7 +3434,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3418,7 +3445,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3426,7 +3453,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3437,7 +3464,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3445,7 +3472,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3456,7 +3483,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3464,7 +3491,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3475,7 +3502,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3484,7 +3511,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3495,7 +3522,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3503,7 +3530,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3514,7 +3541,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3522,7 +3549,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3533,7 +3560,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3541,7 +3568,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3552,7 +3579,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3561,7 +3588,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3572,7 +3599,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3580,7 +3607,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3591,7 +3618,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3599,7 +3626,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3610,7 +3637,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3618,7 +3645,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -3629,7 +3656,7 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3638,7 +3665,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca_cat12.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -5381,7 +5408,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5400,7 +5427,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5419,7 +5446,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5439,7 +5466,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5458,7 +5485,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5477,7 +5504,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5496,7 +5523,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5516,7 +5543,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5535,7 +5562,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5554,7 +5581,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5573,7 +5600,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5593,7 +5620,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5612,7 +5639,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5631,7 +5658,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5650,7 +5677,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5670,7 +5697,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5689,7 +5716,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5708,7 +5735,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5727,7 +5754,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5747,7 +5774,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5766,7 +5793,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5785,7 +5812,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5804,7 +5831,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5824,7 +5851,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5843,7 +5870,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5862,7 +5889,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5881,7 +5908,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5901,7 +5928,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5920,7 +5947,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5939,7 +5966,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5958,7 +5985,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5978,7 +6005,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -5997,7 +6024,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6016,7 +6043,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6035,7 +6062,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6055,7 +6082,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6074,7 +6101,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6093,7 +6120,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6112,7 +6139,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6132,7 +6159,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6151,7 +6178,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6170,7 +6197,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6189,7 +6216,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6209,7 +6236,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6228,7 +6255,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6247,7 +6274,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6266,7 +6293,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6286,7 +6313,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6305,7 +6332,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6324,7 +6351,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6343,7 +6370,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6363,7 +6390,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6382,7 +6409,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6401,7 +6428,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6420,7 +6447,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6440,7 +6467,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6459,7 +6486,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6478,7 +6505,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6497,7 +6524,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6517,7 +6544,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6536,7 +6563,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6555,7 +6582,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6574,7 +6601,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6594,7 +6621,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6613,7 +6640,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6632,7 +6659,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6651,7 +6678,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6671,7 +6698,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6690,7 +6717,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6709,7 +6736,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6728,7 +6755,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6748,7 +6775,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6767,7 +6794,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6786,7 +6813,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6805,7 +6832,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6825,7 +6852,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6844,7 +6871,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6863,7 +6890,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6882,7 +6909,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6902,7 +6929,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6921,7 +6948,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6940,7 +6967,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6959,7 +6986,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6979,7 +7006,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -6998,7 +7025,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7017,7 +7044,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7036,7 +7063,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7056,7 +7083,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7075,7 +7102,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7094,7 +7121,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7113,7 +7140,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7133,7 +7160,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7152,7 +7179,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7171,7 +7198,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7190,7 +7217,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7210,7 +7237,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7229,7 +7256,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7248,7 +7275,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7267,7 +7294,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7287,7 +7314,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -7299,7 +7326,7 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7323,7 +7350,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7347,7 +7374,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7371,7 +7398,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7397,7 +7424,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7421,7 +7448,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7445,7 +7472,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7469,7 +7496,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7495,7 +7522,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7519,7 +7546,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7543,7 +7570,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7567,7 +7594,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7593,7 +7620,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7617,7 +7644,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7641,7 +7668,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7665,7 +7692,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7691,7 +7718,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7715,7 +7742,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7739,7 +7766,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7763,7 +7790,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7789,7 +7816,7 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7813,7 +7840,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7837,7 +7864,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7861,7 +7888,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7887,7 +7914,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7911,7 +7938,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7935,7 +7962,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -7959,7 +7986,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7985,7 +8012,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8009,7 +8036,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8033,7 +8060,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8057,7 +8084,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8083,7 +8110,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8107,7 +8134,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8131,7 +8158,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8155,7 +8182,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8181,7 +8208,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8205,7 +8232,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8229,7 +8256,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8253,7 +8280,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8279,7 +8306,7 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8303,7 +8330,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8327,7 +8354,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8351,7 +8378,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8377,7 +8404,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8401,7 +8428,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8425,7 +8452,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8449,7 +8476,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8475,7 +8502,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8499,7 +8526,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8523,7 +8550,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8547,7 +8574,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8573,7 +8600,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8597,7 +8624,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8621,7 +8648,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8645,7 +8672,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8671,7 +8698,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8695,7 +8722,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8719,7 +8746,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8743,7 +8770,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8769,7 +8796,7 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8793,7 +8820,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8817,7 +8844,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8841,7 +8868,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8867,7 +8894,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8891,7 +8918,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8915,7 +8942,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8939,7 +8966,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8965,7 +8992,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -8989,7 +9016,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9013,7 +9040,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9037,7 +9064,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9063,7 +9090,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9087,7 +9114,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9111,7 +9138,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9135,7 +9162,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9161,7 +9188,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9185,7 +9212,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9209,7 +9236,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9233,7 +9260,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9259,7 +9286,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9283,7 +9310,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9307,7 +9334,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9331,7 +9358,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9357,7 +9384,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9381,7 +9408,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9405,7 +9432,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9429,7 +9456,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9455,7 +9482,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9479,7 +9506,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9503,7 +9530,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9527,7 +9554,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9553,7 +9580,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9577,7 +9604,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9601,7 +9628,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9625,7 +9652,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9651,7 +9678,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9675,7 +9702,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9699,7 +9726,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -9723,7 +9750,7 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -10096,7 +10123,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10115,7 +10142,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10134,7 +10161,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10153,7 +10180,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10172,7 +10199,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10191,7 +10218,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10210,7 +10237,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10229,7 +10256,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10248,7 +10275,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10267,7 +10294,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10286,7 +10313,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10305,7 +10332,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10324,7 +10351,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10343,7 +10370,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10362,7 +10389,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10381,7 +10408,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> x448" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10400,7 +10427,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10419,7 +10446,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10438,7 +10465,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10457,7 +10484,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> x25519" \ - "$G_NEXT_SRV_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --http --disable-client-cert --debug=4" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -10469,7 +10496,7 @@ run_test "TLS 1.3 m->G: HRR x448 -> x25519" \ -c "selected_group ( 29 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10491,7 +10518,7 @@ run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \ -c "selected_group ( 24 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10513,7 +10540,7 @@ run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \ -c "selected_group ( 25 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10535,7 +10562,7 @@ run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \ -c "selected_group ( 29 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10557,7 +10584,7 @@ run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \ -c "selected_group ( 30 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10579,7 +10606,7 @@ run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \ -c "selected_group ( 23 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10601,7 +10628,7 @@ run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \ -c "selected_group ( 25 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10623,7 +10650,7 @@ run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \ -c "selected_group ( 29 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10645,7 +10672,7 @@ run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \ -c "selected_group ( 30 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10667,7 +10694,7 @@ run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \ -c "selected_group ( 23 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10689,7 +10716,7 @@ run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \ -c "selected_group ( 24 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10711,7 +10738,7 @@ run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \ -c "selected_group ( 29 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10733,7 +10760,7 @@ run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \ -c "selected_group ( 30 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10755,7 +10782,7 @@ run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \ -c "selected_group ( 23 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10777,7 +10804,7 @@ run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \ -c "selected_group ( 24 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10799,7 +10826,7 @@ run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \ -c "selected_group ( 25 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10821,7 +10848,7 @@ run_test "TLS 1.3 m->m: HRR x25519 -> x448" \ -c "selected_group ( 30 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10843,7 +10870,7 @@ run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \ -c "selected_group ( 23 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10865,7 +10892,7 @@ run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \ -c "selected_group ( 24 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10887,7 +10914,7 @@ run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \ -c "selected_group ( 25 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -10909,7 +10936,7 @@ run_test "TLS 1.3 m->m: HRR x448 -> x25519" \ -c "selected_group ( 29 )" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -10924,7 +10951,7 @@ run_test "TLS 1.3 O->m: Server HRR secp256r1 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -10939,7 +10966,7 @@ run_test "TLS 1.3 O->m: Server HRR secp256r1 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -10954,7 +10981,7 @@ run_test "TLS 1.3 O->m: Server HRR secp256r1 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -10969,7 +10996,7 @@ run_test "TLS 1.3 O->m: Server HRR secp256r1 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -10984,7 +11011,7 @@ run_test "TLS 1.3 O->m: Server HRR secp384r1 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -10999,7 +11026,7 @@ run_test "TLS 1.3 O->m: Server HRR secp384r1 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11014,7 +11041,7 @@ run_test "TLS 1.3 O->m: Server HRR secp384r1 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11029,7 +11056,7 @@ run_test "TLS 1.3 O->m: Server HRR secp384r1 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11044,7 +11071,7 @@ run_test "TLS 1.3 O->m: Server HRR secp521r1 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11059,7 +11086,7 @@ run_test "TLS 1.3 O->m: Server HRR secp521r1 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11074,7 +11101,7 @@ run_test "TLS 1.3 O->m: Server HRR secp521r1 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11089,7 +11116,7 @@ run_test "TLS 1.3 O->m: Server HRR secp521r1 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11104,7 +11131,7 @@ run_test "TLS 1.3 O->m: Server HRR x25519 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11119,7 +11146,7 @@ run_test "TLS 1.3 O->m: Server HRR x25519 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11134,7 +11161,7 @@ run_test "TLS 1.3 O->m: Server HRR x25519 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11149,7 +11176,7 @@ run_test "TLS 1.3 O->m: Server HRR x25519 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11164,7 +11191,7 @@ run_test "TLS 1.3 O->m: Server HRR x448 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11179,7 +11206,7 @@ run_test "TLS 1.3 O->m: Server HRR x448 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11194,7 +11221,7 @@ run_test "TLS 1.3 O->m: Server HRR x448 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -11209,7 +11236,7 @@ run_test "TLS 1.3 O->m: Server HRR x448 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11217,7 +11244,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp256r1 -> secp384r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ @@ -11226,7 +11253,7 @@ run_test "TLS 1.3 G->m: Server HRR secp256r1 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11234,7 +11261,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp256r1 -> secp521r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ @@ -11243,7 +11270,7 @@ run_test "TLS 1.3 G->m: Server HRR secp256r1 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11251,7 +11278,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp256r1 -> x25519" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ @@ -11260,7 +11287,7 @@ run_test "TLS 1.3 G->m: Server HRR secp256r1 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11268,7 +11295,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp256r1 -> x448" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ @@ -11277,7 +11304,7 @@ run_test "TLS 1.3 G->m: Server HRR secp256r1 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11285,7 +11312,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp384r1 -> secp256r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ @@ -11294,7 +11321,7 @@ run_test "TLS 1.3 G->m: Server HRR secp384r1 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11302,7 +11329,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp384r1 -> secp521r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ @@ -11311,7 +11338,7 @@ run_test "TLS 1.3 G->m: Server HRR secp384r1 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11319,7 +11346,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp384r1 -> x25519" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ @@ -11328,7 +11355,7 @@ run_test "TLS 1.3 G->m: Server HRR secp384r1 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11336,7 +11363,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp384r1 -> x448" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ @@ -11345,7 +11372,7 @@ run_test "TLS 1.3 G->m: Server HRR secp384r1 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11353,7 +11380,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp521r1 -> secp256r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ @@ -11362,7 +11389,7 @@ run_test "TLS 1.3 G->m: Server HRR secp521r1 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11370,7 +11397,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp521r1 -> secp384r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ @@ -11379,7 +11406,7 @@ run_test "TLS 1.3 G->m: Server HRR secp521r1 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11387,7 +11414,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp521r1 -> x25519" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ @@ -11396,7 +11423,7 @@ run_test "TLS 1.3 G->m: Server HRR secp521r1 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11404,7 +11431,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR secp521r1 -> x448" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ @@ -11413,7 +11440,7 @@ run_test "TLS 1.3 G->m: Server HRR secp521r1 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11421,7 +11448,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR x25519 -> secp256r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ @@ -11430,7 +11457,7 @@ run_test "TLS 1.3 G->m: Server HRR x25519 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11438,7 +11465,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR x25519 -> secp384r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ @@ -11447,7 +11474,7 @@ run_test "TLS 1.3 G->m: Server HRR x25519 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11455,7 +11482,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR x25519 -> secp521r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ @@ -11464,7 +11491,7 @@ run_test "TLS 1.3 G->m: Server HRR x25519 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11472,7 +11499,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR x25519 -> x448" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ @@ -11481,7 +11508,7 @@ run_test "TLS 1.3 G->m: Server HRR x25519 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11489,7 +11516,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR x448 -> secp256r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ @@ -11498,7 +11525,7 @@ run_test "TLS 1.3 G->m: Server HRR x448 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11506,7 +11533,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR x448 -> secp384r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ @@ -11515,7 +11542,7 @@ run_test "TLS 1.3 G->m: Server HRR x448 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11523,7 +11550,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR x448 -> secp521r1" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ @@ -11532,7 +11559,7 @@ run_test "TLS 1.3 G->m: Server HRR x448 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -11540,7 +11567,7 @@ requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: Server HRR x448 -> x25519" \ "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --debug=4 localhost -p $SRV_PORT --single-key-share --x509cafile data_files/test-ca2.crt" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ @@ -11549,7 +11576,7 @@ run_test "TLS 1.3 G->m: Server HRR x448 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11570,7 +11597,7 @@ run_test "TLS 1.3 m->m: Server HRR secp256r1 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11591,7 +11618,7 @@ run_test "TLS 1.3 m->m: Server HRR secp256r1 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11612,7 +11639,7 @@ run_test "TLS 1.3 m->m: Server HRR secp256r1 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11633,7 +11660,7 @@ run_test "TLS 1.3 m->m: Server HRR secp256r1 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11654,7 +11681,7 @@ run_test "TLS 1.3 m->m: Server HRR secp384r1 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11675,7 +11702,7 @@ run_test "TLS 1.3 m->m: Server HRR secp384r1 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11696,7 +11723,7 @@ run_test "TLS 1.3 m->m: Server HRR secp384r1 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11717,7 +11744,7 @@ run_test "TLS 1.3 m->m: Server HRR secp384r1 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11738,7 +11765,7 @@ run_test "TLS 1.3 m->m: Server HRR secp521r1 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11759,7 +11786,7 @@ run_test "TLS 1.3 m->m: Server HRR secp521r1 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11780,7 +11807,7 @@ run_test "TLS 1.3 m->m: Server HRR secp521r1 -> x25519" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11801,7 +11828,7 @@ run_test "TLS 1.3 m->m: Server HRR secp521r1 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11822,7 +11849,7 @@ run_test "TLS 1.3 m->m: Server HRR x25519 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11843,7 +11870,7 @@ run_test "TLS 1.3 m->m: Server HRR x25519 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11864,7 +11891,7 @@ run_test "TLS 1.3 m->m: Server HRR x25519 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11885,7 +11912,7 @@ run_test "TLS 1.3 m->m: Server HRR x25519 -> x448" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11906,7 +11933,7 @@ run_test "TLS 1.3 m->m: Server HRR x448 -> secp256r1" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11927,7 +11954,7 @@ run_test "TLS 1.3 m->m: Server HRR x448 -> secp384r1" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11948,7 +11975,7 @@ run_test "TLS 1.3 m->m: Server HRR x448 -> secp521r1" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index 808fbed3c..d570c4703 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -183,7 +183,7 @@ class OpenSSLServ(OpenSSLBase): """ def cmd(self): - ret = super().cmd() + ret = self.pre_cmd() + super().cmd() ret += ['-accept $SRV_PORT'] ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache'] @@ -197,7 +197,7 @@ class OpenSSLServ(OpenSSLBase): return ['-c "HTTP/1.0 200 ok"'] def pre_cmd(self): - return '$O_NEXT_SRV_NO_CERT' + return ['$O_NEXT_SRV_NO_CERT'] class GnuTLSBase(TLSProgram): @@ -313,15 +313,13 @@ class GnuTLSServ(GnuTLSBase): return ['-c "HTTP/1.0 200 OK"'] def cmd(self): - ret = super().cmd() - ret += ['--http', - '--disable-client-cert', '--debug=4'] + ret = self.pre_cmd() + super().cmd() ret = ' '.join(ret) return ret def pre_cmd(self): - return '$G_NEXT_SRV_NO_CERT' + return ['$G_NEXT_SRV_NO_CERT'] + ['--http', '--disable-client-cert', '--debug=4'] class MbedTLSBase(TLSProgram): @@ -338,8 +336,7 @@ class MbedTLSBase(TLSProgram): def cmd(self): super().cmd() - ret = ['server_addr=127.0.0.1', 'server_port=$SRV_PORT', - 'debug_level=4'] + ret = ['server_addr=127.0.0.1', 'server_port=$SRV_PORT', 'debug_level=4'] ret += ['ca_file={cafile}'.format( cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] @@ -356,7 +353,6 @@ class MbedTLSBase(TLSProgram): named_groups = ','.join(self._named_groups) ret += ["curves={named_groups}".format(named_groups=named_groups)] -#ret = ' '.join(ret) return ret def pre_checks(self): @@ -382,7 +378,7 @@ class MbedTLSServ(MbedTLSBase): """ def cmd(self): - ret = super().cmd() + ret = self.pre_cmd() + super().cmd() ret += ['force_version=tls13'] for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)] @@ -393,7 +389,7 @@ class MbedTLSServ(MbedTLSBase): def pre_checks(self): ret = ['requires_config_enabled MBEDTLS_DEBUG_C', - 'requires_config_enabled MBEDTLS_SSL_CLI_C', + 'requires_config_enabled MBEDTLS_SSL_SRV_C', 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3'] if self._compat_mode: @@ -425,7 +421,7 @@ class MbedTLSServ(MbedTLSBase): return ['-s "{}"'.format(i) for i in check_strings] def pre_cmd(self): - return '$P_SRV_NO_CERT' + return ['$P_SRV_NO_CERT'] class OpenSSLCli(OpenSSLBase): @@ -434,7 +430,7 @@ class OpenSSLCli(OpenSSLBase): """ def cmd(self): - ret = super().cmd() + ret = self.pre_cmd() + super().cmd() ret += ['-CAfile {cafile}'.format( cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] @@ -448,7 +444,7 @@ class OpenSSLCli(OpenSSLBase): return ['-s "HTTP/1.0 200 OK"'] def pre_cmd(self): - return '$O_NEXT_CLI_NO_CERT' + return ['$O_NEXT_CLI_NO_CERT'] class GnuTLSCli(GnuTLSBase): @@ -465,9 +461,7 @@ class GnuTLSCli(GnuTLSBase): return ['-c "HTTP/1.0 200 OK"'] def cmd(self): - ret = super().cmd() - ret += ['--debug=4'] - ret += ['localhost', '-p $SRV_PORT', '--single-key-share'] + ret = self.pre_cmd() + super().cmd() ret += ['--x509cafile {cafile}'.format( cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] @@ -475,7 +469,7 @@ class GnuTLSCli(GnuTLSBase): return ret def pre_cmd(self): - return '$G_NEXT_CLI_NO_CERT' + return ['$G_NEXT_CLI_NO_CERT'] + ['--debug=4', 'localhost', '-p $SRV_PORT', '--single-key-share'] class MbedTLSCli(MbedTLSBase): @@ -484,13 +478,13 @@ class MbedTLSCli(MbedTLSBase): """ def cmd(self): - ret = super().cmd() + ret = self.pre_cmd() + super().cmd() ret = ' '.join(ret) return ret def pre_cmd(self): - return '$P_CLI' + return ['$P_CLI'] def pre_checks(self): ret = ['requires_config_enabled MBEDTLS_DEBUG_C', @@ -546,8 +540,8 @@ def generate_compat_test(client=None, server=None, cipher=None, named_group=None signature_algorithm=sig_alg, cert_sig_alg=sig_alg) - cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(), - server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0'] + cmd = ['run_test "{}"'.format(name), '"{}"'.format( + server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] cmd += server_object.post_checks() cmd += client_object.post_checks() cmd += ['-C "received HelloRetryRequest message"'] @@ -572,8 +566,8 @@ def generate_hrr_compat_test(client=None, server=None, cert_sig_alg=cert_sig_alg) client_object.add_named_groups(server_named_group) - cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(), - server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0'] + cmd = ['run_test "{}"'.format(name), '"{}"'.format( + server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] cmd += server_object.post_checks() cmd += client_object.post_checks() cmd += ['-c "received HelloRetryRequest message"'] @@ -595,14 +589,14 @@ def generate_server_hrr_compat_test(client=None, server=None, client=client, server=server, c_named_group=client_named_group, s_named_group=server_named_group) server_object = SERVER_CLASSES[server](named_group=server_named_group, - cert_sig_alg=cert_sig_alg) + cert_sig_alg=cert_sig_alg) client_object = CLIENT_CLASSES[client](named_group=client_named_group, - cert_sig_alg=cert_sig_alg) + cert_sig_alg=cert_sig_alg) client_object.add_named_groups(server_named_group) - cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(), - server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0'] + cmd = ['run_test "{}"'.format(name), '"{}"'.format( + server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] cmd += server_object.post_checks() cmd += client_object.post_checks() cmd += ['-s "HRR selected_group: {:s}"'.format(server_named_group)] @@ -694,10 +688,10 @@ def main(): CIPHER_SUITE_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys(), SIG_ALG_IANA_VALUE.keys()): - if(server == 'mbedTLS' or client == 'mbedTLS'): + if server == 'mbedTLS' or client == 'mbedTLS': yield generate_compat_test(client=client, server=server, - cipher=cipher, named_group=named_group, - sig_alg=sig_alg) + cipher=cipher, named_group=named_group, + sig_alg=sig_alg) # Generate Hello Retry Request compat test cases @@ -706,24 +700,22 @@ def main(): SERVER_CLASSES.keys(), NAMED_GROUP_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys()): - if(client == 'mbedTLS'): - if client_named_group != server_named_group: + if client == 'mbedTLS' and client_named_group != server_named_group: yield generate_hrr_compat_test(client=client, server=server, - client_named_group=client_named_group, - server_named_group=server_named_group, - cert_sig_alg="ecdsa_secp256r1_sha256") + client_named_group=client_named_group, + server_named_group=server_named_group, + cert_sig_alg="ecdsa_secp256r1_sha256") for client, server, client_named_group, server_named_group in \ itertools.product(CLIENT_CLASSES.keys(), SERVER_CLASSES.keys(), NAMED_GROUP_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys()): - if(server == 'mbedTLS'): - if client_named_group != server_named_group: - yield generate_server_hrr_compat_test(client=client, server=server, - client_named_group=client_named_group, - server_named_group=server_named_group, - cert_sig_alg="ecdsa_secp256r1_sha256") + if server == 'mbedTLS' and client_named_group != server_named_group: + yield generate_server_hrr_compat_test(client=client, server=server, + client_named_group=client_named_group, + server_named_group=server_named_group, + cert_sig_alg="ecdsa_secp256r1_sha256") if args.generate_all_tls13_compat_tests: diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c7d5aa46c..78bed36f7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -103,6 +103,7 @@ if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then G_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI" else G_NEXT_CLI=false + G_NEXT_CLI_NO_CERT=false fi TESTS=0 @@ -1568,6 +1569,7 @@ fi if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" + G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT" fi # Allow SHA-1, because many of our test certificates use it From 9b938b7c37ba8f975c3089b59845d09d0e351bd9 Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Fri, 10 Jun 2022 03:10:59 +0000 Subject: [PATCH 4/5] Share code with base class in generate_tls13_compat_tests.py Change-Id: I4540bdff7072cdb9bcc9fdb0799c4165ca381b2a CustomizedGitHooks: yes Signed-off-by: XiaokangQian --- tests/opt-testcases/tls13-compat.sh | 3080 ++++++++---------- tests/scripts/generate_tls13_compat_tests.py | 135 +- 2 files changed, 1382 insertions(+), 1833 deletions(-) diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index 05d09f2f8..48ba469e9 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -25,8 +25,8 @@ # PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py` # AND REGENERATE THIS FILE. # -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -42,8 +42,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -59,8 +59,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -76,8 +76,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -94,8 +94,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -111,8 +111,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -128,8 +128,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -145,8 +145,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -163,8 +163,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -180,8 +180,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -197,8 +197,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -214,8 +214,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -232,8 +232,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -249,8 +249,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -266,8 +266,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -283,8 +283,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -301,8 +301,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -318,8 +318,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -335,8 +335,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -352,8 +352,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -370,8 +370,8 @@ run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -387,8 +387,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -404,8 +404,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -421,8 +421,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -439,8 +439,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -456,8 +456,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -473,8 +473,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -490,8 +490,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -508,8 +508,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -525,8 +525,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -542,8 +542,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -559,8 +559,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -577,8 +577,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -594,8 +594,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -611,8 +611,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -628,8 +628,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -646,8 +646,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -663,8 +663,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -680,8 +680,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -697,8 +697,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -715,8 +715,8 @@ run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -732,8 +732,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha25 -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -749,8 +749,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha38 -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -766,8 +766,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha51 -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -784,8 +784,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -801,8 +801,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha25 -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -818,8 +818,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha38 -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -835,8 +835,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha51 -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -853,8 +853,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -870,8 +870,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha25 -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -887,8 +887,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha38 -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -904,8 +904,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha51 -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -922,8 +922,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -939,8 +939,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -956,8 +956,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -973,8 +973,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -991,8 +991,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1008,8 +1008,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1025,8 +1025,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1042,8 +1042,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1060,8 +1060,8 @@ run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1077,8 +1077,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1094,8 +1094,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1111,8 +1111,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1129,8 +1129,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1146,8 +1146,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1163,8 +1163,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1180,8 +1180,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1198,8 +1198,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1215,8 +1215,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1232,8 +1232,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1249,8 +1249,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1267,8 +1267,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1284,8 +1284,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1301,8 +1301,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1318,8 +1318,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1336,8 +1336,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1353,8 +1353,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1370,8 +1370,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1387,8 +1387,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1405,8 +1405,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1422,8 +1422,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1439,8 +1439,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1456,8 +1456,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1474,8 +1474,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1491,8 +1491,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1508,8 +1508,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1525,8 +1525,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1543,8 +1543,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1560,8 +1560,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1577,8 +1577,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1594,8 +1594,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1612,8 +1612,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1629,8 +1629,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1646,8 +1646,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1663,8 +1663,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1681,8 +1681,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1698,8 +1698,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1715,8 +1715,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 @@ -1732,8 +1732,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1750,8 +1750,8 @@ run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1769,8 +1769,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1788,8 +1788,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1807,8 +1807,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1827,8 +1827,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1846,8 +1846,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1865,8 +1865,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1884,8 +1884,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1904,8 +1904,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1923,8 +1923,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1942,8 +1942,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -1961,8 +1961,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1981,8 +1981,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2000,8 +2000,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2019,8 +2019,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2038,8 +2038,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2058,8 +2058,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2077,8 +2077,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2096,8 +2096,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2115,8 +2115,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2135,8 +2135,8 @@ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2154,8 +2154,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2173,8 +2173,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2192,8 +2192,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2212,8 +2212,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2231,8 +2231,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2250,8 +2250,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2269,8 +2269,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2289,8 +2289,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2308,8 +2308,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2327,8 +2327,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2346,8 +2346,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2366,8 +2366,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2385,8 +2385,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2404,8 +2404,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2423,8 +2423,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2443,8 +2443,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2462,8 +2462,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2481,8 +2481,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2500,8 +2500,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2520,8 +2520,8 @@ run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2539,8 +2539,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha25 -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2558,8 +2558,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha38 -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2577,8 +2577,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha51 -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2597,8 +2597,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2616,8 +2616,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha25 -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2635,8 +2635,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha38 -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2654,8 +2654,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha51 -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2674,8 +2674,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2693,8 +2693,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha25 -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2712,8 +2712,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha38 -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2731,8 +2731,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha51 -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2751,8 +2751,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2770,8 +2770,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2789,8 +2789,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2808,8 +2808,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2828,8 +2828,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2847,8 +2847,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2866,8 +2866,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2885,8 +2885,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2905,8 +2905,8 @@ run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2924,8 +2924,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2943,8 +2943,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -2962,8 +2962,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2982,8 +2982,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3001,8 +3001,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3020,8 +3020,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3039,8 +3039,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3059,8 +3059,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3078,8 +3078,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3097,8 +3097,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3116,8 +3116,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3136,8 +3136,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3155,8 +3155,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3174,8 +3174,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3193,8 +3193,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3213,8 +3213,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3232,8 +3232,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3251,8 +3251,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3270,8 +3270,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3290,8 +3290,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3309,8 +3309,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3328,8 +3328,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3347,8 +3347,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3367,8 +3367,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3386,8 +3386,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3405,8 +3405,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3424,8 +3424,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3444,8 +3444,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3463,8 +3463,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3482,8 +3482,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3501,8 +3501,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3521,8 +3521,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3540,8 +3540,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3559,8 +3559,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3578,8 +3578,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3598,8 +3598,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3617,8 +3617,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3636,8 +3636,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_gnutls_tls1_3 @@ -3655,8 +3655,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3676,8 +3676,8 @@ run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -3693,8 +3693,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -3710,8 +3710,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -3727,8 +3727,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3745,8 +3745,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -3762,8 +3762,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -3779,8 +3779,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -3796,8 +3796,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3814,8 +3814,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -3831,8 +3831,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -3848,8 +3848,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -3865,8 +3865,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3883,8 +3883,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -3900,8 +3900,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -3917,8 +3917,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -3934,8 +3934,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -3952,8 +3952,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -3969,8 +3969,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -3986,8 +3986,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -4003,8 +4003,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4021,8 +4021,8 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ @@ -4038,8 +4038,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ @@ -4055,8 +4055,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ @@ -4072,8 +4072,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4090,8 +4090,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ @@ -4107,8 +4107,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ @@ -4124,8 +4124,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ @@ -4141,8 +4141,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4159,8 +4159,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ @@ -4176,8 +4176,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ @@ -4193,8 +4193,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ @@ -4210,8 +4210,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4228,8 +4228,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ @@ -4245,8 +4245,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ @@ -4262,8 +4262,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ @@ -4279,8 +4279,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4297,8 +4297,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ @@ -4314,8 +4314,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ @@ -4331,8 +4331,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ @@ -4348,8 +4348,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4366,8 +4366,8 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -4383,8 +4383,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -4400,8 +4400,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -4417,8 +4417,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4435,8 +4435,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -4452,8 +4452,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -4469,8 +4469,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -4486,8 +4486,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4504,8 +4504,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -4521,8 +4521,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha25 -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -4538,8 +4538,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha38 -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -4555,8 +4555,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha51 -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4573,8 +4573,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -4590,8 +4590,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -4607,8 +4607,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -4624,8 +4624,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4642,8 +4642,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -4659,8 +4659,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -4676,8 +4676,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -4693,8 +4693,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4711,8 +4711,8 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -4728,8 +4728,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -4745,8 +4745,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -4762,8 +4762,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4780,8 +4780,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -4797,8 +4797,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -4814,8 +4814,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -4831,8 +4831,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4849,8 +4849,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -4866,8 +4866,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -4883,8 +4883,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -4900,8 +4900,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4918,8 +4918,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -4935,8 +4935,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -4952,8 +4952,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -4969,8 +4969,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -4987,8 +4987,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -5004,8 +5004,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -5021,8 +5021,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -5038,8 +5038,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5056,8 +5056,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -5073,8 +5073,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -5090,8 +5090,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -5107,8 +5107,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5125,8 +5125,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -5142,8 +5142,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -5159,8 +5159,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -5176,8 +5176,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5194,8 +5194,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -5211,8 +5211,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -5228,8 +5228,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -5245,8 +5245,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5263,8 +5263,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -5280,8 +5280,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -5297,8 +5297,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -5314,8 +5314,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5332,8 +5332,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -5349,8 +5349,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -5366,8 +5366,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -5383,8 +5383,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5403,8 +5403,8 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -5422,8 +5422,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -5441,8 +5441,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -5460,8 +5460,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5480,8 +5480,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -5499,8 +5499,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -5518,8 +5518,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -5537,8 +5537,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5557,8 +5557,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -5576,8 +5576,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -5595,8 +5595,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -5614,8 +5614,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5634,8 +5634,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -5653,8 +5653,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -5672,8 +5672,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -5691,8 +5691,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5711,8 +5711,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -5730,8 +5730,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -5749,8 +5749,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -5768,8 +5768,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5788,8 +5788,8 @@ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ @@ -5807,8 +5807,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ @@ -5826,8 +5826,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ @@ -5845,8 +5845,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5865,8 +5865,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ @@ -5884,8 +5884,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ @@ -5903,8 +5903,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ @@ -5922,8 +5922,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -5942,8 +5942,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ @@ -5961,8 +5961,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ @@ -5980,8 +5980,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ @@ -5999,8 +5999,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6019,8 +6019,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ @@ -6038,8 +6038,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ @@ -6057,8 +6057,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ @@ -6076,8 +6076,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6096,8 +6096,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ @@ -6115,8 +6115,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ @@ -6134,8 +6134,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ @@ -6153,8 +6153,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6173,8 +6173,8 @@ run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -6192,8 +6192,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha25 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -6211,8 +6211,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha38 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -6230,8 +6230,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha51 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6250,8 +6250,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -6269,8 +6269,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha25 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -6288,8 +6288,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha38 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -6307,8 +6307,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha51 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6327,8 +6327,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -6346,8 +6346,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha25 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -6365,8 +6365,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha38 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -6384,8 +6384,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha51 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6404,8 +6404,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -6423,8 +6423,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -6442,8 +6442,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -6461,8 +6461,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6481,8 +6481,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -6500,8 +6500,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -6519,8 +6519,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -6538,8 +6538,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6558,8 +6558,8 @@ run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -6577,8 +6577,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -6596,8 +6596,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -6615,8 +6615,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6635,8 +6635,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -6654,8 +6654,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -6673,8 +6673,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -6692,8 +6692,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6712,8 +6712,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -6731,8 +6731,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -6750,8 +6750,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -6769,8 +6769,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6789,8 +6789,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -6808,8 +6808,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -6827,8 +6827,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -6846,8 +6846,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6866,8 +6866,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -6885,8 +6885,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -6904,8 +6904,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -6923,8 +6923,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -6943,8 +6943,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -6962,8 +6962,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -6981,8 +6981,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -7000,8 +7000,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7020,8 +7020,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -7039,8 +7039,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -7058,8 +7058,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -7077,8 +7077,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7097,8 +7097,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -7116,8 +7116,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -7135,8 +7135,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -7154,8 +7154,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7174,8 +7174,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -7193,8 +7193,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -7212,8 +7212,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -7231,8 +7231,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7251,8 +7251,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -7270,8 +7270,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -7289,8 +7289,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -7308,8 +7308,8 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7325,12 +7325,12 @@ run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -7349,12 +7349,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -7373,12 +7373,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -7397,13 +7397,13 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7423,12 +7423,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -7447,12 +7447,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -7471,12 +7471,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -7495,13 +7495,13 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7521,12 +7521,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -7545,12 +7545,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -7569,12 +7569,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -7593,13 +7593,13 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7619,12 +7619,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -7643,12 +7643,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -7667,12 +7667,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -7691,13 +7691,13 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7717,12 +7717,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -7741,12 +7741,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -7765,12 +7765,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -7789,13 +7789,13 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7815,12 +7815,12 @@ run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ @@ -7839,12 +7839,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ @@ -7863,12 +7863,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ @@ -7887,13 +7887,13 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -7913,12 +7913,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ @@ -7937,12 +7937,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ @@ -7961,12 +7961,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ @@ -7985,13 +7985,13 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8011,12 +8011,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ @@ -8035,12 +8035,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ @@ -8059,12 +8059,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ @@ -8083,13 +8083,13 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8109,12 +8109,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ @@ -8133,12 +8133,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ @@ -8157,12 +8157,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ @@ -8181,13 +8181,13 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8207,12 +8207,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ @@ -8231,12 +8231,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ @@ -8255,12 +8255,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ @@ -8279,13 +8279,13 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8305,12 +8305,12 @@ run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -8329,12 +8329,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha25 -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -8353,12 +8353,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha38 -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -8377,13 +8377,13 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha51 -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8403,12 +8403,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -8427,12 +8427,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha25 -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -8451,12 +8451,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha38 -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -8475,13 +8475,13 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha51 -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8501,12 +8501,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -8525,12 +8525,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha25 -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -8549,12 +8549,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha38 -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -8573,13 +8573,13 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha51 -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8599,12 +8599,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -8623,12 +8623,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -8647,12 +8647,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -8671,13 +8671,13 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8697,12 +8697,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -8721,12 +8721,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -8745,12 +8745,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -8769,13 +8769,13 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8795,12 +8795,12 @@ run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -8819,12 +8819,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -8843,12 +8843,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -8867,13 +8867,13 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8893,12 +8893,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -8917,12 +8917,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -8941,12 +8941,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -8965,13 +8965,13 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -8991,12 +8991,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -9015,12 +9015,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -9039,12 +9039,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -9063,13 +9063,13 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9089,12 +9089,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -9113,12 +9113,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -9137,12 +9137,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -9161,13 +9161,13 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9187,12 +9187,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -9211,12 +9211,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -9235,12 +9235,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -9259,13 +9259,13 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9285,12 +9285,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ @@ -9309,12 +9309,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ @@ -9333,12 +9333,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ @@ -9357,13 +9357,13 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9383,12 +9383,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ @@ -9407,12 +9407,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ @@ -9431,12 +9431,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ @@ -9455,13 +9455,13 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9481,12 +9481,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ @@ -9505,12 +9505,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ @@ -9529,12 +9529,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ @@ -9553,13 +9553,13 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9579,12 +9579,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ @@ -9603,12 +9603,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ @@ -9627,12 +9627,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ @@ -9651,13 +9651,13 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9677,12 +9677,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ @@ -9701,12 +9701,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ @@ -9725,12 +9725,12 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ @@ -9749,13 +9749,13 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -9775,9 +9775,649 @@ run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" -requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR x25519 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 +run_test "TLS 1.3 O->m: HRR x448 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR x25519 -> x448" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x448(001e)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x448" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp256r1(0017)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp256r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp384r1(0018)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp384r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: secp521r1(0019)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: secp521r1" + +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +run_test "TLS 1.3 G->m: HRR x448 -> x25519" \ + "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + 0 \ + -s "Protocol is TLSv1.3" \ + -s "got named group: x25519(001d)" \ + -s "Verifying peer X.509 certificate... ok" \ + -c "HTTP/1.0 200 OK" \ + -s "HRR selected_group: x25519" + +requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \ @@ -9793,8 +10433,8 @@ run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \ -c "selected_group ( 24 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \ @@ -9810,8 +10450,8 @@ run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \ -c "selected_group ( 25 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \ @@ -9827,8 +10467,8 @@ run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \ -c "selected_group ( 29 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \ @@ -9844,8 +10484,8 @@ run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \ -c "selected_group ( 30 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \ @@ -9861,8 +10501,8 @@ run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \ -c "selected_group ( 23 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \ @@ -9878,8 +10518,8 @@ run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \ -c "selected_group ( 25 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \ @@ -9895,8 +10535,8 @@ run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \ -c "selected_group ( 29 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \ @@ -9912,8 +10552,8 @@ run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \ -c "selected_group ( 30 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \ @@ -9929,8 +10569,8 @@ run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \ -c "selected_group ( 23 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \ @@ -9946,8 +10586,8 @@ run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \ -c "selected_group ( 24 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \ @@ -9963,8 +10603,8 @@ run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \ -c "selected_group ( 29 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \ @@ -9980,8 +10620,8 @@ run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \ -c "selected_group ( 30 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \ @@ -9997,8 +10637,8 @@ run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \ -c "selected_group ( 23 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \ @@ -10014,8 +10654,8 @@ run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \ -c "selected_group ( 24 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \ @@ -10031,8 +10671,8 @@ run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \ -c "selected_group ( 25 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> x448" \ @@ -10048,8 +10688,8 @@ run_test "TLS 1.3 m->O: HRR x25519 -> x448" \ -c "selected_group ( 30 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \ @@ -10065,8 +10705,8 @@ run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \ -c "selected_group ( 23 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \ @@ -10082,8 +10722,8 @@ run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \ -c "selected_group ( 24 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \ @@ -10099,8 +10739,8 @@ run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \ -c "selected_group ( 25 )" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> x25519" \ @@ -10118,8 +10758,8 @@ run_test "TLS 1.3 m->O: HRR x448 -> x25519" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \ @@ -10137,8 +10777,8 @@ run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \ @@ -10156,8 +10796,8 @@ run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \ @@ -10175,8 +10815,8 @@ run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \ @@ -10194,8 +10834,8 @@ run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \ @@ -10213,8 +10853,8 @@ run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \ @@ -10232,8 +10872,8 @@ run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \ @@ -10251,8 +10891,8 @@ run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \ @@ -10270,8 +10910,8 @@ run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \ @@ -10289,8 +10929,8 @@ run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \ @@ -10308,8 +10948,8 @@ run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \ @@ -10327,8 +10967,8 @@ run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \ @@ -10346,8 +10986,8 @@ run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \ @@ -10365,8 +11005,8 @@ run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \ @@ -10384,8 +11024,8 @@ run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \ @@ -10403,8 +11043,8 @@ run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> x448" \ @@ -10422,8 +11062,8 @@ run_test "TLS 1.3 m->G: HRR x25519 -> x448" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \ @@ -10441,8 +11081,8 @@ run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \ @@ -10460,8 +11100,8 @@ run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \ @@ -10479,8 +11119,8 @@ run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> x25519" \ @@ -10495,12 +11135,12 @@ run_test "TLS 1.3 m->G: HRR x448 -> x25519" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 29 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \ @@ -10514,15 +11154,16 @@ run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \ -c "NamedGroup: secp256r1 ( 17 )" \ -c "NamedGroup: secp384r1 ( 18 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp384r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 24 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \ @@ -10536,15 +11177,16 @@ run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \ -c "NamedGroup: secp256r1 ( 17 )" \ -c "NamedGroup: secp521r1 ( 19 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp521r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 25 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \ @@ -10558,15 +11200,16 @@ run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \ -c "NamedGroup: secp256r1 ( 17 )" \ -c "NamedGroup: x25519 ( 1d )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x25519" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 29 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \ @@ -10580,15 +11223,16 @@ run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \ -c "NamedGroup: secp256r1 ( 17 )" \ -c "NamedGroup: x448 ( 1e )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x448" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 30 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \ @@ -10602,15 +11246,16 @@ run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \ -c "NamedGroup: secp384r1 ( 18 )" \ -c "NamedGroup: secp256r1 ( 17 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp256r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 23 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \ @@ -10624,15 +11269,16 @@ run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \ -c "NamedGroup: secp384r1 ( 18 )" \ -c "NamedGroup: secp521r1 ( 19 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp521r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 25 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \ @@ -10646,15 +11292,16 @@ run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \ -c "NamedGroup: secp384r1 ( 18 )" \ -c "NamedGroup: x25519 ( 1d )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x25519" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 29 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \ @@ -10668,15 +11315,16 @@ run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \ -c "NamedGroup: secp384r1 ( 18 )" \ -c "NamedGroup: x448 ( 1e )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x448" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 30 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \ @@ -10690,15 +11338,16 @@ run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \ -c "NamedGroup: secp521r1 ( 19 )" \ -c "NamedGroup: secp256r1 ( 17 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp256r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 23 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \ @@ -10712,15 +11361,16 @@ run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \ -c "NamedGroup: secp521r1 ( 19 )" \ -c "NamedGroup: secp384r1 ( 18 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp384r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 24 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \ @@ -10734,15 +11384,16 @@ run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \ -c "NamedGroup: secp521r1 ( 19 )" \ -c "NamedGroup: x25519 ( 1d )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x25519" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 29 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \ @@ -10756,15 +11407,16 @@ run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \ -c "NamedGroup: secp521r1 ( 19 )" \ -c "NamedGroup: x448 ( 1e )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x448" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 30 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \ @@ -10778,15 +11430,16 @@ run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \ -c "NamedGroup: x25519 ( 1d )" \ -c "NamedGroup: secp256r1 ( 17 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp256r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 23 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \ @@ -10800,15 +11453,16 @@ run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \ -c "NamedGroup: x25519 ( 1d )" \ -c "NamedGroup: secp384r1 ( 18 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp384r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 24 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \ @@ -10822,15 +11476,16 @@ run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \ -c "NamedGroup: x25519 ( 1d )" \ -c "NamedGroup: secp521r1 ( 19 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp521r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 25 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x25519 -> x448" \ @@ -10844,15 +11499,16 @@ run_test "TLS 1.3 m->m: HRR x25519 -> x448" \ -c "NamedGroup: x25519 ( 1d )" \ -c "NamedGroup: x448 ( 1e )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x448" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 30 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \ @@ -10866,15 +11522,16 @@ run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \ -c "NamedGroup: x448 ( 1e )" \ -c "NamedGroup: secp256r1 ( 17 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp256r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 23 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \ @@ -10888,15 +11545,16 @@ run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \ -c "NamedGroup: x448 ( 1e )" \ -c "NamedGroup: secp384r1 ( 18 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp384r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 24 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \ @@ -10910,15 +11568,16 @@ run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \ -c "NamedGroup: x448 ( 1e )" \ -c "NamedGroup: secp521r1 ( 19 )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: secp521r1" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 25 )" -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x448 -> x25519" \ @@ -10932,1065 +11591,6 @@ run_test "TLS 1.3 m->m: HRR x448 -> x25519" \ -c "NamedGroup: x448 ( 1e )" \ -c "NamedGroup: x25519 ( 1d )" \ -c "Verifying peer X.509 certificate... ok" \ + -s "HRR selected_group: x25519" \ -c "received HelloRetryRequest message" \ -c "selected_group ( 29 )" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp256r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp256r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp256r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp256r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp384r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp384r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp384r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp384r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp521r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp521r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp521r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR secp521r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR x25519 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR x25519 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR x25519 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR x25519 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR x448 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR x448 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR x448 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_openssl_tls1_3 -run_test "TLS 1.3 O->m: Server HRR x448 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp256r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp256r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp256r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp256r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp384r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp384r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp384r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp384r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp521r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp521r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp521r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR secp521r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR x25519 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR x25519 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR x25519 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR x25519 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR x448 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR x448 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR x448 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: Server HRR x448 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp256r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp256r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp256r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp256r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp384r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp384r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp384r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp384r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp521r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp521r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp521r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: x25519" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR secp521r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR x25519 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR x25519 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR x25519 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR x25519 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x448(001e)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: x448" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR x448 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp256r1(0017)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "NamedGroup: secp256r1 ( 17 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp256r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR x448 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp384r1(0018)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "NamedGroup: secp384r1 ( 18 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp384r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR x448 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: secp521r1(0019)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "NamedGroup: secp521r1 ( 19 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: secp521r1" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3 m->m: Server HRR x448 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "got named group: x25519(001d)" \ - -s "Verifying peer X.509 certificate... ok" \ - -c "Protocol is TLSv1.3" \ - -c "NamedGroup: x448 ( 1e )" \ - -c "NamedGroup: x25519 ( 1d )" \ - -c "Verifying peer X.509 certificate... ok" \ - -s "HRR selected_group: x25519" diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index d570c4703..c3bfe1b4d 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -125,9 +125,14 @@ class TLSProgram(metaclass=abc.ABCMeta): def post_checks(self): return [] + @abc.abstractmethod def pre_cmd(self): return [] + @abc.abstractmethod + def hrr_post_checks(self, named_group): + return [] + class OpenSSLBase(TLSProgram): """ @@ -167,7 +172,6 @@ class OpenSSLBase(TLSProgram): if not self._compat_mode: ret += ['-no_middlebox'] -#return ' '.join(ret) return ret def pre_checks(self): @@ -176,6 +180,12 @@ class OpenSSLBase(TLSProgram): def post_checks(self): return [] + def pre_cmd(self): + return [] + + def hrr_post_checks(self, named_group): + return [] + class OpenSSLServ(OpenSSLBase): """ @@ -190,9 +200,6 @@ class OpenSSLServ(OpenSSLBase): return ' '.join(ret) - def pre_checks(self): - return ["requires_openssl_tls1_3"] - def post_checks(self): return ['-c "HTTP/1.0 200 ok"'] @@ -247,6 +254,12 @@ class GnuTLSBase(TLSProgram): "requires_gnutls_next_disable_tls13_compat", ] def post_checks(self): + return ['-c "HTTP/1.0 200 OK"'] + + def hrr_post_checks(self, named_group): + return [] + + def pre_cmd(self): return [] def cmd(self): @@ -296,7 +309,6 @@ class GnuTLSBase(TLSProgram): ret += ['--priority={priority_string}'.format( priority_string=priority_string)] -#ret = ' '.join(ret) return ret class GnuTLSServ(GnuTLSBase): @@ -304,14 +316,6 @@ class GnuTLSServ(GnuTLSBase): Generate test commands for GnuTLS server. """ - def pre_checks(self): - return ["requires_gnutls_tls1_3", - "requires_gnutls_next_no_ticket", - "requires_gnutls_next_disable_tls13_compat", ] - - def post_checks(self): - return ['-c "HTTP/1.0 200 OK"'] - def cmd(self): ret = self.pre_cmd() + super().cmd() @@ -357,7 +361,6 @@ class MbedTLSBase(TLSProgram): def pre_checks(self): ret = ['requires_config_enabled MBEDTLS_DEBUG_C', - 'requires_config_enabled MBEDTLS_SSL_CLI_C', 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3'] if self._compat_mode: @@ -371,6 +374,12 @@ class MbedTLSBase(TLSProgram): def post_checks(self): return [] + def pre_cmd(self): + return [] + + def hrr_post_checks(self, named_group): + return [] + class MbedTLSServ(MbedTLSBase): """ @@ -388,17 +397,7 @@ class MbedTLSServ(MbedTLSBase): return ret def pre_checks(self): - ret = ['requires_config_enabled MBEDTLS_DEBUG_C', - 'requires_config_enabled MBEDTLS_SSL_SRV_C', - 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3'] - - if self._compat_mode: - ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE'] - - if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs: - ret.append( - 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') - return ret + return ['requires_config_enabled MBEDTLS_SSL_SRV_C'] + super().pre_checks() def post_checks(self): check_strings = ["Protocol is TLSv1.3"] @@ -423,6 +422,9 @@ class MbedTLSServ(MbedTLSBase): def pre_cmd(self): return ['$P_SRV_NO_CERT'] + def hrr_post_checks(self, named_group): + return ['-s "HRR selected_group: {:s}"'.format(named_group)] + class OpenSSLCli(OpenSSLBase): """ @@ -437,9 +439,6 @@ class OpenSSLCli(OpenSSLBase): return ' '.join(ret) - def pre_checks(self): - return ["requires_openssl_tls1_3"] - def post_checks(self): return ['-s "HTTP/1.0 200 OK"'] @@ -452,14 +451,6 @@ class GnuTLSCli(GnuTLSBase): Generate test commands for GnuTLS client. """ - def pre_checks(self): - return ["requires_gnutls_tls1_3", - "requires_gnutls_next_no_ticket", - "requires_gnutls_next_disable_tls13_compat", ] - - def post_checks(self): - return ['-c "HTTP/1.0 200 OK"'] - def cmd(self): ret = self.pre_cmd() + super().cmd() ret += ['--x509cafile {cafile}'.format( @@ -469,7 +460,9 @@ class GnuTLSCli(GnuTLSBase): return ret def pre_cmd(self): - return ['$G_NEXT_CLI_NO_CERT'] + ['--debug=4', 'localhost', '-p $SRV_PORT', '--single-key-share'] + ret = ['$G_NEXT_CLI_NO_CERT'] + ret += ['--debug=4', 'localhost', '-p $SRV_PORT', '--single-key-share'] + return ret class MbedTLSCli(MbedTLSBase): @@ -487,16 +480,11 @@ class MbedTLSCli(MbedTLSBase): return ['$P_CLI'] def pre_checks(self): - ret = ['requires_config_enabled MBEDTLS_DEBUG_C', - 'requires_config_enabled MBEDTLS_SSL_CLI_C', - 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3'] + return ['requires_config_enabled MBEDTLS_SSL_CLI_C'] + super().pre_checks() - if self._compat_mode: - ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE'] - - if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs: - ret.append( - 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') + def hrr_post_checks(self, named_group): + ret = ['-c "received HelloRetryRequest message"'] + ret += ['-c "selected_group ( {:d} )"'.format(NAMED_GROUP_IANA_VALUE[named_group])] return ret def post_checks(self): @@ -570,36 +558,8 @@ def generate_hrr_compat_test(client=None, server=None, server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] cmd += server_object.post_checks() cmd += client_object.post_checks() - cmd += ['-c "received HelloRetryRequest message"'] - cmd += ['-c "selected_group ( {:d} )"'.format( - NAMED_GROUP_IANA_VALUE[server_named_group])] - prefix = ' \\\n' + (' '*9) - cmd = prefix.join(cmd) - return '\n'.join(server_object.pre_checks() + - client_object.pre_checks() + - [cmd]) - -def generate_server_hrr_compat_test(client=None, server=None, - client_named_group=None, server_named_group=None, - cert_sig_alg=None): - """ - Generate server side Hello Retry Request test case with `ssl-opt.sh` format. - """ - name = 'TLS 1.3 {client[0]}->{server[0]}: Server HRR {c_named_group} -> {s_named_group}'.format( - client=client, server=server, c_named_group=client_named_group, - s_named_group=server_named_group) - server_object = SERVER_CLASSES[server](named_group=server_named_group, - cert_sig_alg=cert_sig_alg) - - client_object = CLIENT_CLASSES[client](named_group=client_named_group, - cert_sig_alg=cert_sig_alg) - client_object.add_named_groups(server_named_group) - - cmd = ['run_test "{}"'.format(name), '"{}"'.format( - server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] - cmd += server_object.post_checks() - cmd += client_object.post_checks() - cmd += ['-s "HRR selected_group: {:s}"'.format(server_named_group)] + cmd += server_object.hrr_post_checks(server_named_group) + cmd += client_object.hrr_post_checks(server_named_group) prefix = ' \\\n' + (' '*9) cmd = prefix.join(cmd) return '\n'.join(server_object.pre_checks() + @@ -700,23 +660,12 @@ def main(): SERVER_CLASSES.keys(), NAMED_GROUP_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys()): - if client == 'mbedTLS' and client_named_group != server_named_group: - yield generate_hrr_compat_test(client=client, server=server, - client_named_group=client_named_group, - server_named_group=server_named_group, - cert_sig_alg="ecdsa_secp256r1_sha256") - - for client, server, client_named_group, server_named_group in \ - itertools.product(CLIENT_CLASSES.keys(), - SERVER_CLASSES.keys(), - NAMED_GROUP_IANA_VALUE.keys(), - NAMED_GROUP_IANA_VALUE.keys()): - if server == 'mbedTLS' and client_named_group != server_named_group: - yield generate_server_hrr_compat_test(client=client, server=server, - client_named_group=client_named_group, - server_named_group=server_named_group, - cert_sig_alg="ecdsa_secp256r1_sha256") - + if (client == 'mbedTLS' or server == 'mbedTLS') and \ + client_named_group != server_named_group: + yield generate_hrr_compat_test(client=client, server=server, + client_named_group=client_named_group, + server_named_group=server_named_group, + cert_sig_alg="ecdsa_secp256r1_sha256") if args.generate_all_tls13_compat_tests: if args.output: From b7c12a466f50833b1445d3b8e95371d676b0384d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 12 Jun 2022 20:53:02 +0800 Subject: [PATCH 5/5] Refactor compat scripts Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-compat.sh | 2400 ++++++++---------- tests/scripts/generate_tls13_compat_tests.py | 180 +- tests/ssl-opt.sh | 3 +- 3 files changed, 1144 insertions(+), 1439 deletions(-) diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index 48ba469e9..5a71d1c42 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -31,15 +31,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -48,15 +47,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -65,15 +63,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -83,15 +80,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -100,15 +96,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -117,15 +112,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -134,15 +128,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -152,15 +145,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -169,15 +161,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -186,15 +177,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -203,15 +193,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -221,15 +210,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -238,15 +226,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -255,15 +242,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -272,15 +258,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -290,15 +275,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -307,15 +291,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -324,15 +307,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -341,15 +323,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -359,15 +340,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -376,15 +356,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -393,15 +372,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -410,15 +388,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -428,15 +405,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -445,15 +421,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -462,15 +437,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -479,15 +453,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -497,15 +470,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -514,15 +486,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -531,15 +502,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -548,15 +518,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -566,15 +535,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -583,15 +551,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -600,15 +567,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -617,15 +583,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -635,15 +600,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -652,15 +616,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -669,15 +632,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -686,15 +648,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -704,15 +665,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -721,15 +681,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -738,15 +697,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -755,15 +713,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -773,15 +730,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -790,15 +746,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -807,15 +762,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -824,15 +778,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -842,15 +795,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -859,15 +811,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -876,15 +827,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -893,15 +843,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -911,15 +860,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -928,15 +876,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -945,15 +892,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -962,15 +908,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -980,15 +925,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -997,15 +941,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1014,15 +957,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1031,15 +973,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1049,15 +990,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1066,15 +1006,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1083,15 +1022,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1100,15 +1038,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1118,15 +1055,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1135,15 +1071,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1152,15 +1087,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1169,15 +1103,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1187,15 +1120,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1204,15 +1136,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1221,15 +1152,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1238,15 +1168,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1256,15 +1185,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1273,15 +1201,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1290,15 +1217,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1307,15 +1233,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1325,15 +1250,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1342,15 +1266,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1359,15 +1282,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1376,15 +1298,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1394,15 +1315,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1411,15 +1331,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1428,15 +1347,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1445,15 +1363,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1463,15 +1380,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1480,15 +1396,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1497,15 +1412,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1514,15 +1428,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1532,15 +1445,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1549,15 +1461,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1566,15 +1477,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1583,15 +1493,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1601,15 +1510,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1618,15 +1526,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1635,15 +1542,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1652,15 +1558,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1670,15 +1575,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1687,15 +1591,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1704,15 +1607,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1721,15 +1623,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1739,15 +1640,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1758,15 +1658,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1777,15 +1676,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1796,15 +1694,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1816,15 +1713,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1835,15 +1731,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1854,15 +1749,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1873,15 +1767,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1893,15 +1786,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1912,15 +1804,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1931,15 +1822,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1950,15 +1840,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1970,15 +1859,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1989,15 +1877,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2008,15 +1895,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2027,15 +1913,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2047,15 +1932,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2066,15 +1950,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2085,15 +1968,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2104,15 +1986,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2124,15 +2005,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2143,15 +2023,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2162,15 +2041,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2181,15 +2059,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2201,15 +2078,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2220,15 +2096,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2239,15 +2114,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2258,15 +2132,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2278,15 +2151,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2297,15 +2169,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2316,15 +2187,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2335,15 +2205,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2355,15 +2224,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2374,15 +2242,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2393,15 +2260,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2412,15 +2278,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2432,15 +2297,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2451,15 +2315,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2470,15 +2333,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2489,15 +2351,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2509,15 +2370,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2528,15 +2388,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2547,15 +2406,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2566,15 +2424,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2586,15 +2443,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2605,15 +2461,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2624,15 +2479,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2643,15 +2497,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2663,15 +2516,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2682,15 +2534,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2701,15 +2552,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2720,15 +2570,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2740,15 +2589,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2759,15 +2607,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2778,15 +2625,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2797,15 +2643,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2817,15 +2662,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2836,15 +2680,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2855,15 +2698,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2874,15 +2716,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2894,15 +2735,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2913,15 +2753,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2932,15 +2771,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2951,15 +2789,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2971,15 +2808,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2990,15 +2826,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3009,15 +2844,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3028,15 +2862,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3048,15 +2881,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3067,15 +2899,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3086,15 +2917,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3105,15 +2935,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3125,15 +2954,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3144,15 +2972,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3163,15 +2990,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3182,15 +3008,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3202,15 +3027,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3221,15 +3045,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3240,15 +3063,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3259,15 +3081,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3279,15 +3100,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3298,15 +3118,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3317,15 +3136,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3336,15 +3154,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3356,15 +3173,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3375,15 +3191,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3394,15 +3209,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3413,15 +3227,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3433,15 +3246,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3452,15 +3264,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3471,15 +3282,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3490,15 +3300,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3510,15 +3319,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3529,15 +3337,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3548,15 +3355,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3567,15 +3373,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3587,15 +3392,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3606,15 +3410,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x403" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3625,15 +3428,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x503" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3644,15 +3446,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x603" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3664,15 +3465,14 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ -s "received signature algorithm: 0x804" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -C "received HelloRetryRequest message" requires_openssl_tls1_3 @@ -3681,8 +3481,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3698,8 +3498,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3715,8 +3515,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3733,8 +3533,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3750,8 +3550,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3767,8 +3567,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3784,8 +3584,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3802,8 +3602,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3819,8 +3619,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3836,8 +3636,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3853,8 +3653,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3871,8 +3671,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3888,8 +3688,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3905,8 +3705,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3922,8 +3722,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3940,8 +3740,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3957,8 +3757,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3974,8 +3774,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -3991,8 +3791,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4009,8 +3809,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4026,8 +3826,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4043,8 +3843,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4060,8 +3860,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4078,8 +3878,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4095,8 +3895,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4112,8 +3912,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4129,8 +3929,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4147,8 +3947,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4164,8 +3964,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4181,8 +3981,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4198,8 +3998,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4216,8 +4016,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4233,8 +4033,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4250,8 +4050,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4267,8 +4067,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4285,8 +4085,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4302,8 +4102,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4319,8 +4119,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4336,8 +4136,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4354,8 +4154,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4371,8 +4171,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4388,8 +4188,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4405,8 +4205,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4423,8 +4223,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4440,8 +4240,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4457,8 +4257,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4474,8 +4274,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4492,8 +4292,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4509,8 +4309,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4526,8 +4326,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4543,8 +4343,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4561,8 +4361,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4578,8 +4378,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4595,8 +4395,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4612,8 +4412,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4630,8 +4430,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4647,8 +4447,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4664,8 +4464,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4681,8 +4481,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4699,8 +4499,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4716,8 +4516,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4733,8 +4533,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4750,8 +4550,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4768,8 +4568,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4785,8 +4585,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4802,8 +4602,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4819,8 +4619,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4837,8 +4637,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4854,8 +4654,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4871,8 +4671,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4888,8 +4688,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4906,8 +4706,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4923,8 +4723,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4940,8 +4740,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4957,8 +4757,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4975,8 +4775,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -4992,8 +4792,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5009,8 +4809,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5026,8 +4826,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5044,8 +4844,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5061,8 +4861,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5078,8 +4878,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5095,8 +4895,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5113,8 +4913,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5130,8 +4930,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5147,8 +4947,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5164,8 +4964,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5182,8 +4982,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5199,8 +4999,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5216,8 +5016,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5233,8 +5033,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5251,8 +5051,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5268,8 +5068,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5285,8 +5085,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5302,8 +5102,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5320,8 +5120,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5337,8 +5137,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5354,8 +5154,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5371,8 +5171,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5389,8 +5189,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -5409,7 +5209,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5428,7 +5228,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5447,7 +5247,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5467,7 +5267,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5486,7 +5286,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5505,7 +5305,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5524,7 +5324,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5544,7 +5344,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5563,7 +5363,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5582,7 +5382,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5601,7 +5401,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5621,7 +5421,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5640,7 +5440,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5659,7 +5459,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5678,7 +5478,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5698,7 +5498,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5717,7 +5517,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5736,7 +5536,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5755,7 +5555,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5775,7 +5575,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5794,7 +5594,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5813,7 +5613,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5832,7 +5632,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5852,7 +5652,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5871,7 +5671,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5890,7 +5690,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5909,7 +5709,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5929,7 +5729,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5948,7 +5748,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5967,7 +5767,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -5986,7 +5786,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6006,7 +5806,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6025,7 +5825,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6044,7 +5844,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6063,7 +5863,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6083,7 +5883,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6102,7 +5902,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6121,7 +5921,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6140,7 +5940,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6160,7 +5960,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6179,7 +5979,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6198,7 +5998,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6217,7 +6017,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6237,7 +6037,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6256,7 +6056,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6275,7 +6075,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6294,7 +6094,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6314,7 +6114,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6333,7 +6133,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6352,7 +6152,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6371,7 +6171,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6391,7 +6191,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6410,7 +6210,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6429,7 +6229,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6448,7 +6248,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6468,7 +6268,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6487,7 +6287,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6506,7 +6306,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6525,7 +6325,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6545,7 +6345,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6564,7 +6364,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6583,7 +6383,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6602,7 +6402,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6622,7 +6422,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6641,7 +6441,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6660,7 +6460,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6679,7 +6479,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6699,7 +6499,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6718,7 +6518,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6737,7 +6537,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6756,7 +6556,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6776,7 +6576,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6795,7 +6595,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6814,7 +6614,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6833,7 +6633,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6853,7 +6653,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6872,7 +6672,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6891,7 +6691,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6910,7 +6710,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6930,7 +6730,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6949,7 +6749,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6968,7 +6768,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -6987,7 +6787,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7007,7 +6807,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7026,7 +6826,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7045,7 +6845,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7064,7 +6864,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7084,7 +6884,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7103,7 +6903,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7122,7 +6922,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7141,7 +6941,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7161,7 +6961,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7180,7 +6980,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7199,7 +6999,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7218,7 +7018,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7238,7 +7038,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7257,7 +7057,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7276,7 +7076,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7295,7 +7095,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7315,7 +7115,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -7334,8 +7134,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7358,8 +7158,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7382,8 +7182,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7408,8 +7208,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7432,8 +7232,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7456,8 +7256,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7480,8 +7280,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7506,8 +7306,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7530,8 +7330,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7554,8 +7354,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7578,8 +7378,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7604,8 +7404,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7628,8 +7428,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7652,8 +7452,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7676,8 +7476,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7702,8 +7502,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7726,8 +7526,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7750,8 +7550,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7774,8 +7574,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7800,8 +7600,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ @@ -7824,8 +7624,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -7848,8 +7648,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -7872,8 +7672,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -7898,8 +7698,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -7922,8 +7722,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -7946,8 +7746,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -7970,8 +7770,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -7996,8 +7796,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8020,8 +7820,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8044,8 +7844,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8068,8 +7868,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8094,8 +7894,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8118,8 +7918,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8142,8 +7942,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8166,8 +7966,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8192,8 +7992,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8216,8 +8016,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8240,8 +8040,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8264,8 +8064,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8290,8 +8090,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ @@ -8314,8 +8114,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8338,8 +8138,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8362,8 +8162,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8388,8 +8188,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8412,8 +8212,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8436,8 +8236,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8460,8 +8260,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8486,8 +8286,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8510,8 +8310,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8534,8 +8334,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8558,8 +8358,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8584,8 +8384,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8608,8 +8408,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8632,8 +8432,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8656,8 +8456,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8682,8 +8482,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8706,8 +8506,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8730,8 +8530,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8754,8 +8554,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8780,8 +8580,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ @@ -8804,8 +8604,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -8828,8 +8628,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -8852,8 +8652,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -8878,8 +8678,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -8902,8 +8702,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -8926,8 +8726,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -8950,8 +8750,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -8976,8 +8776,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9000,8 +8800,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9024,8 +8824,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9048,8 +8848,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9074,8 +8874,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9098,8 +8898,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9122,8 +8922,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9146,8 +8946,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9172,8 +8972,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9196,8 +8996,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9220,8 +9020,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9244,8 +9044,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9270,8 +9070,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ @@ -9294,8 +9094,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9318,8 +9118,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9342,8 +9142,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9368,8 +9168,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9392,8 +9192,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9416,8 +9216,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9440,8 +9240,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9466,8 +9266,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9490,8 +9290,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9514,8 +9314,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9538,8 +9338,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9564,8 +9364,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9588,8 +9388,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9612,8 +9412,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9636,8 +9436,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9662,8 +9462,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9686,8 +9486,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9710,8 +9510,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9734,8 +9534,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9760,8 +9560,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \ + "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ @@ -9781,13 +9581,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9796,13 +9595,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9811,13 +9609,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9826,13 +9623,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9841,13 +9637,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9856,13 +9651,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9871,13 +9665,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9886,13 +9679,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9901,13 +9693,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9916,13 +9707,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9931,13 +9721,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9946,13 +9735,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9961,13 +9749,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9976,13 +9763,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -9991,13 +9777,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10006,13 +9791,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR x25519 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10021,13 +9805,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10036,13 +9819,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10051,13 +9833,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10066,13 +9847,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 run_test "TLS 1.3 O->m: HRR x448 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -s "HTTP/1.0 200 OK" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10083,13 +9863,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10100,13 +9879,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10117,13 +9895,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10134,13 +9911,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10151,13 +9927,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10168,13 +9943,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10185,13 +9959,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10202,13 +9975,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10219,13 +9991,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10236,13 +10007,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10253,13 +10023,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: x25519" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10270,13 +10039,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10287,13 +10055,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10304,13 +10071,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10321,13 +10087,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10338,13 +10103,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR x25519 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: x448" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10355,13 +10119,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp256r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10372,13 +10135,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp384r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10389,13 +10151,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: secp521r1" requires_config_enabled MBEDTLS_SSL_SRV_C @@ -10406,13 +10167,12 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat run_test "TLS 1.3 G->m: HRR x448 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ -s "Verifying peer X.509 certificate... ok" \ - -c "HTTP/1.0 200 OK" \ -s "HRR selected_group: x25519" requires_openssl_tls1_3 @@ -10421,8 +10181,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10438,8 +10198,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10455,8 +10215,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10472,8 +10232,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10489,8 +10249,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10506,8 +10266,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10523,8 +10283,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10540,8 +10300,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10557,8 +10317,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10574,8 +10334,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10591,8 +10351,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10608,8 +10368,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10625,8 +10385,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10642,8 +10402,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10659,8 +10419,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10676,8 +10436,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x25519 -> x448" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10693,8 +10453,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10710,8 +10470,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10727,8 +10487,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10744,8 +10504,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->O: HRR x448 -> x25519" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 ok" \ -c "Protocol is TLSv1.3" \ @@ -10764,7 +10524,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10783,7 +10543,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10802,7 +10562,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10821,7 +10581,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10840,7 +10600,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10859,7 +10619,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10878,7 +10638,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10897,7 +10657,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10916,7 +10676,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10935,7 +10695,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10954,7 +10714,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10973,7 +10733,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -10992,7 +10752,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -11011,7 +10771,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -11030,7 +10790,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -11049,7 +10809,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x25519 -> x448" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -11068,7 +10828,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -11087,7 +10847,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -11106,7 +10866,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -11125,7 +10885,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->G: HRR x448 -> x25519" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519 force_version=tls13" \ 0 \ -c "HTTP/1.0 200 OK" \ -c "Protocol is TLSv1.3" \ @@ -11144,8 +10904,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ @@ -11167,8 +10927,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ @@ -11190,8 +10950,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ @@ -11213,8 +10973,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ @@ -11236,8 +10996,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ @@ -11259,8 +11019,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ @@ -11282,8 +11042,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ @@ -11305,8 +11065,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ @@ -11328,8 +11088,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ @@ -11351,8 +11111,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ @@ -11374,8 +11134,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ @@ -11397,8 +11157,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ @@ -11420,8 +11180,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ @@ -11443,8 +11203,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ @@ -11466,8 +11226,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ @@ -11489,8 +11249,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x25519 -> x448" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x448(001e)" \ @@ -11512,8 +11272,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp256r1(0017)" \ @@ -11535,8 +11295,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp384r1(0018)" \ @@ -11558,8 +11318,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: secp521r1(0019)" \ @@ -11581,8 +11341,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3 m->m: HRR x448 -> x25519" \ - "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ + "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ + "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519 force_version=tls13" \ 0 \ -s "Protocol is TLSv1.3" \ -s "got named group: x25519(001d)" \ diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index c3bfe1b4d..7819a8766 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -24,7 +24,6 @@ Generate TLSv1.3 Compat test cases import sys import os -import abc import argparse import itertools from collections import namedtuple @@ -71,10 +70,11 @@ NAMED_GROUP_IANA_VALUE = { } -class TLSProgram(metaclass=abc.ABCMeta): +class TLSProgram: """ Base class for generate server/client command. """ + # pylint: disable=too-many-arguments def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None, cert_sig_alg=None, compat_mode=True): @@ -112,24 +112,25 @@ class TLSProgram(metaclass=abc.ABCMeta): self._cert_sig_algs.extend( [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._cert_sig_algs]) - @abc.abstractmethod + # pylint: disable=no-self-use def pre_checks(self): return [] - @abc.abstractmethod + # pylint: disable=no-self-use def cmd(self): if not self._cert_sig_algs: self._cert_sig_algs = list(CERTIFICATES.keys()) + return self.pre_cmd() - @abc.abstractmethod + # pylint: disable=no-self-use def post_checks(self): return [] - @abc.abstractmethod + # pylint: disable=no-self-use def pre_cmd(self): - return [] + return ['false'] - @abc.abstractmethod + # pylint: disable=unused-argument,no-self-use def hrr_post_checks(self, named_group): return [] @@ -148,10 +149,7 @@ class OpenSSLBase(TLSProgram): } def cmd(self): - super().cmd() - ret = [] - for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): - ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)] + ret = super().cmd() if self._ciphers: ciphersuites = ':'.join(self._ciphers) @@ -177,15 +175,6 @@ class OpenSSLBase(TLSProgram): def pre_checks(self): return ["requires_openssl_tls1_3"] - def post_checks(self): - return [] - - def pre_cmd(self): - return [] - - def hrr_post_checks(self, named_group): - return [] - class OpenSSLServ(OpenSSLBase): """ @@ -193,18 +182,28 @@ class OpenSSLServ(OpenSSLBase): """ def cmd(self): - ret = self.pre_cmd() + super().cmd() - ret += ['-accept $SRV_PORT'] - + ret = super().cmd() ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache'] - - return ' '.join(ret) + return ret def post_checks(self): return ['-c "HTTP/1.0 200 ok"'] def pre_cmd(self): - return ['$O_NEXT_SRV_NO_CERT'] + ret = ['$O_NEXT_SRV_NO_CERT'] + for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): + ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)] + return ret + + +class OpenSSLCli(OpenSSLBase): + """ + Generate test commands for OpenSSL client. + """ + + def pre_cmd(self): + return ['$O_NEXT_CLI_NO_CERT', + '-CAfile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] class GnuTLSBase(TLSProgram): @@ -253,22 +252,8 @@ class GnuTLSBase(TLSProgram): "requires_gnutls_next_no_ticket", "requires_gnutls_next_disable_tls13_compat", ] - def post_checks(self): - return ['-c "HTTP/1.0 200 OK"'] - - def hrr_post_checks(self, named_group): - return [] - - def pre_cmd(self): - return [] - def cmd(self): - super().cmd() - ret = [] - - for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): - ret += ['--x509certfile {cert} --x509keyfile {key}'.format( - cert=cert, key=key)] + ret = super().cmd() priority_string_list = [] @@ -316,14 +301,26 @@ class GnuTLSServ(GnuTLSBase): Generate test commands for GnuTLS server. """ - def cmd(self): - ret = self.pre_cmd() + super().cmd() + def pre_cmd(self): + ret = ['$G_NEXT_SRV_NO_CERT', '--http', '--disable-client-cert', '--debug=4'] - ret = ' '.join(ret) + for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): + ret += ['--x509certfile {cert} --x509keyfile {key}'.format( + cert=cert, key=key)] return ret + def post_checks(self): + return ['-c "HTTP/1.0 200 OK"'] + + +class GnuTLSCli(GnuTLSBase): + """ + Generate test commands for GnuTLS client. + """ + def pre_cmd(self): - return ['$G_NEXT_SRV_NO_CERT'] + ['--http', '--disable-client-cert', '--debug=4'] + return ['$G_NEXT_CLI_NO_CERT', '--debug=4', '--single-key-share', + '--x509cafile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] class MbedTLSBase(TLSProgram): @@ -339,10 +336,9 @@ class MbedTLSBase(TLSProgram): 'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'} def cmd(self): - super().cmd() - ret = ['server_addr=127.0.0.1', 'server_port=$SRV_PORT', 'debug_level=4'] - ret += ['ca_file={cafile}'.format( - cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] + ret = super().cmd() + ret += ['debug_level=4'] + if self._ciphers: ciphers = ','.join( @@ -356,7 +352,7 @@ class MbedTLSBase(TLSProgram): if self._named_groups: named_groups = ','.join(self._named_groups) ret += ["curves={named_groups}".format(named_groups=named_groups)] - + ret += ['force_version=tls13'] return ret def pre_checks(self): @@ -371,15 +367,6 @@ class MbedTLSBase(TLSProgram): 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') return ret - def post_checks(self): - return [] - - def pre_cmd(self): - return [] - - def hrr_post_checks(self, named_group): - return [] - class MbedTLSServ(MbedTLSBase): """ @@ -387,13 +374,8 @@ class MbedTLSServ(MbedTLSBase): """ def cmd(self): - ret = self.pre_cmd() + super().cmd() - ret += ['force_version=tls13'] - for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): - ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)] - + ret = super().cmd() ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0'] - ret = ' '.join(ret) return ret def pre_checks(self): @@ -420,64 +402,23 @@ class MbedTLSServ(MbedTLSBase): return ['-s "{}"'.format(i) for i in check_strings] def pre_cmd(self): - return ['$P_SRV_NO_CERT'] + ret = ['$P_SRV'] + for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): + ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)] + return ret def hrr_post_checks(self, named_group): return ['-s "HRR selected_group: {:s}"'.format(named_group)] -class OpenSSLCli(OpenSSLBase): - """ - Generate test commands for OpenSSL client. - """ - - def cmd(self): - ret = self.pre_cmd() + super().cmd() - - ret += ['-CAfile {cafile}'.format( - cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] - - return ' '.join(ret) - - def post_checks(self): - return ['-s "HTTP/1.0 200 OK"'] - - def pre_cmd(self): - return ['$O_NEXT_CLI_NO_CERT'] - - -class GnuTLSCli(GnuTLSBase): - """ - Generate test commands for GnuTLS client. - """ - - def cmd(self): - ret = self.pre_cmd() + super().cmd() - ret += ['--x509cafile {cafile}'.format( - cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] - - ret = ' '.join(ret) - return ret - - def pre_cmd(self): - ret = ['$G_NEXT_CLI_NO_CERT'] - ret += ['--debug=4', 'localhost', '-p $SRV_PORT', '--single-key-share'] - return ret - - class MbedTLSCli(MbedTLSBase): """ Generate test commands for mbedTLS client. """ - def cmd(self): - ret = self.pre_cmd() + super().cmd() - - ret = ' '.join(ret) - return ret - def pre_cmd(self): - return ['$P_CLI'] + return ['$P_CLI', + 'ca_file={cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] def pre_checks(self): return ['requires_config_enabled MBEDTLS_SSL_CLI_C'] + super().pre_checks() @@ -528,8 +469,10 @@ def generate_compat_test(client=None, server=None, cipher=None, named_group=None signature_algorithm=sig_alg, cert_sig_alg=sig_alg) - cmd = ['run_test "{}"'.format(name), '"{}"'.format( - server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] + cmd = ['run_test "{}"'.format(name), + '"{}"'.format(' '.join(server_object.cmd())), + '"{}"'.format(' '.join(client_object.cmd())), + '0'] cmd += server_object.post_checks() cmd += client_object.post_checks() cmd += ['-C "received HelloRetryRequest message"'] @@ -554,8 +497,10 @@ def generate_hrr_compat_test(client=None, server=None, cert_sig_alg=cert_sig_alg) client_object.add_named_groups(server_named_group) - cmd = ['run_test "{}"'.format(name), '"{}"'.format( - server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] + cmd = ['run_test "{}"'.format(name), + '"{}"'.format(' '.join(server_object.cmd())), + '"{}"'.format(' '.join(client_object.cmd())), + '0'] cmd += server_object.post_checks() cmd += client_object.post_checks() cmd += server_object.hrr_post_checks(server_named_group) @@ -660,6 +605,7 @@ def main(): SERVER_CLASSES.keys(), NAMED_GROUP_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys()): + if (client == 'mbedTLS' or server == 'mbedTLS') and \ client_named_group != server_named_group: yield generate_hrr_compat_test(client=client, server=server, diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 78bed36f7..3a2acf9f6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1542,7 +1542,6 @@ SRV_DELAY_SECONDS=0 # Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many # machines that will resolve to ::1, and we don't want ipv6 here. P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" -P_SRV_NO_CERT="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT" @@ -1569,7 +1568,7 @@ fi if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" - G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT" + G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost" fi # Allow SHA-1, because many of our test certificates use it