1#!/bin/sh 2 3# tls13-misc.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7# 8 9requires_gnutls_tls1_3 10requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 11requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12requires_config_enabled MBEDTLS_SSL_SRV_C 13requires_config_enabled MBEDTLS_DEBUG_C 14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 15 16run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ 17 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 18 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 19 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 20 localhost" \ 21 1 \ 22 -s "found psk key exchange modes extension" \ 23 -s "found pre_shared_key extension" \ 24 -s "Found PSK_EPHEMERAL KEX MODE" \ 25 -s "Found PSK KEX MODE" \ 26 -s "No matched ciphersuite" 27 28requires_openssl_tls1_3 29requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 30requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 31requires_config_enabled MBEDTLS_SSL_SRV_C 32requires_config_enabled MBEDTLS_DEBUG_C 33requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 34 35run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ 36 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 37 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ 38 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 39 1 \ 40 -s "found psk key exchange modes extension" \ 41 -s "found pre_shared_key extension" \ 42 -s "Found PSK_EPHEMERAL KEX MODE" \ 43 -s "Found PSK KEX MODE" \ 44 -s "No matched ciphersuite" 45 46requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 47 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 48 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 49run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ 50 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ 51 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 52 0 \ 53 -c "Pre-configured PSK number = 2" \ 54 -s "sent selected_identity: 0" \ 55 -s "key exchange mode: psk_ephemeral" \ 56 -S "key exchange mode: psk$" \ 57 -S "key exchange mode: ephemeral$" \ 58 -S "ticket is not authentic" 59 60requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 61 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 62 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 63run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ 64 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ 65 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 66 0 \ 67 -c "Pre-configured PSK number = 2" \ 68 -s "sent selected_identity: 1" \ 69 -s "key exchange mode: psk_ephemeral" \ 70 -S "key exchange mode: psk$" \ 71 -S "key exchange mode: ephemeral$" \ 72 -s "ticket is not authentic" 73 74requires_gnutls_tls1_3 75requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 76requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 77run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ 78 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 79 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 80 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 81 localhost" \ 82 1 \ 83 -s "found psk key exchange modes extension" \ 84 -s "found pre_shared_key extension" \ 85 -s "Found PSK_EPHEMERAL KEX MODE" \ 86 -S "Found PSK KEX MODE" \ 87 -S "key exchange mode: psk$" \ 88 -S "key exchange mode: psk_ephemeral" \ 89 -S "key exchange mode: ephemeral" 90 91requires_gnutls_tls1_3 92requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 93 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 94 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 95requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 96 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 97run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ 98 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 99 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 100 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 101 localhost" \ 102 0 \ 103 -s "found psk key exchange modes extension" \ 104 -s "found pre_shared_key extension" \ 105 -s "Found PSK_EPHEMERAL KEX MODE" \ 106 -s "Found PSK KEX MODE" \ 107 -s "key exchange mode: psk$" 108 109requires_gnutls_tls1_3 110requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 111 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 112 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 113requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 114 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 115run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ 116 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 117 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 118 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 119 localhost" \ 120 0 \ 121 -s "found psk key exchange modes extension" \ 122 -s "found pre_shared_key extension" \ 123 -s "Found PSK_EPHEMERAL KEX MODE" \ 124 -s "Found PSK KEX MODE" \ 125 -s "key exchange mode: psk_ephemeral$" 126 127requires_gnutls_tls1_3 128requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 129 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 130 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 131requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 132 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 133run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ 134 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 135 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 136 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 137 localhost" \ 138 0 \ 139 -s "key exchange mode: ephemeral$" 140 141requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 142 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 143 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 144 MBEDTLS_DEBUG_C \ 145 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 146requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 147 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 148run_test "TLS 1.3 m->m: resumption" \ 149 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 150 "$P_CLI reco_mode=1 reconnect=1" \ 151 0 \ 152 -c "Protocol is TLSv1.3" \ 153 -c "Saving session for reuse... ok" \ 154 -c "Reconnecting with saved session... ok" \ 155 -c "HTTP/1.0 200 OK" \ 156 -s "Protocol is TLSv1.3" \ 157 -s "key exchange mode: psk" \ 158 -s "Select PSK ciphersuite" 159 160requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 161 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 162 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 163 MBEDTLS_DEBUG_C \ 164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 165requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 166 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 167run_test "TLS 1.3 m->m: resumption with servername" \ 168 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ 169 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ 170 "$P_CLI server_name=localhost reco_mode=1 reconnect=1" \ 171 0 \ 172 -c "Protocol is TLSv1.3" \ 173 -c "Saving session for reuse... ok" \ 174 -c "Reconnecting with saved session... ok" \ 175 -c "HTTP/1.0 200 OK" \ 176 -s "Protocol is TLSv1.3" \ 177 -s "key exchange mode: psk" \ 178 -s "Select PSK ciphersuite" 179 180requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 181 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 182 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 183 MBEDTLS_DEBUG_C \ 184 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 185requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 186 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 187run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \ 188 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604800 tickets=1" \ 189 "$P_CLI reco_mode=1 reconnect=1" \ 190 0 \ 191 -c "Protocol is TLSv1.3" \ 192 -c "Saving session for reuse... ok" \ 193 -c "Reconnecting with saved session... ok" \ 194 -c "HTTP/1.0 200 OK" \ 195 -s "Protocol is TLSv1.3" \ 196 -s "key exchange mode: psk" \ 197 -s "Select PSK ciphersuite" 198 199requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 200 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 201 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 202 MBEDTLS_DEBUG_C \ 203 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 204requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 205 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 206requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 207run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \ 208 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 209 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ 210 0 \ 211 -c "Protocol is TLSv1.3" \ 212 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 213 -c "Saving session for reuse... ok" \ 214 -c "Reconnecting with saved session... ok" \ 215 -c "HTTP/1.0 200 OK" \ 216 -s "Protocol is TLSv1.3" \ 217 -s "key exchange mode: psk" \ 218 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" 219 220requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 221 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 222 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 223 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 224 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 225requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 226 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 227run_test "TLS 1.3 m->m: resumption with early data" \ 228 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 229 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 230 0 \ 231 -c "Protocol is TLSv1.3" \ 232 -c "Saving session for reuse... ok" \ 233 -c "Reconnecting with saved session" \ 234 -c "HTTP/1.0 200 OK" \ 235 -c "received max_early_data_size" \ 236 -c "NewSessionTicket: early_data(42) extension received." \ 237 -c "ClientHello: early_data(42) extension exists." \ 238 -c "EncryptedExtensions: early_data(42) extension received." \ 239 -c "bytes of early data written" \ 240 -C "0 bytes of early data written" \ 241 -s "Protocol is TLSv1.3" \ 242 -s "key exchange mode: psk" \ 243 -s "Select PSK ciphersuite" \ 244 -s "Sent max_early_data_size" \ 245 -s "NewSessionTicket: early_data(42) extension exists." \ 246 -s "ClientHello: early_data(42) extension exists." \ 247 -s "EncryptedExtensions: early_data(42) extension exists." \ 248 -s "early data bytes read" 249 250requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 251 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 252 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 253 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 254 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 255requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 256 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 257requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 258run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \ 259 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 260 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ 261 0 \ 262 -c "Protocol is TLSv1.3" \ 263 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 264 -c "Saving session for reuse... ok" \ 265 -c "Reconnecting with saved session" \ 266 -c "HTTP/1.0 200 OK" \ 267 -c "received max_early_data_size" \ 268 -c "NewSessionTicket: early_data(42) extension received." \ 269 -c "ClientHello: early_data(42) extension exists." \ 270 -c "EncryptedExtensions: early_data(42) extension received." \ 271 -c "bytes of early data written" \ 272 -C "0 bytes of early data written" \ 273 -s "Protocol is TLSv1.3" \ 274 -s "key exchange mode: psk" \ 275 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ 276 -s "Sent max_early_data_size" \ 277 -s "NewSessionTicket: early_data(42) extension exists." \ 278 -s "ClientHello: early_data(42) extension exists." \ 279 -s "EncryptedExtensions: early_data(42) extension exists." \ 280 -s "early data bytes read" 281 282requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 283 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 284 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 285 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 286 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 287requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 288 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 289run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \ 290 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 291 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 292 0 \ 293 -c "Protocol is TLSv1.3" \ 294 -c "Saving session for reuse... ok" \ 295 -c "Reconnecting with saved session" \ 296 -c "HTTP/1.0 200 OK" \ 297 -C "received max_early_data_size" \ 298 -C "NewSessionTicket: early_data(42) extension received." \ 299 -C "ClientHello: early_data(42) extension exists." \ 300 -C "EncryptedExtensions: early_data(42) extension received." \ 301 -c "0 bytes of early data written" \ 302 -s "Protocol is TLSv1.3" \ 303 -s "key exchange mode: psk" \ 304 -s "Select PSK ciphersuite" \ 305 -S "Sent max_early_data_size" \ 306 -S "NewSessionTicket: early_data(42) extension exists." \ 307 -S "ClientHello: early_data(42) extension exists." \ 308 -S "EncryptedExtensions: early_data(42) extension exists." \ 309 -S "early data bytes read" 310 311requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 312 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 313 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 314 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 315 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 316requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 317 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 318run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \ 319 "$P_SRV debug_level=4 early_data=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 320 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 321 0 \ 322 -c "Protocol is TLSv1.3" \ 323 -c "Saving session for reuse... ok" \ 324 -c "Reconnecting with saved session" \ 325 -c "HTTP/1.0 200 OK" \ 326 -C "received max_early_data_size" \ 327 -C "NewSessionTicket: early_data(42) extension received." \ 328 -C "ClientHello: early_data(42) extension exists." \ 329 -C "EncryptedExtensions: early_data(42) extension received." \ 330 -c "0 bytes of early data written" \ 331 -s "Protocol is TLSv1.3" \ 332 -s "key exchange mode: psk" \ 333 -s "Select PSK ciphersuite" \ 334 -S "Sent max_early_data_size" \ 335 -S "NewSessionTicket: early_data(42) extension exists." \ 336 -S "ClientHello: early_data(42) extension exists." \ 337 -S "EncryptedExtensions: early_data(42) extension exists." \ 338 -S "early data bytes read" 339 340requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 341 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 342 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 343 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 344 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 345requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 346 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 347run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \ 348 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 349 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 350 0 \ 351 -c "Protocol is TLSv1.3" \ 352 -c "Saving session for reuse... ok" \ 353 -c "Reconnecting with saved session" \ 354 -c "HTTP/1.0 200 OK" \ 355 -c "received max_early_data_size" \ 356 -c "NewSessionTicket: early_data(42) extension received." \ 357 -C "ClientHello: early_data(42) extension exists." \ 358 -C "EncryptedExtensions: early_data(42) extension received." \ 359 -C "bytes of early data written" \ 360 -s "Protocol is TLSv1.3" \ 361 -s "key exchange mode: psk" \ 362 -s "Select PSK ciphersuite" \ 363 -s "Sent max_early_data_size" \ 364 -s "NewSessionTicket: early_data(42) extension exists." \ 365 -S "ClientHello: early_data(42) extension exists." \ 366 -S "EncryptedExtensions: early_data(42) extension exists." \ 367 -S "early data bytes read" 368 369requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 370 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 371 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 372 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 373 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 374requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 375 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 376run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \ 377 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 378 "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ 379 0 \ 380 -c "Protocol is TLSv1.3" \ 381 -c "Saving session for reuse... ok" \ 382 -c "Reconnecting with saved session" \ 383 -c "HTTP/1.0 200 OK" \ 384 -c "received max_early_data_size" \ 385 -c "NewSessionTicket: early_data(42) extension received." \ 386 -C "ClientHello: early_data(42) extension exists." \ 387 -C "EncryptedExtensions: early_data(42) extension received." \ 388 -C "bytes of early data written" \ 389 -s "Protocol is TLSv1.3" \ 390 -s "key exchange mode: psk" \ 391 -s "Select PSK ciphersuite" \ 392 -s "Sent max_early_data_size" \ 393 -s "NewSessionTicket: early_data(42) extension exists." \ 394 -S "ClientHello: early_data(42) extension exists." \ 395 -S "EncryptedExtensions: early_data(42) extension exists." \ 396 -S "early data bytes read" 397 398requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 399 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 400 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 401 MBEDTLS_DEBUG_C \ 402 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 403requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 404 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 405run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \ 406 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604801 tickets=1" \ 407 "$P_CLI reco_mode=1 reconnect=1" \ 408 1 \ 409 -c "Protocol is TLSv1.3" \ 410 -C "Saving session for reuse... ok" \ 411 -c "Reconnecting with saved session... failed" \ 412 -S "Protocol is TLSv1.3" \ 413 -S "key exchange mode: psk" \ 414 -S "Select PSK ciphersuite" \ 415 -s "Ticket lifetime (604801) is greater than 7 days." 416 417requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 418 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 419 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 420 MBEDTLS_DEBUG_C \ 421 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 422requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 423 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 424run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \ 425 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=0 tickets=1" \ 426 "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \ 427 1 \ 428 -c "Protocol is TLSv1.3" \ 429 -C "Saving session for reuse... ok" \ 430 -c "Discard new session ticket" \ 431 -c "Reconnecting with saved session... failed" \ 432 -s "Protocol is TLSv1.3" \ 433 -S "key exchange mode: psk" \ 434 -S "Select PSK ciphersuite" 435 436requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 437 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 438 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 439 MBEDTLS_DEBUG_C \ 440 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 441requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 442 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 443run_test "TLS 1.3 m->m: resumption fails, servername check failed" \ 444 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ 445 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ 446 "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \ 447 1 \ 448 -c "Protocol is TLSv1.3" \ 449 -c "Saving session for reuse... ok" \ 450 -c "Reconnecting with saved session" \ 451 -c "Hostname mismatch the session ticket, disable session resumption." \ 452 -s "Protocol is TLSv1.3" \ 453 -S "key exchange mode: psk" \ 454 -S "Select PSK ciphersuite" 455 456requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 457 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 458 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 459 MBEDTLS_DEBUG_C \ 460 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 461requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 462 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 463run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \ 464 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=1" \ 465 "$P_CLI reco_mode=1 reconnect=1" \ 466 0 \ 467 -c "Protocol is TLSv1.3" \ 468 -s "key exchange mode: ephemeral" \ 469 -s "Protocol is TLSv1.3" \ 470 -c "Saving session for reuse... ok" \ 471 -c "Reconnecting with saved session" \ 472 -S "key exchange mode: psk" \ 473 -s "ticket is not authentic" \ 474 -S "ticket is expired" \ 475 -S "Invalid ticket creation time" \ 476 -S "Ticket age exceeds limitation" \ 477 -S "Ticket age outside tolerance window" 478 479requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 480 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 481 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 482 MBEDTLS_DEBUG_C \ 483 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 484requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 485 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 486run_test "TLS 1.3 m->m: resumption fails, ticket expired." \ 487 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=2" \ 488 "$P_CLI reco_mode=1 reconnect=1" \ 489 0 \ 490 -c "Protocol is TLSv1.3" \ 491 -s "key exchange mode: ephemeral" \ 492 -s "Protocol is TLSv1.3" \ 493 -c "Saving session for reuse... ok" \ 494 -c "Reconnecting with saved session" \ 495 -S "key exchange mode: psk" \ 496 -S "ticket is not authentic" \ 497 -s "ticket is expired" \ 498 -S "Invalid ticket creation time" \ 499 -S "Ticket age exceeds limitation" \ 500 -S "Ticket age outside tolerance window" 501 502requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 503 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 504 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 505 MBEDTLS_DEBUG_C \ 506 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 507requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 508 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 509run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \ 510 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=3" \ 511 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 512 0 \ 513 -c "Protocol is TLSv1.3" \ 514 -s "key exchange mode: ephemeral" \ 515 -s "Protocol is TLSv1.3" \ 516 -c "Saving session for reuse... ok" \ 517 -c "Reconnecting with saved session" \ 518 -S "key exchange mode: psk" \ 519 -S "ticket is not authentic" \ 520 -S "ticket is expired" \ 521 -s "Invalid ticket creation time" \ 522 -S "Ticket age exceeds limitation" \ 523 -S "Ticket age outside tolerance window" 524 525requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 526 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 527 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 528 MBEDTLS_DEBUG_C \ 529 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 530requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 531 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 532run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \ 533 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=4" \ 534 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 535 0 \ 536 -c "Protocol is TLSv1.3" \ 537 -s "key exchange mode: ephemeral" \ 538 -s "Protocol is TLSv1.3" \ 539 -c "Saving session for reuse... ok" \ 540 -c "Reconnecting with saved session" \ 541 -S "key exchange mode: psk" \ 542 -S "ticket is not authentic" \ 543 -S "ticket is expired" \ 544 -S "Invalid ticket creation time" \ 545 -s "Ticket age exceeds limitation" \ 546 -S "Ticket age outside tolerance window" 547 548requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 549 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 550 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 551 MBEDTLS_DEBUG_C \ 552 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 553requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 554 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 555run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \ 556 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=5" \ 557 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 558 0 \ 559 -c "Protocol is TLSv1.3" \ 560 -s "key exchange mode: ephemeral" \ 561 -s "Protocol is TLSv1.3" \ 562 -c "Saving session for reuse... ok" \ 563 -c "Reconnecting with saved session" \ 564 -S "key exchange mode: psk" \ 565 -S "ticket is not authentic" \ 566 -S "ticket is expired" \ 567 -S "Invalid ticket creation time" \ 568 -S "Ticket age exceeds limitation" \ 569 -s "Ticket age outside tolerance window" 570 571requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 572 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 573 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 574 MBEDTLS_DEBUG_C \ 575 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 576requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 577 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 578run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \ 579 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=6" \ 580 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 581 0 \ 582 -c "Protocol is TLSv1.3" \ 583 -s "key exchange mode: ephemeral" \ 584 -s "Protocol is TLSv1.3" \ 585 -c "Saving session for reuse... ok" \ 586 -c "Reconnecting with saved session" \ 587 -S "key exchange mode: psk" \ 588 -S "ticket is not authentic" \ 589 -S "ticket is expired" \ 590 -S "Invalid ticket creation time" \ 591 -S "Ticket age exceeds limitation" \ 592 -s "Ticket age outside tolerance window" 593 594requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 595 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 596 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 597 MBEDTLS_DEBUG_C \ 598 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 599 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 600run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \ 601 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ 602 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 603 0 \ 604 -c "Protocol is TLSv1.3" \ 605 -s "key exchange mode: ephemeral" \ 606 -S "key exchange mode: psk_ephemeral" \ 607 -S "key exchange mode: psk$" \ 608 -s "found matched identity" \ 609 -s "No suitable PSK key exchange mode" \ 610 -s "No usable PSK or ticket" 611 612requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 613 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 614 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 615 MBEDTLS_DEBUG_C \ 616 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 617 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 618run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \ 619 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ 620 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 621 0 \ 622 -c "Protocol is TLSv1.3" \ 623 -s "key exchange mode: ephemeral" \ 624 -S "key exchange mode: psk_ephemeral" \ 625 -S "key exchange mode: psk$" \ 626 -s "found matched identity" \ 627 -S "No suitable PSK key exchange mode" \ 628 -S "No usable PSK or ticket" 629 630requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 631 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 632 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 633 MBEDTLS_DEBUG_C \ 634 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 635 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 636run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \ 637 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ 638 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 639 0 \ 640 -c "Protocol is TLSv1.3" \ 641 -s "key exchange mode: ephemeral" \ 642 -S "key exchange mode: psk_ephemeral" \ 643 -S "key exchange mode: psk$" \ 644 -s "found matched identity" \ 645 -s "No suitable PSK key exchange mode" \ 646 -s "No usable PSK or ticket" 647 648requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 649 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 650 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 651 MBEDTLS_DEBUG_C \ 652 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 653 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 654run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \ 655 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ 656 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 657 0 \ 658 -c "Protocol is TLSv1.3" \ 659 -s "key exchange mode: ephemeral" \ 660 -S "key exchange mode: psk_ephemeral" \ 661 -S "key exchange mode: psk$" \ 662 -s "found matched identity" \ 663 -S "No suitable PSK key exchange mode" \ 664 -S "No usable PSK or ticket" 665 666requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 667 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 668 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 669 MBEDTLS_DEBUG_C \ 670 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 671 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 672run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \ 673 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ 674 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 675 0 \ 676 -c "Protocol is TLSv1.3" \ 677 -s "key exchange mode: ephemeral" \ 678 -S "key exchange mode: psk_ephemeral" \ 679 -S "key exchange mode: psk$" \ 680 -s "found matched identity" \ 681 -s "No suitable PSK key exchange mode" \ 682 -s "No usable PSK or ticket" 683 684requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 685 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 686 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 687 MBEDTLS_DEBUG_C \ 688 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 689 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 690run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \ 691 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ 692 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 693 0 \ 694 -c "Protocol is TLSv1.3" \ 695 -s "key exchange mode: ephemeral" \ 696 -S "key exchange mode: psk_ephemeral" \ 697 -S "key exchange mode: psk$" \ 698 -s "found matched identity" \ 699 -s "No suitable PSK key exchange mode" \ 700 -s "No usable PSK or ticket" 701 702requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 703 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 704 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 705 MBEDTLS_DEBUG_C \ 706 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 707 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 708run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \ 709 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ 710 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 711 0 \ 712 -c "Protocol is TLSv1.3" \ 713 -s "key exchange mode: ephemeral" \ 714 -s "key exchange mode: psk_ephemeral" \ 715 -S "key exchange mode: psk$" \ 716 -s "found matched identity" \ 717 -S "No suitable PSK key exchange mode" \ 718 -S "No usable PSK or ticket" 719 720requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 721 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 722 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 723 MBEDTLS_DEBUG_C \ 724 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 725 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 726run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \ 727 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ 728 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 729 0 \ 730 -c "Protocol is TLSv1.3" \ 731 -s "key exchange mode: ephemeral" \ 732 -s "key exchange mode: psk_ephemeral" \ 733 -S "key exchange mode: psk$" \ 734 -s "found matched identity" \ 735 -S "No suitable PSK key exchange mode" \ 736 -S "No usable PSK or ticket" 737 738requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 739 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 740 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 741 MBEDTLS_DEBUG_C \ 742 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 743 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 744 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 745run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \ 746 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ 747 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 748 0 \ 749 -c "Pre-configured PSK number = 1" \ 750 -S "sent selected_identity:" \ 751 -s "key exchange mode: ephemeral" \ 752 -S "key exchange mode: psk_ephemeral" \ 753 -S "key exchange mode: psk$" \ 754 -s "No suitable PSK key exchange mode" \ 755 -s "No usable PSK or ticket" 756 757requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 758 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 759 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 760 MBEDTLS_DEBUG_C \ 761 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 762 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 763 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 764run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \ 765 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ 766 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 767 0 \ 768 -c "Protocol is TLSv1.3" \ 769 -s "key exchange mode: ephemeral" \ 770 -S "key exchange mode: psk_ephemeral" \ 771 -S "key exchange mode: psk$" \ 772 -s "found matched identity" \ 773 -S "No suitable PSK key exchange mode" \ 774 -S "No usable PSK or ticket" 775 776requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 777 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 778 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 779 MBEDTLS_DEBUG_C \ 780 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 781 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 782 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 783run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \ 784 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ 785 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 786 0 \ 787 -c "Protocol is TLSv1.3" \ 788 -s "key exchange mode: ephemeral" \ 789 -s "key exchange mode: psk_ephemeral" \ 790 -S "key exchange mode: psk$" \ 791 -s "found matched identity" \ 792 -S "No suitable PSK key exchange mode" \ 793 -S "No usable PSK or ticket" 794 795requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 796 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 797 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 798 MBEDTLS_DEBUG_C \ 799 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 800 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 801 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 802run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \ 803 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ 804 "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 805 0 \ 806 -c "Protocol is TLSv1.3" \ 807 -s "key exchange mode: ephemeral" \ 808 -s "key exchange mode: psk_ephemeral" \ 809 -S "key exchange mode: psk$" \ 810 -s "found matched identity" \ 811 -S "No suitable PSK key exchange mode" \ 812 -S "No usable PSK or ticket" 813 814requires_openssl_tls1_3_with_compatible_ephemeral 815requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 816 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 817 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 818 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 819requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 820 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 821run_test "TLS 1.3 m->O: resumption" \ 822 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 823 "$P_CLI reco_mode=1 reconnect=1" \ 824 0 \ 825 -c "Protocol is TLSv1.3" \ 826 -c "Saving session for reuse... ok" \ 827 -c "Reconnecting with saved session... ok" \ 828 -c "HTTP/1.0 200 ok" 829 830requires_openssl_tls1_3_with_compatible_ephemeral 831requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 832 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 833 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 834requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS 835run_test "TLS 1.3 m->O: resumption fails, no ticket support" \ 836 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 837 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 838 1 \ 839 -c "Protocol is TLSv1.3" \ 840 -C "Saving session for reuse... ok" \ 841 -C "Reconnecting with saved session... ok" \ 842 -c "Ignoring NewSessionTicket, not supported." 843 844requires_openssl_tls1_3_with_compatible_ephemeral 845requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 846 MBEDTLS_SSL_SESSION_TICKETS \ 847 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 848 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 849run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled" \ 850 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 851 "$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \ 852 1 \ 853 -c "Protocol is TLSv1.3" \ 854 -C "Saving session for reuse... ok" \ 855 -C "Reconnecting with saved session... ok" \ 856 -c "Ignoring NewSessionTicket, handling disabled." 857 858# No early data m->O tests for the time being. The option -early_data is needed 859# to enable early data on OpenSSL server and it is not compatible with the 860# -www option we usually use for testing with OpenSSL server (see 861# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the 862# ephemeral then ticket based scenario we use for early data testing the first 863# handshake fails. The following skipped test is here to illustrate the kind 864# of testing we would like to do. 865skip_next_test 866requires_openssl_tls1_3_with_compatible_ephemeral 867requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 868 MBEDTLS_SSL_EARLY_DATA \ 869 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 870 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 871requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 872 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 873run_test "TLS 1.3 m->O: resumption with early data" \ 874 "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 875 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 876 0 \ 877 -c "Protocol is TLSv1.3" \ 878 -c "Saving session for reuse... ok" \ 879 -c "Reconnecting with saved session" \ 880 -c "HTTP/1.0 200 OK" \ 881 -c "received max_early_data_size: 16384" \ 882 -c "NewSessionTicket: early_data(42) extension received." \ 883 -c "ClientHello: early_data(42) extension exists." \ 884 -c "EncryptedExtensions: early_data(42) extension received." \ 885 -c "bytes of early data written" \ 886 -s "decrypted early data with length:" 887 888requires_gnutls_tls1_3 889requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 890 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 891 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 892 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 893requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 894 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 895run_test "TLS 1.3 m->G: resumption" \ 896 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 897 "$P_CLI reco_mode=1 reconnect=1" \ 898 0 \ 899 -c "Protocol is TLSv1.3" \ 900 -c "Saving session for reuse... ok" \ 901 -c "Reconnecting with saved session... ok" \ 902 -c "HTTP/1.0 200 OK" 903 904requires_gnutls_tls1_3 905requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 906 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 907 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 908requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS 909run_test "TLS 1.3 m->G: resumption fails, no ticket support" \ 910 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 911 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 912 1 \ 913 -c "Protocol is TLSv1.3" \ 914 -C "Saving session for reuse... ok" \ 915 -C "Reconnecting with saved session... ok" \ 916 -c "Ignoring NewSessionTicket, not supported." 917 918requires_gnutls_tls1_3 919requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 920 MBEDTLS_SSL_SESSION_TICKETS \ 921 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 922 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 923run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled" \ 924 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 925 "$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \ 926 1 \ 927 -c "Protocol is TLSv1.3" \ 928 -C "Saving session for reuse... ok" \ 929 -C "Reconnecting with saved session... ok" \ 930 -c "Ignoring NewSessionTicket, handling disabled." 931 932requires_gnutls_tls1_3 933requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 934 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 935 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 936 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 937requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 938 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 939requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 940run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \ 941 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 942 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ 943 0 \ 944 -c "Protocol is TLSv1.3" \ 945 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 946 -c "Saving session for reuse... ok" \ 947 -c "Reconnecting with saved session... ok" \ 948 -c "HTTP/1.0 200 OK" 949 950requires_gnutls_tls1_3 951requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 952 MBEDTLS_SSL_EARLY_DATA \ 953 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 954 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 955requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 956 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 957run_test "TLS 1.3 m->G: resumption with early data" \ 958 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 959 --earlydata --maxearlydata 16384" \ 960 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 961 0 \ 962 -c "Protocol is TLSv1.3" \ 963 -c "Saving session for reuse... ok" \ 964 -c "Reconnecting with saved session" \ 965 -c "HTTP/1.0 200 OK" \ 966 -c "received max_early_data_size: 16384" \ 967 -c "NewSessionTicket: early_data(42) extension received." \ 968 -c "ClientHello: early_data(42) extension exists." \ 969 -c "EncryptedExtensions: early_data(42) extension received." \ 970 -c "bytes of early data written" \ 971 -s "decrypted early data with length:" 972 973requires_gnutls_tls1_3 974requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 975 MBEDTLS_SSL_EARLY_DATA \ 976 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 977 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 978requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 979 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 980requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 981run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \ 982 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 983 --earlydata --maxearlydata 16384" \ 984 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ 985 0 \ 986 -c "Protocol is TLSv1.3" \ 987 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 988 -c "Saving session for reuse... ok" \ 989 -c "Reconnecting with saved session" \ 990 -c "HTTP/1.0 200 OK" \ 991 -c "received max_early_data_size: 16384" \ 992 -c "NewSessionTicket: early_data(42) extension received." \ 993 -c "ClientHello: early_data(42) extension exists." \ 994 -c "EncryptedExtensions: early_data(42) extension received." \ 995 -c "bytes of early data written" \ 996 -s "decrypted early data with length:" 997 998requires_gnutls_tls1_3 999requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 1000 MBEDTLS_SSL_EARLY_DATA \ 1001 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1002 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1003requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1004 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1005run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \ 1006 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ 1007 "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 1008 0 \ 1009 -c "Protocol is TLSv1.3" \ 1010 -c "Saving session for reuse... ok" \ 1011 -c "Reconnecting with saved session" \ 1012 -c "HTTP/1.0 200 OK" \ 1013 -C "received max_early_data_size: 16384" \ 1014 -C "NewSessionTicket: early_data(42) extension received." \ 1015 1016requires_gnutls_tls1_3 1017requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 1018 MBEDTLS_SSL_EARLY_DATA \ 1019 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1020 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1021requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1022 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1023run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \ 1024 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 1025 --earlydata --maxearlydata 16384" \ 1026 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 1027 0 \ 1028 -c "Protocol is TLSv1.3" \ 1029 -c "Saving session for reuse... ok" \ 1030 -c "Reconnecting with saved session" \ 1031 -c "HTTP/1.0 200 OK" \ 1032 -c "received max_early_data_size: 16384" \ 1033 -c "NewSessionTicket: early_data(42) extension received." \ 1034 -C "ClientHello: early_data(42) extension exists." \ 1035 1036requires_gnutls_tls1_3 1037requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 1038 MBEDTLS_SSL_EARLY_DATA \ 1039 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1040 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1041requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1042 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1043run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \ 1044 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 1045 --earlydata --maxearlydata 16384" \ 1046 "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ 1047 0 \ 1048 -c "Protocol is TLSv1.3" \ 1049 -c "Saving session for reuse... ok" \ 1050 -c "Reconnecting with saved session" \ 1051 -c "HTTP/1.0 200 OK" \ 1052 -c "received max_early_data_size: 16384" \ 1053 -c "NewSessionTicket: early_data(42) extension received." \ 1054 -C "ClientHello: early_data(42) extension exists." \ 1055 1056requires_openssl_tls1_3_with_compatible_ephemeral 1057requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 1058 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1059 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1060requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1061 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1062# https://github.com/openssl/openssl/issues/10714 1063# Until now, OpenSSL client does not support reconnect. 1064skip_next_test 1065run_test "TLS 1.3 O->m: resumption" \ 1066 "$P_SRV debug_level=2 tickets=1" \ 1067 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \ 1068 0 \ 1069 -s "Protocol is TLSv1.3" \ 1070 -s "key exchange mode: psk" \ 1071 -s "Select PSK ciphersuite" 1072 1073requires_gnutls_tls1_3 1074requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1075 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1076 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1077 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1078requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1079 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1080run_test "TLS 1.3 G->m: resumption" \ 1081 "$P_SRV debug_level=2 tickets=1" \ 1082 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 1083 0 \ 1084 -s "Protocol is TLSv1.3" \ 1085 -s "key exchange mode: psk" \ 1086 -s "Select PSK ciphersuite" 1087 1088requires_gnutls_tls1_3 1089requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1090 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1091 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1092 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1093requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1094 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1095requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 1096# Test the session resumption when the cipher suite for the original session is 1097# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not 1098# 256 bits long as with all the other TLS 1.3 cipher suites. 1099run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \ 1100 "$P_SRV debug_level=2 tickets=1" \ 1101 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \ 1102 0 \ 1103 -s "Protocol is TLSv1.3" \ 1104 -s "key exchange mode: psk" \ 1105 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" 1106 1107EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) 1108EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) 1109 1110requires_gnutls_tls1_3 1111requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1112 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1113 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1114 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1115requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1116 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1117run_test "TLS 1.3 G->m: resumption with early data" \ 1118 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1119 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1120 --earlydata $EARLY_DATA_INPUT" \ 1121 0 \ 1122 -s "Protocol is TLSv1.3" \ 1123 -s "key exchange mode: psk" \ 1124 -s "Select PSK ciphersuite" \ 1125 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1126 -s "NewSessionTicket: early_data(42) extension exists." \ 1127 -s "ClientHello: early_data(42) extension exists." \ 1128 -s "EncryptedExtensions: early_data(42) extension exists." \ 1129 -s "$( head -1 $EARLY_DATA_INPUT )" \ 1130 -s "$( tail -1 $EARLY_DATA_INPUT )" \ 1131 -s "200 early data bytes read" \ 1132 -s "106 early data bytes read" 1133 1134requires_gnutls_tls1_3 1135requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1136 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1137 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1138 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1139requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1140 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1141requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 1142run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \ 1143 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1144 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \ 1145 --earlydata $EARLY_DATA_INPUT" \ 1146 0 \ 1147 -s "Protocol is TLSv1.3" \ 1148 -s "key exchange mode: psk" \ 1149 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ 1150 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1151 -s "NewSessionTicket: early_data(42) extension exists." \ 1152 -s "ClientHello: early_data(42) extension exists." \ 1153 -s "EncryptedExtensions: early_data(42) extension exists." \ 1154 -s "$( head -1 $EARLY_DATA_INPUT )" \ 1155 -s "$( tail -1 $EARLY_DATA_INPUT )" \ 1156 -s "200 early data bytes read" \ 1157 -s "106 early data bytes read" 1158 1159# The Mbed TLS server does not allow early data for the ticket it sends but 1160# the GnuTLS indicates early data anyway when resuming with the ticket and 1161# sends early data. The Mbed TLS server does not expect early data in 1162# association with the ticket thus it eventually fails the resumption 1163# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 1164# specification and thus its behavior may change in following versions. 1165requires_gnutls_tls1_3 1166requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1167 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1168 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1169 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1170requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1171 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1172run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \ 1173 "$P_SRV debug_level=4 tickets=1" \ 1174 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1175 --earlydata $EARLY_DATA_INPUT" \ 1176 1 \ 1177 -s "Protocol is TLSv1.3" \ 1178 -s "key exchange mode: psk" \ 1179 -s "Select PSK ciphersuite" \ 1180 -S "Sent max_early_data_size" \ 1181 -S "NewSessionTicket: early_data(42) extension exists." \ 1182 -s "ClientHello: early_data(42) extension exists." \ 1183 -s "EarlyData: rejected, feature disabled in server configuration." \ 1184 -S "EncryptedExtensions: early_data(42) extension exists." \ 1185 -s "EarlyData: deprotect and discard app data records" \ 1186 -s "EarlyData: Too much early data received" 1187 1188# The Mbed TLS server does not allow early data for the ticket it sends but 1189# the GnuTLS indicates early data anyway when resuming with the ticket and 1190# sends early data. The Mbed TLS server does not expect early data in 1191# association with the ticket thus it eventually fails the resumption 1192# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 1193# specification and thus its behavior may change in following versions. 1194requires_gnutls_tls1_3 1195requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1196 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1197 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1198 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1199requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1200 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1201run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \ 1202 "$P_SRV debug_level=4 tickets=1 early_data=0" \ 1203 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1204 --earlydata $EARLY_DATA_INPUT" \ 1205 1 \ 1206 -s "Protocol is TLSv1.3" \ 1207 -s "key exchange mode: psk" \ 1208 -s "Select PSK ciphersuite" \ 1209 -S "Sent max_early_data_size" \ 1210 -S "NewSessionTicket: early_data(42) extension exists." \ 1211 -s "ClientHello: early_data(42) extension exists." \ 1212 -s "EarlyData: rejected, feature disabled in server configuration." \ 1213 -S "EncryptedExtensions: early_data(42) extension exists." \ 1214 -s "EarlyData: deprotect and discard app data records" \ 1215 -s "EarlyData: Too much early data received" 1216 1217requires_gnutls_tls1_3 1218requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1219 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1220 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1221 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1222requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1223 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1224run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \ 1225 "$P_SRV debug_level=4 tickets=1 early_data=1" \ 1226 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 1227 0 \ 1228 -s "Protocol is TLSv1.3" \ 1229 -s "key exchange mode: psk" \ 1230 -s "Select PSK ciphersuite" \ 1231 -s "Sent max_early_data_size" \ 1232 -s "NewSessionTicket: early_data(42) extension exists." \ 1233 -S "ClientHello: early_data(42) extension exists." \ 1234 -S "EncryptedExtensions: early_data(42) extension exists." 1235 1236requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ 1237 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 1238 MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 1239 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1240 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1241run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \ 1242 "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \ 1243 "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \ 1244 0 \ 1245 -s "key exchange mode: ephemeral" \ 1246 -S "key exchange mode: psk" \ 1247 -s "found matched identity" \ 1248 -s "EarlyData: rejected, not a session resumption" \ 1249 -C "EncryptedExtensions: early_data(42) extension exists." 1250
