From dda036d8e0450a4a2ba67d1ebe7001271cc3c982 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 30 Nov 2021 11:19:41 +0800 Subject: [PATCH] rename ecdsa_secp*sha* to ecdsa_secp* Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 49 +- tests/data_files/ecdsa_secp256r1.crt | 10 + ...cp256r1_sha256.key => ecdsa_secp256r1.key} | 0 tests/data_files/ecdsa_secp256r1_sha256.crt | 10 - tests/data_files/ecdsa_secp384r1.crt | 11 + ...cp384r1_sha384.key => ecdsa_secp384r1.key} | 0 tests/data_files/ecdsa_secp384r1_sha384.crt | 11 - tests/data_files/ecdsa_secp521r1.crt | 12 + ...cp521r1_sha512.key => ecdsa_secp521r1.key} | 0 tests/data_files/ecdsa_secp521r1_sha512.crt | 12 - tests/opt-testcases/tls13-compat.sh | 951 +++++++++++------- tests/scripts/generate_tls13_compat_tests.py | 23 +- 12 files changed, 647 insertions(+), 442 deletions(-) create mode 100644 tests/data_files/ecdsa_secp256r1.crt rename tests/data_files/{ecdsa_secp256r1_sha256.key => ecdsa_secp256r1.key} (100%) delete mode 100644 tests/data_files/ecdsa_secp256r1_sha256.crt create mode 100644 tests/data_files/ecdsa_secp384r1.crt rename tests/data_files/{ecdsa_secp384r1_sha384.key => ecdsa_secp384r1.key} (100%) delete mode 100644 tests/data_files/ecdsa_secp384r1_sha384.crt create mode 100644 tests/data_files/ecdsa_secp521r1.crt rename tests/data_files/{ecdsa_secp521r1_sha512.key => ecdsa_secp521r1.key} (100%) delete mode 100644 tests/data_files/ecdsa_secp521r1_sha512.crt diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 8694dba7a..0af27fe5b 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1088,41 +1088,42 @@ cert_md5.crt: cert_md5.csr all_final += cert_md5.crt # TLSv1.3 test certificates -ecdsa_secp256r1_sha256.key: ec_256_prv.pem +ecdsa_secp256r1.key: ec_256_prv.pem ln -s $< $@ -ecdsa_secp256r1_sha256.csr: ecdsa_secp256r1_sha256.key - $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ - -key $< -out $@ -all_intermediate += ecdsa_secp256r1_sha256.csr -ecdsa_secp256r1_sha256.crt: ecdsa_secp256r1_sha256.csr - $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ - -set_serial 77 -days 3653 -sha256 -in $< -out $@ -all_final += ecdsa_secp256r1_sha256.crt ecdsa_secp256r1_sha256.key -tls13_certs: ecdsa_secp256r1_sha256.crt ecdsa_secp256r1_sha256.key -ecdsa_secp384r1_sha384.key: ec_384_prv.pem - ln -s $< $@ -ecdsa_secp384r1_sha384.csr: ecdsa_secp384r1_sha384.key +ecdsa_secp256r1.csr: ecdsa_secp256r1.key $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ -key $< -out $@ -all_intermediate += ecdsa_secp384r1_sha384.csr -ecdsa_secp384r1_sha384.crt: ecdsa_secp384r1_sha384.csr +all_intermediate += ecdsa_secp256r1.csr +ecdsa_secp256r1.crt: ecdsa_secp256r1.csr $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ -set_serial 77 -days 3653 -sha384 -in $< -out $@ -all_final += ecdsa_secp384r1_sha384.crt ecdsa_secp384r1_sha384.key -tls13_certs: ecdsa_secp384r1_sha384.crt ecdsa_secp384r1_sha384.key +all_final += ecdsa_secp256r1.crt ecdsa_secp256r1.key +tls13_certs: ecdsa_secp256r1.crt ecdsa_secp256r1.key -ecdsa_secp521r1_sha512.key: ec_521_prv.pem +ecdsa_secp384r1.key: ec_384_prv.pem ln -s $< $@ -ecdsa_secp521r1_sha512.csr: ecdsa_secp521r1_sha512.key +ecdsa_secp384r1.csr: ecdsa_secp384r1.key $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ -key $< -out $@ -all_intermediate += ecdsa_secp521r1_sha512.csr -ecdsa_secp521r1_sha512.crt: ecdsa_secp521r1_sha512.csr +all_intermediate += ecdsa_secp384r1.csr +ecdsa_secp384r1.crt: ecdsa_secp384r1.csr $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ - -set_serial 77 -days 3653 -sha512 -in $< -out $@ -all_final += ecdsa_secp521r1_sha512.crt ecdsa_secp521r1_sha512.key -tls13_certs: ecdsa_secp521r1_sha512.crt ecdsa_secp521r1_sha512.key + -set_serial 77 -days 3653 -sha384 -in $< -out $@ +all_final += ecdsa_secp384r1.crt ecdsa_secp384r1.key +tls13_certs: ecdsa_secp384r1.crt ecdsa_secp384r1.key + +ecdsa_secp521r1.key: ec_521_prv.pem + ln -s $< $@ +ecdsa_secp521r1.csr: ecdsa_secp521r1.key + $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ + -key $< -out $@ +all_intermediate += ecdsa_secp521r1.csr +ecdsa_secp521r1.crt: ecdsa_secp521r1.csr + $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ + -set_serial 77 -days 3653 -sha384 -in $< -out $@ +all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key +tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key ################################################################ #### Diffie-Hellman parameters diff --git a/tests/data_files/ecdsa_secp256r1.crt b/tests/data_files/ecdsa_secp256r1.crt new file mode 100644 index 000000000..634d24c55 --- /dev/null +++ b/tests/data_files/ecdsa_secp256r1.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBejCCAQACAU0wCgYIKoZIzj0EAwMwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoM +CFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBMB4XDTIxMTEz +MDAzMDgwMVoXDTMxMTIwMTAzMDgwMVowNDELMAkGA1UEBhMCTkwxETAPBgNVBAoM +CFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjO +PQMBBwNCAAR3cmVvgUs5knnV4fF4H6xvCZo8XKGw41NRg0sItl4LVyWQza+PdpNh +vPNKz8EeXgdOhCa93gS+bmU5RUSWF95FMAoGCCqGSM49BAMDA2gAMGUCMA06tTwD +M1t8Chka41h1JKu4d0RsGk0MoinT9MxTAE/61ScZh5lKspOKrcavJ0maUQIxAIuj +rarmd8+OyftTRp6Wpwwfpskdb7nm44YX6eZu/Odjfq/RAdhIcn4P9QXtOgVrbw== +-----END CERTIFICATE----- diff --git a/tests/data_files/ecdsa_secp256r1_sha256.key b/tests/data_files/ecdsa_secp256r1.key similarity index 100% rename from tests/data_files/ecdsa_secp256r1_sha256.key rename to tests/data_files/ecdsa_secp256r1.key diff --git a/tests/data_files/ecdsa_secp256r1_sha256.crt b/tests/data_files/ecdsa_secp256r1_sha256.crt deleted file mode 100644 index e7e46c6de..000000000 --- a/tests/data_files/ecdsa_secp256r1_sha256.crt +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBejCCAQACAU0wCgYIKoZIzj0EAwIwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoM -CFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBMB4XDTIxMTEy -MjAzMTQyOVoXDTMxMTEyMzAzMTQyOVowNDELMAkGA1UEBhMCTkwxETAPBgNVBAoM -CFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjO -PQMBBwNCAAR3cmVvgUs5knnV4fF4H6xvCZo8XKGw41NRg0sItl4LVyWQza+PdpNh -vPNKz8EeXgdOhCa93gS+bmU5RUSWF95FMAoGCCqGSM49BAMCA2gAMGUCMQC2n8wV -FGkDUu0O1sUmTfZ9hxj9YxmddY3xStnicIVxIwRtGh1ZEinAUlAUFOVSKvcCMEGb -e9ap8blL/MIPywf6vr4WWo0GnTgD0XPwgVu8QrXwaHzhgF+x4S+qm3XLosgCjA== ------END CERTIFICATE----- diff --git a/tests/data_files/ecdsa_secp384r1.crt b/tests/data_files/ecdsa_secp384r1.crt new file mode 100644 index 000000000..ff986a7d9 --- /dev/null +++ b/tests/data_files/ecdsa_secp384r1.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBlzCCAR0CAU0wCgYIKoZIzj0EAwMwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoM +CFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBMB4XDTIxMTEz +MDAzMDgwMVoXDTMxMTIwMTAzMDgwMVowNDELMAkGA1UEBhMCTkwxETAPBgNVBAoM +CFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3QwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATZxmK1C6KcpHmQRQ4EOur08MabFWdtES9iKnHJMFmvmZaRxWgNK0TREVed +sS9KQTou1cRfz7Z7W2PgC5Hr5Z0JprGsLAxCgqoSMX7VkU+Zm8SIuxMug0LMNvLK +XjN5x0cwCgYIKoZIzj0EAwMDaAAwZQIwNypsq0ahwMM7aFSS+RSTloH1D1+gIztz +Yq54Reth6gdh1IO5R5aNZi/YP3uVcI1mAjEAisjjz7vCeKwor+HCq9cBc2rzIlkY +5O6q4SCSgkqiCTnyFIqCassED9NPqho3KYM1 +-----END CERTIFICATE----- diff --git a/tests/data_files/ecdsa_secp384r1_sha384.key b/tests/data_files/ecdsa_secp384r1.key similarity index 100% rename from tests/data_files/ecdsa_secp384r1_sha384.key rename to tests/data_files/ecdsa_secp384r1.key diff --git a/tests/data_files/ecdsa_secp384r1_sha384.crt b/tests/data_files/ecdsa_secp384r1_sha384.crt deleted file mode 100644 index f118d93a1..000000000 --- a/tests/data_files/ecdsa_secp384r1_sha384.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBljCCAR0CAU0wCgYIKoZIzj0EAwMwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoM -CFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBMB4XDTIxMTEy -MjAzMTQyOVoXDTMxMTEyMzAzMTQyOVowNDELMAkGA1UEBhMCTkwxETAPBgNVBAoM -CFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3QwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAATZxmK1C6KcpHmQRQ4EOur08MabFWdtES9iKnHJMFmvmZaRxWgNK0TREVed -sS9KQTou1cRfz7Z7W2PgC5Hr5Z0JprGsLAxCgqoSMX7VkU+Zm8SIuxMug0LMNvLK -XjN5x0cwCgYIKoZIzj0EAwMDZwAwZAIwXT9d8T51CEKEEmAoIM+C5hpUR2wZA0h4 -MhEBNztbMPZbmCDsYCMCSfPX8WZd0j0GAjAIc8t/78oYiB/JerLS6tft4QVi+x0x -DeTGA3ubd7Jv4f8slit7DCGwjcvj1Gst8uE= ------END CERTIFICATE----- diff --git a/tests/data_files/ecdsa_secp521r1.crt b/tests/data_files/ecdsa_secp521r1.crt new file mode 100644 index 000000000..a08850cba --- /dev/null +++ b/tests/data_files/ecdsa_secp521r1.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvjCCAUMCAU0wCgYIKoZIzj0EAwMwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoM +CFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBMB4XDTIxMTEz +MDAzMDgwMVoXDTMxMTIwMTAzMDgwMVowNDELMAkGA1UEBhMCTkwxETAPBgNVBAoM +CFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3QwgZswEAYHKoZIzj0CAQYFK4EE +ACMDgYYABAAd4ULVT2nrA47kt6+dPKB3Nv2c9xnrNU1ph57n88E2+w+/nwj4a+X6 +Eo7BoFHT5sZD6Fraj/rPNmPCYL0shEtvVgDO6OSKnmXQnK3YnyNd7gXzuKZGvnFf +H2fVtDTg/yOh/Afvd0AZPkDu/287zf12WqkVUDNST+TyBfVETiksTC9qwTAKBggq +hkjOPQQDAwNpADBmAjEAlC7039gDSgm9Ba8cCnZLWucXbtCbhRGSvVcoElYke/pu +iwHkD1rVlnUmW3UKG587AjEAkIngapC9Hyc6MePmyafLYoLmbhDJMdR2DM4o+x8e +2ZXUu7uLPTdWBDxmu6plRNis +-----END CERTIFICATE----- diff --git a/tests/data_files/ecdsa_secp521r1_sha512.key b/tests/data_files/ecdsa_secp521r1.key similarity index 100% rename from tests/data_files/ecdsa_secp521r1_sha512.key rename to tests/data_files/ecdsa_secp521r1.key diff --git a/tests/data_files/ecdsa_secp521r1_sha512.crt b/tests/data_files/ecdsa_secp521r1_sha512.crt deleted file mode 100644 index 28b00e6e1..000000000 --- a/tests/data_files/ecdsa_secp521r1_sha512.crt +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBvDCCAUMCAU0wCgYIKoZIzj0EAwQwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoM -CFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBMB4XDTIxMTEy -MjAzMTQyOVoXDTMxMTEyMzAzMTQyOVowNDELMAkGA1UEBhMCTkwxETAPBgNVBAoM -CFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3QwgZswEAYHKoZIzj0CAQYFK4EE -ACMDgYYABAAd4ULVT2nrA47kt6+dPKB3Nv2c9xnrNU1ph57n88E2+w+/nwj4a+X6 -Eo7BoFHT5sZD6Fraj/rPNmPCYL0shEtvVgDO6OSKnmXQnK3YnyNd7gXzuKZGvnFf -H2fVtDTg/yOh/Afvd0AZPkDu/287zf12WqkVUDNST+TyBfVETiksTC9qwTAKBggq -hkjOPQQDBANnADBkAjAxYbmIs+xKIvDgqE7uNOgqfVk4iEF9w5B4DQDXb7kbu4rg -4QvqPhyBhptFiJabe9kCMFF1FKuHSQoMmZ1/yjBZg8r4/P8xKSY8W9ujHdam3jWK -b8Ygw4ENklSl1cuHMLupMw== ------END CERTIFICATE----- diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index b8907dcf2..6982c3cca 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -1,6 +1,6 @@ #!/bin/sh -# tests/opt-testcases/tls13-compat.sh +# tls13-compat.sh # # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 @@ -30,8 +30,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -39,6 +39,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -46,8 +47,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -55,13 +56,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -69,6 +71,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -76,8 +79,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -85,13 +88,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -99,6 +103,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -106,8 +111,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -115,13 +120,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -129,6 +135,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -136,8 +143,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-X25519:+SHA256:+AEAD:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -145,13 +152,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -159,6 +167,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -166,8 +175,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+AES-128-GCM:+GROUP-X448:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -175,13 +184,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -189,6 +199,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -196,8 +207,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-SECP256R1:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -205,13 +216,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -219,6 +231,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -226,8 +239,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -235,13 +248,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -249,6 +263,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -256,8 +271,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -265,13 +280,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -279,6 +295,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -286,8 +303,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-X25519:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -295,13 +312,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -309,6 +327,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -316,8 +335,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-GCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -325,13 +344,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -339,6 +359,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -346,8 +367,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -355,13 +376,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -369,6 +391,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -376,8 +399,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -385,13 +408,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -399,6 +423,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -406,8 +431,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -415,13 +440,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -429,6 +455,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -436,8 +463,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -445,13 +472,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -459,6 +487,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -466,8 +495,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+AES-128-GCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -475,13 +504,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -490,6 +520,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -498,8 +529,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-SECP256R1:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -507,13 +538,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -522,6 +554,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -530,8 +563,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -539,13 +572,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -554,6 +588,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -562,8 +597,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -571,13 +606,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -586,6 +622,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -594,8 +631,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-X25519:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -603,13 +640,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -618,6 +656,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -626,8 +665,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-GCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -635,13 +674,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -649,6 +689,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -656,8 +697,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -665,13 +706,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -679,6 +721,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -686,8 +729,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+GROUP-SECP384R1:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -695,13 +738,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -709,6 +753,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -716,8 +761,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AES-256-GCM:+SHA384:+GROUP-SECP521R1:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -725,13 +770,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -739,6 +785,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -746,8 +793,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-X25519:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -755,13 +802,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -769,6 +817,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -776,8 +825,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+GROUP-X448:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -785,13 +834,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -799,6 +849,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -806,8 +857,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -815,13 +866,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -829,6 +881,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -836,8 +889,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -845,13 +898,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -859,6 +913,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -866,8 +921,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -875,13 +930,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -889,6 +945,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -896,8 +953,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-X25519:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -905,13 +962,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -919,6 +977,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -926,8 +985,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -935,13 +994,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -949,6 +1009,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -956,8 +1017,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -965,13 +1026,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -979,6 +1041,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -986,8 +1049,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+AES-256-GCM:+SHA384:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -995,13 +1058,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1009,6 +1073,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1016,8 +1081,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+AES-256-GCM:+SHA384:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1025,13 +1090,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1039,6 +1105,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1046,8 +1113,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+AES-256-GCM:+SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1055,13 +1122,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1069,6 +1137,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1076,8 +1145,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+AES-256-GCM:+SHA384:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1085,13 +1154,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -1100,6 +1170,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1108,8 +1179,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1117,13 +1188,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -1132,6 +1204,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1140,8 +1213,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1149,13 +1222,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -1164,6 +1238,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1172,8 +1247,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1181,13 +1256,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -1196,6 +1272,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1204,8 +1281,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-X25519:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1213,13 +1290,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -1228,6 +1306,7 @@ run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1236,8 +1315,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1245,13 +1324,14 @@ run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1259,6 +1339,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1266,8 +1347,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-SECP256R1:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1275,13 +1356,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1289,6 +1371,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1296,8 +1379,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-SECP384R1:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1305,13 +1388,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1319,6 +1403,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1326,8 +1411,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+GROUP-SECP521R1:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1335,13 +1420,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1349,6 +1435,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha25 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1356,8 +1443,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-X25519:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1365,13 +1452,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha25 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1379,6 +1467,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1386,8 +1475,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-X448:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1395,13 +1484,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1409,6 +1499,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1416,8 +1507,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-SECP256R1:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1425,13 +1516,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1439,6 +1531,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1446,8 +1539,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1455,13 +1548,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1469,6 +1563,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1476,8 +1571,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1485,13 +1580,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1499,6 +1595,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha38 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1506,8 +1603,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-X25519:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1515,13 +1612,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha38 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1529,6 +1627,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1536,8 +1635,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1545,13 +1644,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1559,6 +1659,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1566,8 +1667,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+CHACHA20-POLY1305:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1575,13 +1676,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1589,6 +1691,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1596,8 +1699,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1605,13 +1708,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1619,6 +1723,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1626,8 +1731,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+CHACHA20-POLY1305:+SHA256:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1635,13 +1740,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sh -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1649,6 +1755,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha51 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1656,8 +1763,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+CHACHA20-POLY1305:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1665,13 +1772,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha51 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1679,6 +1787,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1686,8 +1795,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1695,13 +1804,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -1710,6 +1820,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha25 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1718,8 +1829,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-SECP256R1:+SIGN-RSA-PSS-RSAE-SHA256:+CHACHA20-POLY1305:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1727,13 +1838,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha25 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -1742,6 +1854,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha25 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1750,8 +1863,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1759,13 +1872,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha25 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -1774,6 +1888,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha25 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1782,8 +1897,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+CHACHA20-POLY1305:+SHA256:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1791,13 +1906,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha25 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -1806,6 +1922,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1814,8 +1931,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-X25519:+SIGN-RSA-PSS-RSAE-SHA256:+CHACHA20-POLY1305:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1823,13 +1940,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -1838,6 +1956,7 @@ run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1846,8 +1965,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1855,13 +1974,14 @@ run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1869,6 +1989,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1876,8 +1997,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-CCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1885,13 +2006,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1899,6 +2021,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1906,8 +2029,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1915,13 +2038,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1929,6 +2053,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1936,8 +2061,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1945,13 +2070,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1959,6 +2085,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1966,8 +2093,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-X25519:+SHA256:+AEAD:+AES-128-CCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -1975,13 +2102,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -1989,6 +2117,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -1996,8 +2125,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+AES-128-CCM:+GROUP-X448:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2005,13 +2134,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2019,6 +2149,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2026,8 +2157,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-SECP256R1:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2035,13 +2166,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2049,6 +2181,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2056,8 +2189,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2065,13 +2198,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2079,6 +2213,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2086,8 +2221,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2095,13 +2230,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2109,6 +2245,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2116,8 +2253,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-X25519:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2125,13 +2262,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2139,6 +2277,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2146,8 +2285,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-CCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2155,13 +2294,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2169,6 +2309,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2176,8 +2317,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2185,13 +2326,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2199,6 +2341,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2206,8 +2349,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2215,13 +2358,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2229,6 +2373,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2236,8 +2381,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2245,13 +2390,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2259,6 +2405,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2266,8 +2413,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2275,13 +2422,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2289,6 +2437,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2296,8 +2445,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+AES-128-CCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2305,13 +2454,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -2320,6 +2470,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2328,8 +2479,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-SECP256R1:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2337,13 +2488,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -2352,6 +2504,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2360,8 +2513,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2369,13 +2522,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -2384,6 +2538,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2392,8 +2547,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2401,13 +2556,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -2416,6 +2572,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2424,8 +2581,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-X25519:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2433,13 +2590,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -2448,6 +2606,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2456,8 +2615,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-CCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2465,13 +2624,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2479,6 +2639,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2486,8 +2647,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-CCM-8:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2495,13 +2656,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2509,6 +2671,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2516,8 +2679,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM-8:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2525,13 +2688,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2539,6 +2703,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2546,8 +2711,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM-8:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2555,13 +2720,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2569,6 +2735,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2576,8 +2743,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-X25519:+SHA256:+AEAD:+AES-128-CCM-8:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2585,13 +2752,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2599,6 +2767,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2606,8 +2775,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+GROUP-X448:+AES-128-CCM-8:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2615,13 +2784,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0403 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2629,6 +2799,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2636,8 +2807,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-SECP256R1:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2645,13 +2816,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2659,6 +2831,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2666,8 +2839,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2675,13 +2848,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2689,6 +2863,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2696,8 +2871,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2705,13 +2880,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2719,6 +2895,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2726,8 +2903,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-X25519:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2735,13 +2912,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2749,6 +2927,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2756,8 +2935,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-X448:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2765,13 +2944,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0503 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2779,6 +2959,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2786,8 +2967,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2795,13 +2976,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2809,6 +2991,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2816,8 +2999,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2825,13 +3008,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2839,6 +3023,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2846,8 +3031,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2855,13 +3040,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2869,6 +3055,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2876,8 +3063,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2885,13 +3072,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 ok" \ @@ -2899,6 +3087,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2906,8 +3095,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+GROUP-X448:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2915,13 +3104,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0603 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -2930,6 +3120,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2938,8 +3129,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-SECP256R1:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2947,13 +3138,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -2962,6 +3154,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2970,8 +3163,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -2979,13 +3172,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -2994,6 +3188,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3002,8 +3197,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3011,13 +3206,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -3026,6 +3222,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3034,8 +3231,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-X25519:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -3043,13 +3240,14 @@ run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ +run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \ 0 \ @@ -3058,6 +3256,7 @@ run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ -c "Verifying peer X.509 certificate... ok" + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3066,8 +3265,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+GROUP-X448:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \ 0 \ -c "HTTP/1.0 200 OK" \ diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index b9e09d85c..3d1754642 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -23,6 +23,7 @@ Generate TLSv1.3 Compat test cases """ import sys +import os import abc import argparse import itertools @@ -31,14 +32,14 @@ import itertools CERTIFICATES = { 'ecdsa_secp256r1_sha256': ( - 'data_files/ecdsa_secp256r1_sha256.crt', - 'data_files/ecdsa_secp256r1_sha256.key'), + 'data_files/ecdsa_secp256r1.crt', + 'data_files/ecdsa_secp256r1.key'), 'ecdsa_secp384r1_sha384': ( - 'data_files/ecdsa_secp384r1_sha384.crt', - 'data_files/ecdsa_secp384r1_sha384.key'), + 'data_files/ecdsa_secp384r1.crt', + 'data_files/ecdsa_secp384r1.key'), 'ecdsa_secp521r1_sha512': ( - 'data_files/ecdsa_secp521r1_sha512.crt', - 'data_files/ecdsa_secp521r1_sha512.key'), + 'data_files/ecdsa_secp521r1.crt', + 'data_files/ecdsa_secp521r1.key'), 'rsa_pss_rsae_sha256': ( 'data_files/server2-sha256.crt', 'data_files/server2.key' ) @@ -256,7 +257,7 @@ class GnuTLSServ(TLSProgram): ret += ['--x509certfile {cert} --x509keyfile {key}'.format( cert=cert, key=key)] priority_strings = ':+'.join(['NONE'] + - list(set(self.priority_strings)) + + list(sorted(self.priority_strings)) + ['VERS-TLS1.3']) priority_strings += ':%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE' ret += ['--priority={priority_strings}'.format( @@ -357,7 +358,7 @@ def generate_compat_test(server=None, client=None, cipher=None, # pylint: disab """ Generate test case with `ssl-opt.sh` format. """ - name = 'TLS1.3 {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format( + name = 'TLS 1.3 {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format( client=client, server=server, cipher=cipher, sig_alg=sig_alg, named_group=named_group) server = SERVER_CLS[server](cipher, sig_alg, named_group) client = CLIENT_CLS[client](cipher, sig_alg, named_group) @@ -402,6 +403,9 @@ SSL_OUTPUT_HEADER = '''#!/bin/sh def main(): + """ + Main function of this program + """ parser = argparse.ArgumentParser() parser.add_argument('-o', '--output', nargs='?', @@ -453,8 +457,9 @@ def main(): if args.generate_all_tls13_compat_tests: if args.output: with open(args.output, 'w', encoding="utf-8") as f: - f.write(SSL_OUTPUT_HEADER.format(filename=args.output)) + f.write(SSL_OUTPUT_HEADER.format(filename=os.path.basename(args.output))) f.write('\n\n'.join(get_all_test_cases())) + f.write('\n') else: print('\n'.join(get_all_test_cases())) return 0