Lines Matching +full:- +full:s
3 # tls13-misc.sh
6 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
16 run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
18 …"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECD…
19 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
22 -s "found psk key exchange modes extension" \
23 -s "found pre_shared_key extension" \
24 -s "Found PSK_EPHEMERAL KEX MODE" \
25 -s "Found PSK KEX MODE" \
26 -s "No matched ciphersuite"
35 run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
37 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
38 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
40 -s "found psk key exchange modes extension" \
41 -s "found pre_shared_key extension" \
42 -s "Found PSK_EPHEMERAL KEX MODE" \
43 -s "Found PSK KEX MODE" \
44 -s "No matched ciphersuite"
49 run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
53 -c "Pre-configured PSK number = 2" \
54 -s "sent selected_identity: 0" \
55 -s "key exchange mode: psk_ephemeral" \
56 -S "key exchange mode: psk$" \
57 -S "key exchange mode: ephemeral$" \
58 -S "ticket is not authentic"
63 run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
67 -c "Pre-configured PSK number = 2" \
68 -s "sent selected_identity: 1" \
69 -s "key exchange mode: psk_ephemeral" \
70 -S "key exchange mode: psk$" \
71 -S "key exchange mode: ephemeral$" \
72 -s "ticket is not authentic"
77 run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
79 … "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
80 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
83 -s "found psk key exchange modes extension" \
84 -s "found pre_shared_key extension" \
85 -s "Found PSK_EPHEMERAL KEX MODE" \
86 -S "Found PSK KEX MODE" \
87 -S "key exchange mode: psk$" \
88 -S "key exchange mode: psk_ephemeral" \
89 -S "key exchange mode: ephemeral"
97 run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
99 …"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROU…
100 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
103 -s "found psk key exchange modes extension" \
104 -s "found pre_shared_key extension" \
105 -s "Found PSK_EPHEMERAL KEX MODE" \
106 -s "Found PSK KEX MODE" \
107 -s "key exchange mode: psk$"
115 run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
117 …"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROU…
118 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
121 -s "found psk key exchange modes extension" \
122 -s "found pre_shared_key extension" \
123 -s "Found PSK_EPHEMERAL KEX MODE" \
124 -s "Found PSK KEX MODE" \
125 -s "key exchange mode: psk_ephemeral$"
133 run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
135 …"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROU…
136 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
139 -s "key exchange mode: ephemeral$"
148 run_test "TLS 1.3 m->m: resumption" \
152 -c "Protocol is TLSv1.3" \
153 -c "Saving session for reuse... ok" \
154 -c "Reconnecting with saved session... ok" \
155 -c "HTTP/1.0 200 OK" \
156 -s "Protocol is TLSv1.3" \
157 -s "key exchange mode: psk" \
158 -s "Select PSK ciphersuite"
167 run_test "TLS 1.3 m->m: resumption with servername" \
169 …server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_file…
172 -c "Protocol is TLSv1.3" \
173 -c "Saving session for reuse... ok" \
174 -c "Reconnecting with saved session... ok" \
175 -c "HTTP/1.0 200 OK" \
176 -s "Protocol is TLSv1.3" \
177 -s "key exchange mode: psk" \
178 -s "Select PSK ciphersuite"
187 run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
191 -c "Protocol is TLSv1.3" \
192 -c "Saving session for reuse... ok" \
193 -c "Reconnecting with saved session... ok" \
194 -c "HTTP/1.0 200 OK" \
195 -s "Protocol is TLSv1.3" \
196 -s "key exchange mode: psk" \
197 -s "Select PSK ciphersuite"
206 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
207 run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \
209 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
211 -c "Protocol is TLSv1.3" \
212 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
213 -c "Saving session for reuse... ok" \
214 -c "Reconnecting with saved session... ok" \
215 -c "HTTP/1.0 200 OK" \
216 -s "Protocol is TLSv1.3" \
217 -s "key exchange mode: psk" \
218 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
227 run_test "TLS 1.3 m->m: resumption with early data" \
231 -c "Protocol is TLSv1.3" \
232 -c "Saving session for reuse... ok" \
233 -c "Reconnecting with saved session" \
234 -c "HTTP/1.0 200 OK" \
235 -c "received max_early_data_size" \
236 -c "NewSessionTicket: early_data(42) extension received." \
237 -c "ClientHello: early_data(42) extension exists." \
238 -c "EncryptedExtensions: early_data(42) extension received." \
239 -c "bytes of early data written" \
240 -C "0 bytes of early data written" \
241 -s "Protocol is TLSv1.3" \
242 -s "key exchange mode: psk" \
243 -s "Select PSK ciphersuite" \
244 -s "Sent max_early_data_size" \
245 -s "NewSessionTicket: early_data(42) extension exists." \
246 -s "ClientHello: early_data(42) extension exists." \
247 -s "EncryptedExtensions: early_data(42) extension exists." \
248 -s "early data bytes read"
257 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
258 run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \
260 …"$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconne…
262 -c "Protocol is TLSv1.3" \
263 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
264 -c "Saving session for reuse... ok" \
265 -c "Reconnecting with saved session" \
266 -c "HTTP/1.0 200 OK" \
267 -c "received max_early_data_size" \
268 -c "NewSessionTicket: early_data(42) extension received." \
269 -c "ClientHello: early_data(42) extension exists." \
270 -c "EncryptedExtensions: early_data(42) extension received." \
271 -c "bytes of early data written" \
272 -C "0 bytes of early data written" \
273 -s "Protocol is TLSv1.3" \
274 -s "key exchange mode: psk" \
275 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
276 -s "Sent max_early_data_size" \
277 -s "NewSessionTicket: early_data(42) extension exists." \
278 -s "ClientHello: early_data(42) extension exists." \
279 -s "EncryptedExtensions: early_data(42) extension exists." \
280 -s "early data bytes read"
289 run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
293 -c "Protocol is TLSv1.3" \
294 -c "Saving session for reuse... ok" \
295 -c "Reconnecting with saved session" \
296 -c "HTTP/1.0 200 OK" \
297 -C "received max_early_data_size" \
298 -C "NewSessionTicket: early_data(42) extension received." \
299 -C "ClientHello: early_data(42) extension exists." \
300 -C "EncryptedExtensions: early_data(42) extension received." \
301 -c "0 bytes of early data written" \
302 -s "Protocol is TLSv1.3" \
303 -s "key exchange mode: psk" \
304 -s "Select PSK ciphersuite" \
305 -S "Sent max_early_data_size" \
306 -S "NewSessionTicket: early_data(42) extension exists." \
307 -S "ClientHello: early_data(42) extension exists." \
308 -S "EncryptedExtensions: early_data(42) extension exists." \
309 -S "early data bytes read"
318 run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
322 -c "Protocol is TLSv1.3" \
323 -c "Saving session for reuse... ok" \
324 -c "Reconnecting with saved session" \
325 -c "HTTP/1.0 200 OK" \
326 -C "received max_early_data_size" \
327 -C "NewSessionTicket: early_data(42) extension received." \
328 -C "ClientHello: early_data(42) extension exists." \
329 -C "EncryptedExtensions: early_data(42) extension received." \
330 -c "0 bytes of early data written" \
331 -s "Protocol is TLSv1.3" \
332 -s "key exchange mode: psk" \
333 -s "Select PSK ciphersuite" \
334 -S "Sent max_early_data_size" \
335 -S "NewSessionTicket: early_data(42) extension exists." \
336 -S "ClientHello: early_data(42) extension exists." \
337 -S "EncryptedExtensions: early_data(42) extension exists." \
338 -S "early data bytes read"
347 run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
351 -c "Protocol is TLSv1.3" \
352 -c "Saving session for reuse... ok" \
353 -c "Reconnecting with saved session" \
354 -c "HTTP/1.0 200 OK" \
355 -c "received max_early_data_size" \
356 -c "NewSessionTicket: early_data(42) extension received." \
357 -C "ClientHello: early_data(42) extension exists." \
358 -C "EncryptedExtensions: early_data(42) extension received." \
359 -C "bytes of early data written" \
360 -s "Protocol is TLSv1.3" \
361 -s "key exchange mode: psk" \
362 -s "Select PSK ciphersuite" \
363 -s "Sent max_early_data_size" \
364 -s "NewSessionTicket: early_data(42) extension exists." \
365 -S "ClientHello: early_data(42) extension exists." \
366 -S "EncryptedExtensions: early_data(42) extension exists." \
367 -S "early data bytes read"
376 run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
380 -c "Protocol is TLSv1.3" \
381 -c "Saving session for reuse... ok" \
382 -c "Reconnecting with saved session" \
383 -c "HTTP/1.0 200 OK" \
384 -c "received max_early_data_size" \
385 -c "NewSessionTicket: early_data(42) extension received." \
386 -C "ClientHello: early_data(42) extension exists." \
387 -C "EncryptedExtensions: early_data(42) extension received." \
388 -C "bytes of early data written" \
389 -s "Protocol is TLSv1.3" \
390 -s "key exchange mode: psk" \
391 -s "Select PSK ciphersuite" \
392 -s "Sent max_early_data_size" \
393 -s "NewSessionTicket: early_data(42) extension exists." \
394 -S "ClientHello: early_data(42) extension exists." \
395 -S "EncryptedExtensions: early_data(42) extension exists." \
396 -S "early data bytes read"
405 run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
409 -c "Protocol is TLSv1.3" \
410 -C "Saving session for reuse... ok" \
411 -c "Reconnecting with saved session... failed" \
412 -S "Protocol is TLSv1.3" \
413 -S "key exchange mode: psk" \
414 -S "Select PSK ciphersuite" \
415 -s "Ticket lifetime (604801) is greater than 7 days."
424 run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
428 -c "Protocol is TLSv1.3" \
429 -C "Saving session for reuse... ok" \
430 -c "Discard new session ticket" \
431 -c "Reconnecting with saved session... failed" \
432 -s "Protocol is TLSv1.3" \
433 -S "key exchange mode: psk" \
434 -S "Select PSK ciphersuite"
443 run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
445 …server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_file…
448 -c "Protocol is TLSv1.3" \
449 -c "Saving session for reuse... ok" \
450 -c "Reconnecting with saved session" \
451 -c "Hostname mismatch the session ticket, disable session resumption." \
452 -s "Protocol is TLSv1.3" \
453 -S "key exchange mode: psk" \
454 -S "Select PSK ciphersuite"
463 run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
467 -c "Protocol is TLSv1.3" \
468 -s "key exchange mode: ephemeral" \
469 -s "Protocol is TLSv1.3" \
470 -c "Saving session for reuse... ok" \
471 -c "Reconnecting with saved session" \
472 -S "key exchange mode: psk" \
473 -s "ticket is not authentic" \
474 -S "ticket is expired" \
475 -S "Invalid ticket creation time" \
476 -S "Ticket age exceeds limitation" \
477 -S "Ticket age outside tolerance window"
486 run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
490 -c "Protocol is TLSv1.3" \
491 -s "key exchange mode: ephemeral" \
492 -s "Protocol is TLSv1.3" \
493 -c "Saving session for reuse... ok" \
494 -c "Reconnecting with saved session" \
495 -S "key exchange mode: psk" \
496 -S "ticket is not authentic" \
497 -s "ticket is expired" \
498 -S "Invalid ticket creation time" \
499 -S "Ticket age exceeds limitation" \
500 -S "Ticket age outside tolerance window"
509 run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
513 -c "Protocol is TLSv1.3" \
514 -s "key exchange mode: ephemeral" \
515 -s "Protocol is TLSv1.3" \
516 -c "Saving session for reuse... ok" \
517 -c "Reconnecting with saved session" \
518 -S "key exchange mode: psk" \
519 -S "ticket is not authentic" \
520 -S "ticket is expired" \
521 -s "Invalid ticket creation time" \
522 -S "Ticket age exceeds limitation" \
523 -S "Ticket age outside tolerance window"
532 run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
536 -c "Protocol is TLSv1.3" \
537 -s "key exchange mode: ephemeral" \
538 -s "Protocol is TLSv1.3" \
539 -c "Saving session for reuse... ok" \
540 -c "Reconnecting with saved session" \
541 -S "key exchange mode: psk" \
542 -S "ticket is not authentic" \
543 -S "ticket is expired" \
544 -S "Invalid ticket creation time" \
545 -s "Ticket age exceeds limitation" \
546 -S "Ticket age outside tolerance window"
555 run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
559 -c "Protocol is TLSv1.3" \
560 -s "key exchange mode: ephemeral" \
561 -s "Protocol is TLSv1.3" \
562 -c "Saving session for reuse... ok" \
563 -c "Reconnecting with saved session" \
564 -S "key exchange mode: psk" \
565 -S "ticket is not authentic" \
566 -S "ticket is expired" \
567 -S "Invalid ticket creation time" \
568 -S "Ticket age exceeds limitation" \
569 -s "Ticket age outside tolerance window"
578 run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
582 -c "Protocol is TLSv1.3" \
583 -s "key exchange mode: ephemeral" \
584 -s "Protocol is TLSv1.3" \
585 -c "Saving session for reuse... ok" \
586 -c "Reconnecting with saved session" \
587 -S "key exchange mode: psk" \
588 -S "ticket is not authentic" \
589 -S "ticket is expired" \
590 -S "Invalid ticket creation time" \
591 -S "Ticket age exceeds limitation" \
592 -s "Ticket age outside tolerance window"
600 run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
604 -c "Protocol is TLSv1.3" \
605 -s "key exchange mode: ephemeral" \
606 -S "key exchange mode: psk_ephemeral" \
607 -S "key exchange mode: psk$" \
608 -s "found matched identity" \
609 -s "No suitable PSK key exchange mode" \
610 -s "No usable PSK or ticket"
618 run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
622 -c "Protocol is TLSv1.3" \
623 -s "key exchange mode: ephemeral" \
624 -S "key exchange mode: psk_ephemeral" \
625 -S "key exchange mode: psk$" \
626 -s "found matched identity" \
627 -S "No suitable PSK key exchange mode" \
628 -S "No usable PSK or ticket"
636 run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
640 -c "Protocol is TLSv1.3" \
641 -s "key exchange mode: ephemeral" \
642 -S "key exchange mode: psk_ephemeral" \
643 -S "key exchange mode: psk$" \
644 -s "found matched identity" \
645 -s "No suitable PSK key exchange mode" \
646 -s "No usable PSK or ticket"
654 run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
658 -c "Protocol is TLSv1.3" \
659 -s "key exchange mode: ephemeral" \
660 -S "key exchange mode: psk_ephemeral" \
661 -S "key exchange mode: psk$" \
662 -s "found matched identity" \
663 -S "No suitable PSK key exchange mode" \
664 -S "No usable PSK or ticket"
672 run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
676 -c "Protocol is TLSv1.3" \
677 -s "key exchange mode: ephemeral" \
678 -S "key exchange mode: psk_ephemeral" \
679 -S "key exchange mode: psk$" \
680 -s "found matched identity" \
681 -s "No suitable PSK key exchange mode" \
682 -s "No usable PSK or ticket"
690 run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
694 -c "Protocol is TLSv1.3" \
695 -s "key exchange mode: ephemeral" \
696 -S "key exchange mode: psk_ephemeral" \
697 -S "key exchange mode: psk$" \
698 -s "found matched identity" \
699 -s "No suitable PSK key exchange mode" \
700 -s "No usable PSK or ticket"
708 run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
712 -c "Protocol is TLSv1.3" \
713 -s "key exchange mode: ephemeral" \
714 -s "key exchange mode: psk_ephemeral" \
715 -S "key exchange mode: psk$" \
716 -s "found matched identity" \
717 -S "No suitable PSK key exchange mode" \
718 -S "No usable PSK or ticket"
726 run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
730 -c "Protocol is TLSv1.3" \
731 -s "key exchange mode: ephemeral" \
732 -s "key exchange mode: psk_ephemeral" \
733 -S "key exchange mode: psk$" \
734 -s "found matched identity" \
735 -S "No suitable PSK key exchange mode" \
736 -S "No usable PSK or ticket"
745 run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
749 -c "Pre-configured PSK number = 1" \
750 -S "sent selected_identity:" \
751 -s "key exchange mode: ephemeral" \
752 -S "key exchange mode: psk_ephemeral" \
753 -S "key exchange mode: psk$" \
754 -s "No suitable PSK key exchange mode" \
755 -s "No usable PSK or ticket"
764 run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
768 -c "Protocol is TLSv1.3" \
769 -s "key exchange mode: ephemeral" \
770 -S "key exchange mode: psk_ephemeral" \
771 -S "key exchange mode: psk$" \
772 -s "found matched identity" \
773 -S "No suitable PSK key exchange mode" \
774 -S "No usable PSK or ticket"
783 run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
787 -c "Protocol is TLSv1.3" \
788 -s "key exchange mode: ephemeral" \
789 -s "key exchange mode: psk_ephemeral" \
790 -S "key exchange mode: psk$" \
791 -s "found matched identity" \
792 -S "No suitable PSK key exchange mode" \
793 -S "No usable PSK or ticket"
802 run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
806 -c "Protocol is TLSv1.3" \
807 -s "key exchange mode: ephemeral" \
808 -s "key exchange mode: psk_ephemeral" \
809 -S "key exchange mode: psk$" \
810 -s "found matched identity" \
811 -S "No suitable PSK key exchange mode" \
812 -S "No usable PSK or ticket"
820 run_test "TLS 1.3 m->O: resumption" \
821 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
824 -c "Protocol is TLSv1.3" \
825 -c "Saving session for reuse... ok" \
826 -c "Reconnecting with saved session... ok" \
827 -c "HTTP/1.0 200 ok"
829 # No early data m->O tests for the time being. The option -early_data is needed
831 # -www option we usually use for testing with OpenSSL server (see
844 run_test "TLS 1.3 m->O: resumption with early data" \
845 "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
848 -c "Protocol is TLSv1.3" \
849 -c "Saving session for reuse... ok" \
850 -c "Reconnecting with saved session" \
851 -c "HTTP/1.0 200 OK" \
852 -c "received max_early_data_size: 16384" \
853 -c "NewSessionTicket: early_data(42) extension received." \
854 -c "ClientHello: early_data(42) extension exists." \
855 -c "EncryptedExtensions: early_data(42) extension received." \
856 -c "bytes of early data written" \
857 -s "decrypted early data with length:"
865 run_test "TLS 1.3 m->G: resumption" \
866 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
869 -c "Protocol is TLSv1.3" \
870 -c "Saving session for reuse... ok" \
871 -c "Reconnecting with saved session... ok" \
872 -c "HTTP/1.0 200 OK"
880 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
881 run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
882 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
883 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \
885 -c "Protocol is TLSv1.3" \
886 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
887 -c "Saving session for reuse... ok" \
888 -c "Reconnecting with saved session... ok" \
889 -c "HTTP/1.0 200 OK"
898 run_test "TLS 1.3 m->G: resumption with early data" \
899 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
900 --earlydata --maxearlydata 16384" \
903 -c "Protocol is TLSv1.3" \
904 -c "Saving session for reuse... ok" \
905 -c "Reconnecting with saved session" \
906 -c "HTTP/1.0 200 OK" \
907 -c "received max_early_data_size: 16384" \
908 -c "NewSessionTicket: early_data(42) extension received." \
909 -c "ClientHello: early_data(42) extension exists." \
910 -c "EncryptedExtensions: early_data(42) extension received." \
911 -c "bytes of early data written" \
912 -s "decrypted early data with length:"
921 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
922 run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
923 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
924 --earlydata --maxearlydata 16384" \
925 …"$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconne…
927 -c "Protocol is TLSv1.3" \
928 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
929 -c "Saving session for reuse... ok" \
930 -c "Reconnecting with saved session" \
931 -c "HTTP/1.0 200 OK" \
932 -c "received max_early_data_size: 16384" \
933 -c "NewSessionTicket: early_data(42) extension received." \
934 -c "ClientHello: early_data(42) extension exists." \
935 -c "EncryptedExtensions: early_data(42) extension received." \
936 -c "bytes of early data written" \
937 -s "decrypted early data with length:"
946 run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
947 …"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-c…
950 -c "Protocol is TLSv1.3" \
951 -c "Saving session for reuse... ok" \
952 -c "Reconnecting with saved session" \
953 -c "HTTP/1.0 200 OK" \
954 -C "received max_early_data_size: 16384" \
955 -C "NewSessionTicket: early_data(42) extension received." \
964 run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
965 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
966 --earlydata --maxearlydata 16384" \
969 -c "Protocol is TLSv1.3" \
970 -c "Saving session for reuse... ok" \
971 -c "Reconnecting with saved session" \
972 -c "HTTP/1.0 200 OK" \
973 -c "received max_early_data_size: 16384" \
974 -c "NewSessionTicket: early_data(42) extension received." \
975 -C "ClientHello: early_data(42) extension exists." \
984 run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
985 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
986 --earlydata --maxearlydata 16384" \
989 -c "Protocol is TLSv1.3" \
990 -c "Saving session for reuse... ok" \
991 -c "Reconnecting with saved session" \
992 -c "HTTP/1.0 200 OK" \
993 -c "received max_early_data_size: 16384" \
994 -c "NewSessionTicket: early_data(42) extension received." \
995 -C "ClientHello: early_data(42) extension exists." \
1006 run_test "TLS 1.3 O->m: resumption" \
1008 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
1010 -s "Protocol is TLSv1.3" \
1011 -s "key exchange mode: psk" \
1012 -s "Select PSK ciphersuite"
1021 run_test "TLS 1.3 G->m: resumption" \
1023 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
1025 -s "Protocol is TLSv1.3" \
1026 -s "key exchange mode: psk" \
1027 -s "Select PSK ciphersuite"
1036 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
1038 # TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
1040 run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \
1042 …"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -…
1044 -s "Protocol is TLSv1.3" \
1045 -s "key exchange mode: psk" \
1046 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
1048 EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
1058 run_test "TLS 1.3 G->m: resumption with early data" \
1060 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1061 --earlydata $EARLY_DATA_INPUT" \
1063 -s "Protocol is TLSv1.3" \
1064 -s "key exchange mode: psk" \
1065 -s "Select PSK ciphersuite" \
1066 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1067 -s "NewSessionTicket: early_data(42) extension exists." \
1068 -s "ClientHello: early_data(42) extension exists." \
1069 -s "EncryptedExtensions: early_data(42) extension exists." \
1070 -s "$( head -1 $EARLY_DATA_INPUT )" \
1071 -s "$( tail -1 $EARLY_DATA_INPUT )" \
1072 -s "200 early data bytes read" \
1073 -s "106 early data bytes read"
1082 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
1083 run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \
1085 …"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -…
1086 --earlydata $EARLY_DATA_INPUT" \
1088 -s "Protocol is TLSv1.3" \
1089 -s "key exchange mode: psk" \
1090 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
1091 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1092 -s "NewSessionTicket: early_data(42) extension exists." \
1093 -s "ClientHello: early_data(42) extension exists." \
1094 -s "EncryptedExtensions: early_data(42) extension exists." \
1095 -s "$( head -1 $EARLY_DATA_INPUT )" \
1096 -s "$( tail -1 $EARLY_DATA_INPUT )" \
1097 -s "200 early data bytes read" \
1098 -s "106 early data bytes read"
1113 run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
1115 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1116 --earlydata $EARLY_DATA_INPUT" \
1118 -s "Protocol is TLSv1.3" \
1119 -s "key exchange mode: psk" \
1120 -s "Select PSK ciphersuite" \
1121 -S "Sent max_early_data_size" \
1122 -S "NewSessionTicket: early_data(42) extension exists." \
1123 -s "ClientHello: early_data(42) extension exists." \
1124 -s "EarlyData: rejected, feature disabled in server configuration." \
1125 -S "EncryptedExtensions: early_data(42) extension exists." \
1126 -s "EarlyData: deprotect and discard app data records" \
1127 -s "EarlyData: Too much early data received"
1142 run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
1144 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1145 --earlydata $EARLY_DATA_INPUT" \
1147 -s "Protocol is TLSv1.3" \
1148 -s "key exchange mode: psk" \
1149 -s "Select PSK ciphersuite" \
1150 -S "Sent max_early_data_size" \
1151 -S "NewSessionTicket: early_data(42) extension exists." \
1152 -s "ClientHello: early_data(42) extension exists." \
1153 -s "EarlyData: rejected, feature disabled in server configuration." \
1154 -S "EncryptedExtensions: early_data(42) extension exists." \
1155 -s "EarlyData: deprotect and discard app data records" \
1156 -s "EarlyData: Too much early data received"
1165 run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
1167 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
1169 -s "Protocol is TLSv1.3" \
1170 -s "key exchange mode: psk" \
1171 -s "Select PSK ciphersuite" \
1172 -s "Sent max_early_data_size" \
1173 -s "NewSessionTicket: early_data(42) extension exists." \
1174 -S "ClientHello: early_data(42) extension exists." \
1175 -S "EncryptedExtensions: early_data(42) extension exists."
1182 run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
1186 -s "key exchange mode: ephemeral" \
1187 -S "key exchange mode: psk" \
1188 -s "found matched identity" \
1189 -s "EarlyData: rejected, not a session resumption" \
1190 -C "EncryptedExtensions: early_data(42) extension exists."