1#!/bin/sh 2 3# tls13-misc.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7# 8 9requires_gnutls_tls1_3 10requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 11requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12requires_config_enabled MBEDTLS_SSL_SRV_C 13requires_config_enabled MBEDTLS_DEBUG_C 14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 15 16run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ 17 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 18 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 19 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 20 localhost" \ 21 1 \ 22 -s "found psk key exchange modes extension" \ 23 -s "found pre_shared_key extension" \ 24 -s "Found PSK_EPHEMERAL KEX MODE" \ 25 -s "Found PSK KEX MODE" \ 26 -s "No matched ciphersuite" 27 28requires_openssl_tls1_3 29requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 30requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 31requires_config_enabled MBEDTLS_SSL_SRV_C 32requires_config_enabled MBEDTLS_DEBUG_C 33requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 34 35run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ 36 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 37 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ 38 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 39 1 \ 40 -s "found psk key exchange modes extension" \ 41 -s "found pre_shared_key extension" \ 42 -s "Found PSK_EPHEMERAL KEX MODE" \ 43 -s "Found PSK KEX MODE" \ 44 -s "No matched ciphersuite" 45 46requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 47 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 48 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 49run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ 50 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ 51 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 52 0 \ 53 -c "Pre-configured PSK number = 2" \ 54 -s "sent selected_identity: 0" \ 55 -s "key exchange mode: psk_ephemeral" \ 56 -S "key exchange mode: psk$" \ 57 -S "key exchange mode: ephemeral$" \ 58 -S "ticket is not authentic" 59 60requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 61 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 62 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 63run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ 64 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ 65 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 66 0 \ 67 -c "Pre-configured PSK number = 2" \ 68 -s "sent selected_identity: 1" \ 69 -s "key exchange mode: psk_ephemeral" \ 70 -S "key exchange mode: psk$" \ 71 -S "key exchange mode: ephemeral$" \ 72 -s "ticket is not authentic" 73 74requires_gnutls_tls1_3 75requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 76requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 77run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ 78 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 79 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 80 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 81 localhost" \ 82 1 \ 83 -s "found psk key exchange modes extension" \ 84 -s "found pre_shared_key extension" \ 85 -s "Found PSK_EPHEMERAL KEX MODE" \ 86 -S "Found PSK KEX MODE" \ 87 -S "key exchange mode: psk$" \ 88 -S "key exchange mode: psk_ephemeral" \ 89 -S "key exchange mode: ephemeral" 90 91requires_gnutls_tls1_3 92requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 93 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 94 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 95requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 96 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 97run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ 98 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 99 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 100 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 101 localhost" \ 102 0 \ 103 -s "found psk key exchange modes extension" \ 104 -s "found pre_shared_key extension" \ 105 -s "Found PSK_EPHEMERAL KEX MODE" \ 106 -s "Found PSK KEX MODE" \ 107 -s "key exchange mode: psk$" 108 109requires_gnutls_tls1_3 110requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 111 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 112 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 113requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 114 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 115run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ 116 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 117 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 118 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 119 localhost" \ 120 0 \ 121 -s "found psk key exchange modes extension" \ 122 -s "found pre_shared_key extension" \ 123 -s "Found PSK_EPHEMERAL KEX MODE" \ 124 -s "Found PSK KEX MODE" \ 125 -s "key exchange mode: psk_ephemeral$" 126 127requires_gnutls_tls1_3 128requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 129 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 130 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 131requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 132 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 133run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ 134 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 135 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 136 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 137 localhost" \ 138 0 \ 139 -s "key exchange mode: ephemeral$" 140 141requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 142 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 143 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 144 MBEDTLS_DEBUG_C \ 145 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 146requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 147 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 148run_test "TLS 1.3 m->m: resumption" \ 149 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 150 "$P_CLI reco_mode=1 reconnect=1" \ 151 0 \ 152 -c "Protocol is TLSv1.3" \ 153 -c "Saving session for reuse... ok" \ 154 -c "Reconnecting with saved session... ok" \ 155 -c "HTTP/1.0 200 OK" \ 156 -s "Protocol is TLSv1.3" \ 157 -s "key exchange mode: psk" \ 158 -s "Select PSK ciphersuite" 159 160requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 161 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 162 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 163 MBEDTLS_DEBUG_C \ 164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 165requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 166 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 167run_test "TLS 1.3 m->m: resumption with servername" \ 168 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 169 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 170 "$P_CLI server_name=localhost reco_mode=1 reconnect=1" \ 171 0 \ 172 -c "Protocol is TLSv1.3" \ 173 -c "Saving session for reuse... ok" \ 174 -c "Reconnecting with saved session... ok" \ 175 -c "HTTP/1.0 200 OK" \ 176 -s "Protocol is TLSv1.3" \ 177 -s "key exchange mode: psk" \ 178 -s "Select PSK ciphersuite" 179 180requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 181 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 182 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 183 MBEDTLS_DEBUG_C \ 184 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 185requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 186 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 187run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \ 188 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604800 tickets=1" \ 189 "$P_CLI reco_mode=1 reconnect=1" \ 190 0 \ 191 -c "Protocol is TLSv1.3" \ 192 -c "Saving session for reuse... ok" \ 193 -c "Reconnecting with saved session... ok" \ 194 -c "HTTP/1.0 200 OK" \ 195 -s "Protocol is TLSv1.3" \ 196 -s "key exchange mode: psk" \ 197 -s "Select PSK ciphersuite" 198 199requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 200 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 201 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 202 MBEDTLS_DEBUG_C \ 203 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 204requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 205 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 206requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 207run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \ 208 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 209 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ 210 0 \ 211 -c "Protocol is TLSv1.3" \ 212 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 213 -c "Saving session for reuse... ok" \ 214 -c "Reconnecting with saved session... ok" \ 215 -c "HTTP/1.0 200 OK" \ 216 -s "Protocol is TLSv1.3" \ 217 -s "key exchange mode: psk" \ 218 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" 219 220requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 221 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 222 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 223 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 224 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 225requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 226 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 227run_test "TLS 1.3 m->m: resumption with early data" \ 228 "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 229 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 230 0 \ 231 -c "Protocol is TLSv1.3" \ 232 -c "Saving session for reuse... ok" \ 233 -c "Reconnecting with saved session" \ 234 -c "HTTP/1.0 200 OK" \ 235 -c "received max_early_data_size" \ 236 -c "NewSessionTicket: early_data(42) extension received." \ 237 -c "ClientHello: early_data(42) extension exists." \ 238 -c "EncryptedExtensions: early_data(42) extension received." \ 239 -c "bytes of early data written" \ 240 -C "0 bytes of early data written" \ 241 -s "Protocol is TLSv1.3" \ 242 -s "key exchange mode: psk" \ 243 -s "Select PSK ciphersuite" \ 244 -s "Sent max_early_data_size" \ 245 -s "NewSessionTicket: early_data(42) extension exists." \ 246 -s "ClientHello: early_data(42) extension exists." \ 247 -s "EncryptedExtensions: early_data(42) extension exists." \ 248 -s "early data bytes read" 249 250requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 251 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 252 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 253 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 254 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 255requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 256 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 257requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 258run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \ 259 "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 260 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ 261 0 \ 262 -c "Protocol is TLSv1.3" \ 263 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 264 -c "Saving session for reuse... ok" \ 265 -c "Reconnecting with saved session" \ 266 -c "HTTP/1.0 200 OK" \ 267 -c "received max_early_data_size" \ 268 -c "NewSessionTicket: early_data(42) extension received." \ 269 -c "ClientHello: early_data(42) extension exists." \ 270 -c "EncryptedExtensions: early_data(42) extension received." \ 271 -c "bytes of early data written" \ 272 -C "0 bytes of early data written" \ 273 -s "Protocol is TLSv1.3" \ 274 -s "key exchange mode: psk" \ 275 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ 276 -s "Sent max_early_data_size" \ 277 -s "NewSessionTicket: early_data(42) extension exists." \ 278 -s "ClientHello: early_data(42) extension exists." \ 279 -s "EncryptedExtensions: early_data(42) extension exists." \ 280 -s "early data bytes read" 281 282requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 283 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 284 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 285 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 286 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 287requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 288 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 289run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \ 290 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 291 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 292 0 \ 293 -c "Protocol is TLSv1.3" \ 294 -c "Saving session for reuse... ok" \ 295 -c "Reconnecting with saved session" \ 296 -c "HTTP/1.0 200 OK" \ 297 -C "received max_early_data_size" \ 298 -C "NewSessionTicket: early_data(42) extension received." \ 299 -C "ClientHello: early_data(42) extension exists." \ 300 -C "EncryptedExtensions: early_data(42) extension received." \ 301 -c "0 bytes of early data written" \ 302 -s "Protocol is TLSv1.3" \ 303 -s "key exchange mode: psk" \ 304 -s "Select PSK ciphersuite" \ 305 -S "Sent max_early_data_size" \ 306 -S "NewSessionTicket: early_data(42) extension exists." \ 307 -S "ClientHello: early_data(42) extension exists." \ 308 -S "EncryptedExtensions: early_data(42) extension exists." \ 309 -S "early data bytes read" 310 311requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 312 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 313 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 314 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 315 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 316requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 317 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 318run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \ 319 "$P_SRV debug_level=4 early_data=0 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 320 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 321 0 \ 322 -c "Protocol is TLSv1.3" \ 323 -c "Saving session for reuse... ok" \ 324 -c "Reconnecting with saved session" \ 325 -c "HTTP/1.0 200 OK" \ 326 -C "received max_early_data_size" \ 327 -C "NewSessionTicket: early_data(42) extension received." \ 328 -C "ClientHello: early_data(42) extension exists." \ 329 -C "EncryptedExtensions: early_data(42) extension received." \ 330 -c "0 bytes of early data written" \ 331 -s "Protocol is TLSv1.3" \ 332 -s "key exchange mode: psk" \ 333 -s "Select PSK ciphersuite" \ 334 -S "Sent max_early_data_size" \ 335 -S "NewSessionTicket: early_data(42) extension exists." \ 336 -S "ClientHello: early_data(42) extension exists." \ 337 -S "EncryptedExtensions: early_data(42) extension exists." \ 338 -S "early data bytes read" 339 340requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 341 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 342 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 343 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 344 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 345requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 346 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 347run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \ 348 "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 349 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 350 0 \ 351 -c "Protocol is TLSv1.3" \ 352 -c "Saving session for reuse... ok" \ 353 -c "Reconnecting with saved session" \ 354 -c "HTTP/1.0 200 OK" \ 355 -c "received max_early_data_size" \ 356 -c "NewSessionTicket: early_data(42) extension received." \ 357 -C "ClientHello: early_data(42) extension exists." \ 358 -C "EncryptedExtensions: early_data(42) extension received." \ 359 -C "bytes of early data written" \ 360 -s "Protocol is TLSv1.3" \ 361 -s "key exchange mode: psk" \ 362 -s "Select PSK ciphersuite" \ 363 -s "Sent max_early_data_size" \ 364 -s "NewSessionTicket: early_data(42) extension exists." \ 365 -S "ClientHello: early_data(42) extension exists." \ 366 -S "EncryptedExtensions: early_data(42) extension exists." \ 367 -S "early data bytes read" 368 369requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 370 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 371 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 372 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 373 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 374requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 375 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 376run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \ 377 "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 378 "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ 379 0 \ 380 -c "Protocol is TLSv1.3" \ 381 -c "Saving session for reuse... ok" \ 382 -c "Reconnecting with saved session" \ 383 -c "HTTP/1.0 200 OK" \ 384 -c "received max_early_data_size" \ 385 -c "NewSessionTicket: early_data(42) extension received." \ 386 -C "ClientHello: early_data(42) extension exists." \ 387 -C "EncryptedExtensions: early_data(42) extension received." \ 388 -C "bytes of early data written" \ 389 -s "Protocol is TLSv1.3" \ 390 -s "key exchange mode: psk" \ 391 -s "Select PSK ciphersuite" \ 392 -s "Sent max_early_data_size" \ 393 -s "NewSessionTicket: early_data(42) extension exists." \ 394 -S "ClientHello: early_data(42) extension exists." \ 395 -S "EncryptedExtensions: early_data(42) extension exists." \ 396 -S "early data bytes read" 397 398requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 399 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 400 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 401 MBEDTLS_DEBUG_C \ 402 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 403requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 404 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 405run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \ 406 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604801 tickets=1" \ 407 "$P_CLI reco_mode=1 reconnect=1" \ 408 1 \ 409 -c "Protocol is TLSv1.3" \ 410 -C "Saving session for reuse... ok" \ 411 -c "Reconnecting with saved session... failed" \ 412 -S "Protocol is TLSv1.3" \ 413 -S "key exchange mode: psk" \ 414 -S "Select PSK ciphersuite" \ 415 -s "Ticket lifetime (604801) is greater than 7 days." 416 417requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 418 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 419 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 420 MBEDTLS_DEBUG_C \ 421 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 422requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 423 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 424run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \ 425 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=0 tickets=1" \ 426 "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \ 427 1 \ 428 -c "Protocol is TLSv1.3" \ 429 -C "Saving session for reuse... ok" \ 430 -c "Discard new session ticket" \ 431 -c "Reconnecting with saved session... failed" \ 432 -s "Protocol is TLSv1.3" \ 433 -S "key exchange mode: psk" \ 434 -S "Select PSK ciphersuite" 435 436requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 437 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 438 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 439 MBEDTLS_DEBUG_C \ 440 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 441requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 442 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 443run_test "TLS 1.3 m->m: resumption fails, servername check failed" \ 444 "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 445 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 446 "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \ 447 1 \ 448 -c "Protocol is TLSv1.3" \ 449 -c "Saving session for reuse... ok" \ 450 -c "Reconnecting with saved session" \ 451 -c "Hostname mismatch the session ticket, disable session resumption." \ 452 -s "Protocol is TLSv1.3" \ 453 -S "key exchange mode: psk" \ 454 -S "Select PSK ciphersuite" 455 456requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 457 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 458 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 459 MBEDTLS_DEBUG_C \ 460 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 461requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 462 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 463run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \ 464 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=1" \ 465 "$P_CLI reco_mode=1 reconnect=1" \ 466 0 \ 467 -c "Protocol is TLSv1.3" \ 468 -s "key exchange mode: ephemeral" \ 469 -s "Protocol is TLSv1.3" \ 470 -c "Saving session for reuse... ok" \ 471 -c "Reconnecting with saved session" \ 472 -S "key exchange mode: psk" \ 473 -s "ticket is not authentic" \ 474 -S "ticket is expired" \ 475 -S "Invalid ticket creation time" \ 476 -S "Ticket age exceeds limitation" \ 477 -S "Ticket age outside tolerance window" 478 479requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 480 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 481 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 482 MBEDTLS_DEBUG_C \ 483 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 484requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 485 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 486run_test "TLS 1.3 m->m: resumption fails, ticket expired." \ 487 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=2" \ 488 "$P_CLI reco_mode=1 reconnect=1" \ 489 0 \ 490 -c "Protocol is TLSv1.3" \ 491 -s "key exchange mode: ephemeral" \ 492 -s "Protocol is TLSv1.3" \ 493 -c "Saving session for reuse... ok" \ 494 -c "Reconnecting with saved session" \ 495 -S "key exchange mode: psk" \ 496 -S "ticket is not authentic" \ 497 -s "ticket is expired" \ 498 -S "Invalid ticket creation time" \ 499 -S "Ticket age exceeds limitation" \ 500 -S "Ticket age outside tolerance window" 501 502requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 503 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 504 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 505 MBEDTLS_DEBUG_C \ 506 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 507requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 508 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 509run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \ 510 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=3" \ 511 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 512 0 \ 513 -c "Protocol is TLSv1.3" \ 514 -s "key exchange mode: ephemeral" \ 515 -s "Protocol is TLSv1.3" \ 516 -c "Saving session for reuse... ok" \ 517 -c "Reconnecting with saved session" \ 518 -S "key exchange mode: psk" \ 519 -S "ticket is not authentic" \ 520 -S "ticket is expired" \ 521 -s "Invalid ticket creation time" \ 522 -S "Ticket age exceeds limitation" \ 523 -S "Ticket age outside tolerance window" 524 525requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 526 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 527 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 528 MBEDTLS_DEBUG_C \ 529 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 530requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 531 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 532run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \ 533 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=4" \ 534 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 535 0 \ 536 -c "Protocol is TLSv1.3" \ 537 -s "key exchange mode: ephemeral" \ 538 -s "Protocol is TLSv1.3" \ 539 -c "Saving session for reuse... ok" \ 540 -c "Reconnecting with saved session" \ 541 -S "key exchange mode: psk" \ 542 -S "ticket is not authentic" \ 543 -S "ticket is expired" \ 544 -S "Invalid ticket creation time" \ 545 -s "Ticket age exceeds limitation" \ 546 -S "Ticket age outside tolerance window" 547 548requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 549 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 550 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 551 MBEDTLS_DEBUG_C \ 552 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 553requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 554 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 555run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \ 556 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=5" \ 557 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 558 0 \ 559 -c "Protocol is TLSv1.3" \ 560 -s "key exchange mode: ephemeral" \ 561 -s "Protocol is TLSv1.3" \ 562 -c "Saving session for reuse... ok" \ 563 -c "Reconnecting with saved session" \ 564 -S "key exchange mode: psk" \ 565 -S "ticket is not authentic" \ 566 -S "ticket is expired" \ 567 -S "Invalid ticket creation time" \ 568 -S "Ticket age exceeds limitation" \ 569 -s "Ticket age outside tolerance window" 570 571requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 572 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 573 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 574 MBEDTLS_DEBUG_C \ 575 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 576requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 577 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 578run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \ 579 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=6" \ 580 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 581 0 \ 582 -c "Protocol is TLSv1.3" \ 583 -s "key exchange mode: ephemeral" \ 584 -s "Protocol is TLSv1.3" \ 585 -c "Saving session for reuse... ok" \ 586 -c "Reconnecting with saved session" \ 587 -S "key exchange mode: psk" \ 588 -S "ticket is not authentic" \ 589 -S "ticket is expired" \ 590 -S "Invalid ticket creation time" \ 591 -S "Ticket age exceeds limitation" \ 592 -s "Ticket age outside tolerance window" 593 594requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 595 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 596 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 597 MBEDTLS_DEBUG_C \ 598 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 599 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 600run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \ 601 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ 602 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 603 0 \ 604 -c "Protocol is TLSv1.3" \ 605 -s "key exchange mode: ephemeral" \ 606 -S "key exchange mode: psk_ephemeral" \ 607 -S "key exchange mode: psk$" \ 608 -s "found matched identity" \ 609 -s "No suitable PSK key exchange mode" \ 610 -s "No usable PSK or ticket" 611 612requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 613 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 614 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 615 MBEDTLS_DEBUG_C \ 616 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 617 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 618run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \ 619 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ 620 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 621 0 \ 622 -c "Protocol is TLSv1.3" \ 623 -s "key exchange mode: ephemeral" \ 624 -S "key exchange mode: psk_ephemeral" \ 625 -S "key exchange mode: psk$" \ 626 -s "found matched identity" \ 627 -S "No suitable PSK key exchange mode" \ 628 -S "No usable PSK or ticket" 629 630requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 631 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 632 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 633 MBEDTLS_DEBUG_C \ 634 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 635 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 636run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \ 637 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ 638 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 639 0 \ 640 -c "Protocol is TLSv1.3" \ 641 -s "key exchange mode: ephemeral" \ 642 -S "key exchange mode: psk_ephemeral" \ 643 -S "key exchange mode: psk$" \ 644 -s "found matched identity" \ 645 -s "No suitable PSK key exchange mode" \ 646 -s "No usable PSK or ticket" 647 648requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 649 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 650 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 651 MBEDTLS_DEBUG_C \ 652 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 653 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 654run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \ 655 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ 656 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 657 0 \ 658 -c "Protocol is TLSv1.3" \ 659 -s "key exchange mode: ephemeral" \ 660 -S "key exchange mode: psk_ephemeral" \ 661 -S "key exchange mode: psk$" \ 662 -s "found matched identity" \ 663 -S "No suitable PSK key exchange mode" \ 664 -S "No usable PSK or ticket" 665 666requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 667 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 668 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 669 MBEDTLS_DEBUG_C \ 670 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 671 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 672run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \ 673 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ 674 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 675 0 \ 676 -c "Protocol is TLSv1.3" \ 677 -s "key exchange mode: ephemeral" \ 678 -S "key exchange mode: psk_ephemeral" \ 679 -S "key exchange mode: psk$" \ 680 -s "found matched identity" \ 681 -s "No suitable PSK key exchange mode" \ 682 -s "No usable PSK or ticket" 683 684requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 685 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 686 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 687 MBEDTLS_DEBUG_C \ 688 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 689 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 690run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \ 691 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ 692 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 693 0 \ 694 -c "Protocol is TLSv1.3" \ 695 -s "key exchange mode: ephemeral" \ 696 -S "key exchange mode: psk_ephemeral" \ 697 -S "key exchange mode: psk$" \ 698 -s "found matched identity" \ 699 -s "No suitable PSK key exchange mode" \ 700 -s "No usable PSK or ticket" 701 702requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 703 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 704 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 705 MBEDTLS_DEBUG_C \ 706 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 707 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 708run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \ 709 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ 710 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 711 0 \ 712 -c "Protocol is TLSv1.3" \ 713 -s "key exchange mode: ephemeral" \ 714 -s "key exchange mode: psk_ephemeral" \ 715 -S "key exchange mode: psk$" \ 716 -s "found matched identity" \ 717 -S "No suitable PSK key exchange mode" \ 718 -S "No usable PSK or ticket" 719 720requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 721 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 722 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 723 MBEDTLS_DEBUG_C \ 724 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 725 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 726run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \ 727 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ 728 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 729 0 \ 730 -c "Protocol is TLSv1.3" \ 731 -s "key exchange mode: ephemeral" \ 732 -s "key exchange mode: psk_ephemeral" \ 733 -S "key exchange mode: psk$" \ 734 -s "found matched identity" \ 735 -S "No suitable PSK key exchange mode" \ 736 -S "No usable PSK or ticket" 737 738requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 739 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 740 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 741 MBEDTLS_DEBUG_C \ 742 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 743 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 744 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 745run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \ 746 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ 747 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 748 0 \ 749 -c "Pre-configured PSK number = 1" \ 750 -S "sent selected_identity:" \ 751 -s "key exchange mode: ephemeral" \ 752 -S "key exchange mode: psk_ephemeral" \ 753 -S "key exchange mode: psk$" \ 754 -s "No suitable PSK key exchange mode" \ 755 -s "No usable PSK or ticket" 756 757requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 758 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 759 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 760 MBEDTLS_DEBUG_C \ 761 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 762 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 763 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 764run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \ 765 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ 766 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 767 0 \ 768 -c "Protocol is TLSv1.3" \ 769 -s "key exchange mode: ephemeral" \ 770 -S "key exchange mode: psk_ephemeral" \ 771 -S "key exchange mode: psk$" \ 772 -s "found matched identity" \ 773 -S "No suitable PSK key exchange mode" \ 774 -S "No usable PSK or ticket" 775 776requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 777 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 778 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 779 MBEDTLS_DEBUG_C \ 780 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 781 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 782 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 783run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \ 784 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ 785 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 786 0 \ 787 -c "Protocol is TLSv1.3" \ 788 -s "key exchange mode: ephemeral" \ 789 -s "key exchange mode: psk_ephemeral" \ 790 -S "key exchange mode: psk$" \ 791 -s "found matched identity" \ 792 -S "No suitable PSK key exchange mode" \ 793 -S "No usable PSK or ticket" 794 795requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 796 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 797 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 798 MBEDTLS_DEBUG_C \ 799 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 800 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 801 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 802run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \ 803 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ 804 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 805 0 \ 806 -c "Protocol is TLSv1.3" \ 807 -s "key exchange mode: ephemeral" \ 808 -s "key exchange mode: psk_ephemeral" \ 809 -S "key exchange mode: psk$" \ 810 -s "found matched identity" \ 811 -S "No suitable PSK key exchange mode" \ 812 -S "No usable PSK or ticket" 813 814requires_openssl_tls1_3_with_compatible_ephemeral 815requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 816 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 817 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 818requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 819 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 820run_test "TLS 1.3 m->O: resumption" \ 821 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 822 "$P_CLI reco_mode=1 reconnect=1" \ 823 0 \ 824 -c "Protocol is TLSv1.3" \ 825 -c "Saving session for reuse... ok" \ 826 -c "Reconnecting with saved session... ok" \ 827 -c "HTTP/1.0 200 ok" 828 829# No early data m->O tests for the time being. The option -early_data is needed 830# to enable early data on OpenSSL server and it is not compatible with the 831# -www option we usually use for testing with OpenSSL server (see 832# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the 833# ephemeral then ticket based scenario we use for early data testing the first 834# handshake fails. The following skipped test is here to illustrate the kind 835# of testing we would like to do. 836skip_next_test 837requires_openssl_tls1_3_with_compatible_ephemeral 838requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 839 MBEDTLS_SSL_EARLY_DATA \ 840 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 841 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 842requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 843 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 844run_test "TLS 1.3 m->O: resumption with early data" \ 845 "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 846 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 847 0 \ 848 -c "Protocol is TLSv1.3" \ 849 -c "Saving session for reuse... ok" \ 850 -c "Reconnecting with saved session" \ 851 -c "HTTP/1.0 200 OK" \ 852 -c "received max_early_data_size: 16384" \ 853 -c "NewSessionTicket: early_data(42) extension received." \ 854 -c "ClientHello: early_data(42) extension exists." \ 855 -c "EncryptedExtensions: early_data(42) extension received." \ 856 -c "bytes of early data written" \ 857 -s "decrypted early data with length:" 858 859requires_gnutls_tls1_3 860requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 861 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 862 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 863requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 864 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 865run_test "TLS 1.3 m->G: resumption" \ 866 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 867 "$P_CLI reco_mode=1 reconnect=1" \ 868 0 \ 869 -c "Protocol is TLSv1.3" \ 870 -c "Saving session for reuse... ok" \ 871 -c "Reconnecting with saved session... ok" \ 872 -c "HTTP/1.0 200 OK" 873 874requires_gnutls_tls1_3 875requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 876 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 877 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 878requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 879 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 880requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 881run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \ 882 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 883 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ 884 0 \ 885 -c "Protocol is TLSv1.3" \ 886 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 887 -c "Saving session for reuse... ok" \ 888 -c "Reconnecting with saved session... ok" \ 889 -c "HTTP/1.0 200 OK" 890 891requires_gnutls_tls1_3 892requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 893 MBEDTLS_SSL_EARLY_DATA \ 894 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 895 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 896requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 897 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 898run_test "TLS 1.3 m->G: resumption with early data" \ 899 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 900 --earlydata --maxearlydata 16384" \ 901 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 902 0 \ 903 -c "Protocol is TLSv1.3" \ 904 -c "Saving session for reuse... ok" \ 905 -c "Reconnecting with saved session" \ 906 -c "HTTP/1.0 200 OK" \ 907 -c "received max_early_data_size: 16384" \ 908 -c "NewSessionTicket: early_data(42) extension received." \ 909 -c "ClientHello: early_data(42) extension exists." \ 910 -c "EncryptedExtensions: early_data(42) extension received." \ 911 -c "bytes of early data written" \ 912 -s "decrypted early data with length:" 913 914requires_gnutls_tls1_3 915requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 916 MBEDTLS_SSL_EARLY_DATA \ 917 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 918 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 919requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 920 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 921requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 922run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \ 923 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 924 --earlydata --maxearlydata 16384" \ 925 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ 926 0 \ 927 -c "Protocol is TLSv1.3" \ 928 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 929 -c "Saving session for reuse... ok" \ 930 -c "Reconnecting with saved session" \ 931 -c "HTTP/1.0 200 OK" \ 932 -c "received max_early_data_size: 16384" \ 933 -c "NewSessionTicket: early_data(42) extension received." \ 934 -c "ClientHello: early_data(42) extension exists." \ 935 -c "EncryptedExtensions: early_data(42) extension received." \ 936 -c "bytes of early data written" \ 937 -s "decrypted early data with length:" 938 939requires_gnutls_tls1_3 940requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 941 MBEDTLS_SSL_EARLY_DATA \ 942 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 943 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 944requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 945 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 946run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \ 947 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ 948 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 949 0 \ 950 -c "Protocol is TLSv1.3" \ 951 -c "Saving session for reuse... ok" \ 952 -c "Reconnecting with saved session" \ 953 -c "HTTP/1.0 200 OK" \ 954 -C "received max_early_data_size: 16384" \ 955 -C "NewSessionTicket: early_data(42) extension received." \ 956 957requires_gnutls_tls1_3 958requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 959 MBEDTLS_SSL_EARLY_DATA \ 960 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 961 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 962requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 963 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 964run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \ 965 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 966 --earlydata --maxearlydata 16384" \ 967 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 968 0 \ 969 -c "Protocol is TLSv1.3" \ 970 -c "Saving session for reuse... ok" \ 971 -c "Reconnecting with saved session" \ 972 -c "HTTP/1.0 200 OK" \ 973 -c "received max_early_data_size: 16384" \ 974 -c "NewSessionTicket: early_data(42) extension received." \ 975 -C "ClientHello: early_data(42) extension exists." \ 976 977requires_gnutls_tls1_3 978requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 979 MBEDTLS_SSL_EARLY_DATA \ 980 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 981 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 982requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 983 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 984run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \ 985 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 986 --earlydata --maxearlydata 16384" \ 987 "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ 988 0 \ 989 -c "Protocol is TLSv1.3" \ 990 -c "Saving session for reuse... ok" \ 991 -c "Reconnecting with saved session" \ 992 -c "HTTP/1.0 200 OK" \ 993 -c "received max_early_data_size: 16384" \ 994 -c "NewSessionTicket: early_data(42) extension received." \ 995 -C "ClientHello: early_data(42) extension exists." \ 996 997requires_openssl_tls1_3_with_compatible_ephemeral 998requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 999 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1000 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1001requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1002 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1003# https://github.com/openssl/openssl/issues/10714 1004# Until now, OpenSSL client does not support reconnect. 1005skip_next_test 1006run_test "TLS 1.3 O->m: resumption" \ 1007 "$P_SRV debug_level=2 tickets=1" \ 1008 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \ 1009 0 \ 1010 -s "Protocol is TLSv1.3" \ 1011 -s "key exchange mode: psk" \ 1012 -s "Select PSK ciphersuite" 1013 1014requires_gnutls_tls1_3 1015requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1016 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1017 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1018 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1019requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1020 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1021run_test "TLS 1.3 G->m: resumption" \ 1022 "$P_SRV debug_level=2 tickets=1" \ 1023 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 1024 0 \ 1025 -s "Protocol is TLSv1.3" \ 1026 -s "key exchange mode: psk" \ 1027 -s "Select PSK ciphersuite" 1028 1029requires_gnutls_tls1_3 1030requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1031 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1032 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1033 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1034requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1035 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1036requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 1037# Test the session resumption when the cipher suite for the original session is 1038# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not 1039# 256 bits long as with all the other TLS 1.3 cipher suites. 1040run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \ 1041 "$P_SRV debug_level=2 tickets=1" \ 1042 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \ 1043 0 \ 1044 -s "Protocol is TLSv1.3" \ 1045 -s "key exchange mode: psk" \ 1046 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" 1047 1048EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) 1049EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) 1050 1051requires_gnutls_tls1_3 1052requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1053 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1054 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1055 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1056requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1057 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1058run_test "TLS 1.3 G->m: resumption with early data" \ 1059 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1060 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1061 --earlydata $EARLY_DATA_INPUT" \ 1062 0 \ 1063 -s "Protocol is TLSv1.3" \ 1064 -s "key exchange mode: psk" \ 1065 -s "Select PSK ciphersuite" \ 1066 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1067 -s "NewSessionTicket: early_data(42) extension exists." \ 1068 -s "ClientHello: early_data(42) extension exists." \ 1069 -s "EncryptedExtensions: early_data(42) extension exists." \ 1070 -s "$( head -1 $EARLY_DATA_INPUT )" \ 1071 -s "$( tail -1 $EARLY_DATA_INPUT )" \ 1072 -s "200 early data bytes read" \ 1073 -s "106 early data bytes read" 1074 1075requires_gnutls_tls1_3 1076requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1077 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1078 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1079 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1080requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1081 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1082requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 1083run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \ 1084 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1085 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \ 1086 --earlydata $EARLY_DATA_INPUT" \ 1087 0 \ 1088 -s "Protocol is TLSv1.3" \ 1089 -s "key exchange mode: psk" \ 1090 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ 1091 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1092 -s "NewSessionTicket: early_data(42) extension exists." \ 1093 -s "ClientHello: early_data(42) extension exists." \ 1094 -s "EncryptedExtensions: early_data(42) extension exists." \ 1095 -s "$( head -1 $EARLY_DATA_INPUT )" \ 1096 -s "$( tail -1 $EARLY_DATA_INPUT )" \ 1097 -s "200 early data bytes read" \ 1098 -s "106 early data bytes read" 1099 1100# The Mbed TLS server does not allow early data for the ticket it sends but 1101# the GnuTLS indicates early data anyway when resuming with the ticket and 1102# sends early data. The Mbed TLS server does not expect early data in 1103# association with the ticket thus it eventually fails the resumption 1104# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 1105# specification and thus its behavior may change in following versions. 1106requires_gnutls_tls1_3 1107requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1108 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1109 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1110 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1111requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1112 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1113run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \ 1114 "$P_SRV debug_level=4 tickets=1" \ 1115 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1116 --earlydata $EARLY_DATA_INPUT" \ 1117 1 \ 1118 -s "Protocol is TLSv1.3" \ 1119 -s "key exchange mode: psk" \ 1120 -s "Select PSK ciphersuite" \ 1121 -S "Sent max_early_data_size" \ 1122 -S "NewSessionTicket: early_data(42) extension exists." \ 1123 -s "ClientHello: early_data(42) extension exists." \ 1124 -s "EarlyData: rejected, feature disabled in server configuration." \ 1125 -S "EncryptedExtensions: early_data(42) extension exists." \ 1126 -s "EarlyData: deprotect and discard app data records" \ 1127 -s "EarlyData: Too much early data received" 1128 1129# The Mbed TLS server does not allow early data for the ticket it sends but 1130# the GnuTLS indicates early data anyway when resuming with the ticket and 1131# sends early data. The Mbed TLS server does not expect early data in 1132# association with the ticket thus it eventually fails the resumption 1133# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 1134# specification and thus its behavior may change in following versions. 1135requires_gnutls_tls1_3 1136requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1137 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1138 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1139 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1140requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1141 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1142run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \ 1143 "$P_SRV debug_level=4 tickets=1 early_data=0" \ 1144 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1145 --earlydata $EARLY_DATA_INPUT" \ 1146 1 \ 1147 -s "Protocol is TLSv1.3" \ 1148 -s "key exchange mode: psk" \ 1149 -s "Select PSK ciphersuite" \ 1150 -S "Sent max_early_data_size" \ 1151 -S "NewSessionTicket: early_data(42) extension exists." \ 1152 -s "ClientHello: early_data(42) extension exists." \ 1153 -s "EarlyData: rejected, feature disabled in server configuration." \ 1154 -S "EncryptedExtensions: early_data(42) extension exists." \ 1155 -s "EarlyData: deprotect and discard app data records" \ 1156 -s "EarlyData: Too much early data received" 1157 1158requires_gnutls_tls1_3 1159requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1160 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1161 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1162 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1163requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1165run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \ 1166 "$P_SRV debug_level=4 tickets=1 early_data=1" \ 1167 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 1168 0 \ 1169 -s "Protocol is TLSv1.3" \ 1170 -s "key exchange mode: psk" \ 1171 -s "Select PSK ciphersuite" \ 1172 -s "Sent max_early_data_size" \ 1173 -s "NewSessionTicket: early_data(42) extension exists." \ 1174 -S "ClientHello: early_data(42) extension exists." \ 1175 -S "EncryptedExtensions: early_data(42) extension exists." 1176 1177requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ 1178 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 1179 MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 1180 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1181 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1182run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \ 1183 "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \ 1184 "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \ 1185 0 \ 1186 -s "key exchange mode: ephemeral" \ 1187 -S "key exchange mode: psk" \ 1188 -s "found matched identity" \ 1189 -s "EarlyData: rejected, not a session resumption" \ 1190 -C "EncryptedExtensions: early_data(42) extension exists." 1191
