Merge pull request #6482 from ronald-cron-arm/tls13-misc
TLS 1.3: Update documentation for the coming release and misc
This commit is contained in:
commit
04e2133f45
8 changed files with 411 additions and 1116 deletions
9
ChangeLog.d/tls13-misc.txt
Normal file
9
ChangeLog.d/tls13-misc.txt
Normal file
|
@ -0,0 +1,9 @@
|
|||
Features
|
||||
* Mbed TLS supports TLS 1.3 key establishment via pre-shared keys,
|
||||
pre-shared keys provisioned externally or via the ticket mechanism
|
||||
(session resumption).
|
||||
The MBEDTLS_SSL_SESSION_TICKETS configuration option controls the support
|
||||
for the ticket mechanism.
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED configuration options
|
||||
have been introduced to control the support for the three possible
|
||||
TLS 1.3 key exchange modes.
|
|
@ -28,9 +28,12 @@ Support description
|
|||
|
||||
- Mbed TLS does not support DHE key establishment.
|
||||
|
||||
- Mbed TLS does not support pre-shared keys, including any form of
|
||||
session resumption. This implies that it does not support sending early
|
||||
data (0-RTT data).
|
||||
- Mbed TLS supports pre-shared keys for key establishment, pre-shared keys
|
||||
provisioned externally as well as provisioned via the ticket mechanism.
|
||||
|
||||
- Mbed TLS supports session resumption via the ticket mechanism.
|
||||
|
||||
- Mbed TLS does not support sending or receiving early data (0-RTT data).
|
||||
|
||||
- Supported cipher suites: depends on the library configuration. Potentially
|
||||
all of them:
|
||||
|
@ -54,8 +57,8 @@ Support description
|
|||
| server_certificate_type | no |
|
||||
| padding | no |
|
||||
| key_share | YES |
|
||||
| pre_shared_key | no |
|
||||
| psk_key_exchange_modes | no |
|
||||
| pre_shared_key | YES |
|
||||
| psk_key_exchange_modes | YES |
|
||||
| early_data | no |
|
||||
| cookie | no |
|
||||
| supported_versions | YES |
|
||||
|
@ -118,7 +121,7 @@ Support description
|
|||
| MBEDTLS_SSL_RENEGOTIATION | n/a |
|
||||
| MBEDTLS_SSL_MAX_FRAGMENT_LENGTH | no |
|
||||
| | |
|
||||
| MBEDTLS_SSL_SESSION_TICKETS | no |
|
||||
| MBEDTLS_SSL_SESSION_TICKETS | yes |
|
||||
| MBEDTLS_SSL_SERVER_NAME_INDICATION | yes |
|
||||
| MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH | no |
|
||||
| | |
|
||||
|
@ -175,8 +178,7 @@ Prototype upstreaming status
|
|||
|
||||
The following parts of the TLS 1.3 prototype remain to be upstreamed:
|
||||
|
||||
- Pre-shared keys, session resumption and 0-RTT data (both client and server
|
||||
side).
|
||||
- Sending (client) and receiving (server) early data (0-RTT data).
|
||||
|
||||
- New TLS Message Processing Stack (MPS)
|
||||
|
||||
|
|
|
@ -648,14 +648,6 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
p += 5;
|
||||
|
||||
if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
|
||||
{
|
||||
*p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
|
||||
ke_modes_len++;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
|
||||
}
|
||||
|
||||
if( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) )
|
||||
{
|
||||
*p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE;
|
||||
|
@ -664,6 +656,14 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding PSK-ECDHE key exchange mode" ) );
|
||||
}
|
||||
|
||||
if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
|
||||
{
|
||||
*p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
|
||||
ke_modes_len++;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
|
||||
}
|
||||
|
||||
/* Now write the extension and ke_modes length */
|
||||
MBEDTLS_PUT_UINT16_BE( ke_modes_len + 1, buf, 2 );
|
||||
buf[4] = ke_modes_len;
|
||||
|
|
|
@ -2431,7 +2431,10 @@ static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
|
|||
authmode = ssl->conf->authmode;
|
||||
|
||||
if( authmode == MBEDTLS_SSL_VERIFY_NONE )
|
||||
{
|
||||
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
|
||||
return( SSL_CERTIFICATE_REQUEST_SKIP );
|
||||
}
|
||||
|
||||
ssl->handshake->certificate_request_sent = 1;
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -3161,7 +3161,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
|
|||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||
run_test "TLS 1.3: m->G: psk/all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
||||
0 \
|
||||
-c "=> write client hello" \
|
||||
|
@ -3181,7 +3181,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
|
|||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||
run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
|
||||
1 \
|
||||
-c "=> write client hello" \
|
||||
|
@ -3202,7 +3202,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
|||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: m->G: psk_all/all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
||||
0 \
|
||||
-c "=> write client hello" \
|
||||
|
@ -3212,7 +3212,7 @@ run_test "TLS 1.3: m->G: psk_all/all, good" \
|
|||
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
||||
-s "Parsing extension 'Pre Shared Key/41'" \
|
||||
-c "<= write client hello" \
|
||||
-c "Selected key exchange mode: psk$" \
|
||||
-c "Selected key exchange mode: psk_ephemeral" \
|
||||
-c "HTTP/1.0 200 OK"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
@ -3222,10 +3222,10 @@ requires_config_enabled MBEDTLS_DEBUG_C
|
|||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: m->G: psk_all/ephemeral_all, fail - no fallback" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
|
||||
1 \
|
||||
0 \
|
||||
-c "=> write client hello" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
|
@ -3233,7 +3233,8 @@ run_test "TLS 1.3: m->G: psk_all/ephemeral_all, fail - no fallback" \
|
|||
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
||||
-s "Parsing extension 'Pre Shared Key/41'" \
|
||||
-c "<= write client hello" \
|
||||
-c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
|
||||
-c "Selected key exchange mode: psk_ephemeral" \
|
||||
-c "HTTP/1.0 200 OK"
|
||||
|
||||
#GNUTLS-SERVER psk_ephemeral mode
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
@ -3243,7 +3244,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
|
|||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
||||
0 \
|
||||
-c "=> write client hello" \
|
||||
|
@ -3263,7 +3264,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
|
|||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
|
||||
0 \
|
||||
-c "=> write client hello" \
|
||||
|
@ -3284,7 +3285,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
|
|||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: m->G: ephemeral/all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
||||
0 \
|
||||
-c "Selected key exchange mode: ephemeral" \
|
||||
|
@ -3297,7 +3298,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
|
|||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
|
||||
0 \
|
||||
-c "Selected key exchange mode: ephemeral" \
|
||||
|
@ -3312,7 +3313,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
|||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: m->G: ephemeral_all/all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
||||
0 \
|
||||
-c "=> write client hello" \
|
||||
|
@ -3333,7 +3334,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
|||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
|
||||
0 \
|
||||
-c "=> write client hello" \
|
||||
|
@ -3356,7 +3357,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: m->G: all/all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
||||
0 \
|
||||
-c "=> write client hello" \
|
||||
|
@ -3366,7 +3367,7 @@ run_test "TLS 1.3: m->G: all/all, good" \
|
|||
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
||||
-s "Parsing extension 'Pre Shared Key/41'" \
|
||||
-c "<= write client hello" \
|
||||
-c "Selected key exchange mode: psk$" \
|
||||
-c "Selected key exchange mode: psk_ephemeral" \
|
||||
-c "HTTP/1.0 200 OK"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
@ -3378,7 +3379,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: m->G: all/ephemeral_all, good" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
|
||||
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
|
||||
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
|
||||
0 \
|
||||
-c "=> write client hello" \
|
||||
|
@ -3388,5 +3389,5 @@ run_test "TLS 1.3: m->G: all/ephemeral_all, good" \
|
|||
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
|
||||
-s "Parsing extension 'Pre Shared Key/41'" \
|
||||
-c "<= write client hello" \
|
||||
-c "Selected key exchange mode: ephemeral" \
|
||||
-c "Selected key exchange mode: psk_ephemeral" \
|
||||
-c "HTTP/1.0 200 OK"
|
||||
|
|
|
@ -398,7 +398,7 @@ class MbedTLSServ(MbedTLSBase):
|
|||
named_group=named_group,
|
||||
iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
|
||||
|
||||
check_strings.append("Verifying peer X.509 certificate... ok")
|
||||
check_strings.append("Certificate verification was skipped")
|
||||
return ['-s "{}"'.format(i) for i in check_strings]
|
||||
|
||||
def pre_cmd(self):
|
||||
|
|
|
@ -12882,7 +12882,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
|||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
|
||||
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \
|
||||
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
|
||||
"$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
|
||||
0 \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
|
|
Loading…
Reference in a new issue