tls13-compat.sh (895472B)
1 # TLS 1.3 interoperability test cases (equivalent of compat.sh for TLS 1.3). 2 # 3 # Automatically generated by generate_tls13_compat_tests.py. Do not edit! 4 5 # Copyright The Mbed TLS Contributors 6 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7 8 DATA_FILES_PATH=../framework/data_files 9 requires_config_enabled MBEDTLS_SSL_SRV_C 10 requires_config_enabled MBEDTLS_DEBUG_C 11 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12 requires_config_enabled PSA_WANT_ALG_ECDH 13 requires_openssl_tls1_3 14 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 15 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 16 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \ 17 0 \ 18 -s "Protocol is TLSv1.3" \ 19 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 20 -s "received signature algorithm: 0x403" \ 21 -s "got named group: secp256r1(0017)" \ 22 -s "Certificate verification was skipped" \ 23 -C "received HelloRetryRequest message" 24 25 requires_config_enabled MBEDTLS_SSL_SRV_C 26 requires_config_enabled MBEDTLS_DEBUG_C 27 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 28 requires_config_enabled PSA_WANT_ALG_ECDH 29 requires_openssl_tls1_3 30 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 31 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 32 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \ 33 0 \ 34 -s "Protocol is TLSv1.3" \ 35 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 36 -s "received signature algorithm: 0x503" \ 37 -s "got named group: secp256r1(0017)" \ 38 -s "Certificate verification was skipped" \ 39 -C "received HelloRetryRequest message" 40 41 requires_config_enabled MBEDTLS_SSL_SRV_C 42 requires_config_enabled MBEDTLS_DEBUG_C 43 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 44 requires_config_enabled PSA_WANT_ALG_ECDH 45 requires_openssl_tls1_3 46 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 47 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 48 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \ 49 0 \ 50 -s "Protocol is TLSv1.3" \ 51 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 52 -s "received signature algorithm: 0x603" \ 53 -s "got named group: secp256r1(0017)" \ 54 -s "Certificate verification was skipped" \ 55 -C "received HelloRetryRequest message" 56 57 requires_config_enabled MBEDTLS_SSL_SRV_C 58 requires_config_enabled MBEDTLS_DEBUG_C 59 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 60 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 61 requires_config_enabled PSA_WANT_ALG_ECDH 62 requires_openssl_tls1_3 63 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 64 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 65 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \ 66 0 \ 67 -s "Protocol is TLSv1.3" \ 68 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 69 -s "received signature algorithm: 0x804" \ 70 -s "got named group: secp256r1(0017)" \ 71 -s "Certificate verification was skipped" \ 72 -C "received HelloRetryRequest message" 73 74 requires_config_enabled MBEDTLS_SSL_SRV_C 75 requires_config_enabled MBEDTLS_DEBUG_C 76 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 77 requires_config_enabled PSA_WANT_ALG_ECDH 78 requires_openssl_tls1_3 79 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 80 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 81 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \ 82 0 \ 83 -s "Protocol is TLSv1.3" \ 84 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 85 -s "received signature algorithm: 0x403" \ 86 -s "got named group: secp384r1(0018)" \ 87 -s "Certificate verification was skipped" \ 88 -C "received HelloRetryRequest message" 89 90 requires_config_enabled MBEDTLS_SSL_SRV_C 91 requires_config_enabled MBEDTLS_DEBUG_C 92 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 93 requires_config_enabled PSA_WANT_ALG_ECDH 94 requires_openssl_tls1_3 95 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 96 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 97 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \ 98 0 \ 99 -s "Protocol is TLSv1.3" \ 100 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 101 -s "received signature algorithm: 0x503" \ 102 -s "got named group: secp384r1(0018)" \ 103 -s "Certificate verification was skipped" \ 104 -C "received HelloRetryRequest message" 105 106 requires_config_enabled MBEDTLS_SSL_SRV_C 107 requires_config_enabled MBEDTLS_DEBUG_C 108 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 109 requires_config_enabled PSA_WANT_ALG_ECDH 110 requires_openssl_tls1_3 111 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 112 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 113 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \ 114 0 \ 115 -s "Protocol is TLSv1.3" \ 116 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 117 -s "received signature algorithm: 0x603" \ 118 -s "got named group: secp384r1(0018)" \ 119 -s "Certificate verification was skipped" \ 120 -C "received HelloRetryRequest message" 121 122 requires_config_enabled MBEDTLS_SSL_SRV_C 123 requires_config_enabled MBEDTLS_DEBUG_C 124 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 125 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 126 requires_config_enabled PSA_WANT_ALG_ECDH 127 requires_openssl_tls1_3 128 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 129 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 130 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \ 131 0 \ 132 -s "Protocol is TLSv1.3" \ 133 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 134 -s "received signature algorithm: 0x804" \ 135 -s "got named group: secp384r1(0018)" \ 136 -s "Certificate verification was skipped" \ 137 -C "received HelloRetryRequest message" 138 139 requires_config_enabled MBEDTLS_SSL_SRV_C 140 requires_config_enabled MBEDTLS_DEBUG_C 141 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 142 requires_config_enabled PSA_WANT_ALG_ECDH 143 requires_openssl_tls1_3 144 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 145 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 146 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \ 147 0 \ 148 -s "Protocol is TLSv1.3" \ 149 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 150 -s "received signature algorithm: 0x403" \ 151 -s "got named group: secp521r1(0019)" \ 152 -s "Certificate verification was skipped" \ 153 -C "received HelloRetryRequest message" 154 155 requires_config_enabled MBEDTLS_SSL_SRV_C 156 requires_config_enabled MBEDTLS_DEBUG_C 157 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 158 requires_config_enabled PSA_WANT_ALG_ECDH 159 requires_openssl_tls1_3 160 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 161 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 162 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \ 163 0 \ 164 -s "Protocol is TLSv1.3" \ 165 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 166 -s "received signature algorithm: 0x503" \ 167 -s "got named group: secp521r1(0019)" \ 168 -s "Certificate verification was skipped" \ 169 -C "received HelloRetryRequest message" 170 171 requires_config_enabled MBEDTLS_SSL_SRV_C 172 requires_config_enabled MBEDTLS_DEBUG_C 173 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 174 requires_config_enabled PSA_WANT_ALG_ECDH 175 requires_openssl_tls1_3 176 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 177 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 178 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \ 179 0 \ 180 -s "Protocol is TLSv1.3" \ 181 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 182 -s "received signature algorithm: 0x603" \ 183 -s "got named group: secp521r1(0019)" \ 184 -s "Certificate verification was skipped" \ 185 -C "received HelloRetryRequest message" 186 187 requires_config_enabled MBEDTLS_SSL_SRV_C 188 requires_config_enabled MBEDTLS_DEBUG_C 189 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 190 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 191 requires_config_enabled PSA_WANT_ALG_ECDH 192 requires_openssl_tls1_3 193 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 194 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 195 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \ 196 0 \ 197 -s "Protocol is TLSv1.3" \ 198 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 199 -s "received signature algorithm: 0x804" \ 200 -s "got named group: secp521r1(0019)" \ 201 -s "Certificate verification was skipped" \ 202 -C "received HelloRetryRequest message" 203 204 requires_config_enabled MBEDTLS_SSL_SRV_C 205 requires_config_enabled MBEDTLS_DEBUG_C 206 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 207 requires_config_enabled PSA_WANT_ALG_ECDH 208 requires_openssl_tls1_3 209 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ 210 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 211 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \ 212 0 \ 213 -s "Protocol is TLSv1.3" \ 214 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 215 -s "received signature algorithm: 0x403" \ 216 -s "got named group: x25519(001d)" \ 217 -s "Certificate verification was skipped" \ 218 -C "received HelloRetryRequest message" 219 220 requires_config_enabled MBEDTLS_SSL_SRV_C 221 requires_config_enabled MBEDTLS_DEBUG_C 222 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 223 requires_config_enabled PSA_WANT_ALG_ECDH 224 requires_openssl_tls1_3 225 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ 226 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 227 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \ 228 0 \ 229 -s "Protocol is TLSv1.3" \ 230 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 231 -s "received signature algorithm: 0x503" \ 232 -s "got named group: x25519(001d)" \ 233 -s "Certificate verification was skipped" \ 234 -C "received HelloRetryRequest message" 235 236 requires_config_enabled MBEDTLS_SSL_SRV_C 237 requires_config_enabled MBEDTLS_DEBUG_C 238 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 239 requires_config_enabled PSA_WANT_ALG_ECDH 240 requires_openssl_tls1_3 241 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ 242 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 243 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \ 244 0 \ 245 -s "Protocol is TLSv1.3" \ 246 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 247 -s "received signature algorithm: 0x603" \ 248 -s "got named group: x25519(001d)" \ 249 -s "Certificate verification was skipped" \ 250 -C "received HelloRetryRequest message" 251 252 requires_config_enabled MBEDTLS_SSL_SRV_C 253 requires_config_enabled MBEDTLS_DEBUG_C 254 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 255 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 256 requires_config_enabled PSA_WANT_ALG_ECDH 257 requires_openssl_tls1_3 258 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ 259 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 260 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \ 261 0 \ 262 -s "Protocol is TLSv1.3" \ 263 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 264 -s "received signature algorithm: 0x804" \ 265 -s "got named group: x25519(001d)" \ 266 -s "Certificate verification was skipped" \ 267 -C "received HelloRetryRequest message" 268 269 requires_config_enabled MBEDTLS_SSL_SRV_C 270 requires_config_enabled MBEDTLS_DEBUG_C 271 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 272 requires_config_enabled PSA_WANT_ALG_ECDH 273 requires_openssl_tls1_3 274 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ 275 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 276 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \ 277 0 \ 278 -s "Protocol is TLSv1.3" \ 279 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 280 -s "received signature algorithm: 0x403" \ 281 -s "got named group: x448(001e)" \ 282 -s "Certificate verification was skipped" \ 283 -C "received HelloRetryRequest message" 284 285 requires_config_enabled MBEDTLS_SSL_SRV_C 286 requires_config_enabled MBEDTLS_DEBUG_C 287 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 288 requires_config_enabled PSA_WANT_ALG_ECDH 289 requires_openssl_tls1_3 290 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ 291 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 292 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \ 293 0 \ 294 -s "Protocol is TLSv1.3" \ 295 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 296 -s "received signature algorithm: 0x503" \ 297 -s "got named group: x448(001e)" \ 298 -s "Certificate verification was skipped" \ 299 -C "received HelloRetryRequest message" 300 301 requires_config_enabled MBEDTLS_SSL_SRV_C 302 requires_config_enabled MBEDTLS_DEBUG_C 303 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 304 requires_config_enabled PSA_WANT_ALG_ECDH 305 requires_openssl_tls1_3 306 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ 307 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 308 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \ 309 0 \ 310 -s "Protocol is TLSv1.3" \ 311 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 312 -s "received signature algorithm: 0x603" \ 313 -s "got named group: x448(001e)" \ 314 -s "Certificate verification was skipped" \ 315 -C "received HelloRetryRequest message" 316 317 requires_config_enabled MBEDTLS_SSL_SRV_C 318 requires_config_enabled MBEDTLS_DEBUG_C 319 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 320 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 321 requires_config_enabled PSA_WANT_ALG_ECDH 322 requires_openssl_tls1_3 323 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ 324 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 325 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \ 326 0 \ 327 -s "Protocol is TLSv1.3" \ 328 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 329 -s "received signature algorithm: 0x804" \ 330 -s "got named group: x448(001e)" \ 331 -s "Certificate verification was skipped" \ 332 -C "received HelloRetryRequest message" 333 334 requires_config_enabled MBEDTLS_SSL_SRV_C 335 requires_config_enabled MBEDTLS_DEBUG_C 336 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 337 requires_config_enabled PSA_WANT_ALG_FFDH 338 requires_config_enabled PSA_WANT_DH_RFC7919_2048 339 requires_openssl_tls1_3_with_ffdh 340 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 341 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 342 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \ 343 0 \ 344 -s "Protocol is TLSv1.3" \ 345 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 346 -s "received signature algorithm: 0x403" \ 347 -s "got named group: ffdhe2048(0100)" \ 348 -s "Certificate verification was skipped" \ 349 -C "received HelloRetryRequest message" 350 351 requires_config_enabled MBEDTLS_SSL_SRV_C 352 requires_config_enabled MBEDTLS_DEBUG_C 353 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 354 requires_config_enabled PSA_WANT_ALG_FFDH 355 requires_config_enabled PSA_WANT_DH_RFC7919_2048 356 requires_openssl_tls1_3_with_ffdh 357 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 358 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 359 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \ 360 0 \ 361 -s "Protocol is TLSv1.3" \ 362 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 363 -s "received signature algorithm: 0x503" \ 364 -s "got named group: ffdhe2048(0100)" \ 365 -s "Certificate verification was skipped" \ 366 -C "received HelloRetryRequest message" 367 368 requires_config_enabled MBEDTLS_SSL_SRV_C 369 requires_config_enabled MBEDTLS_DEBUG_C 370 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 371 requires_config_enabled PSA_WANT_ALG_FFDH 372 requires_config_enabled PSA_WANT_DH_RFC7919_2048 373 requires_openssl_tls1_3_with_ffdh 374 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 375 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 376 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \ 377 0 \ 378 -s "Protocol is TLSv1.3" \ 379 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 380 -s "received signature algorithm: 0x603" \ 381 -s "got named group: ffdhe2048(0100)" \ 382 -s "Certificate verification was skipped" \ 383 -C "received HelloRetryRequest message" 384 385 requires_config_enabled MBEDTLS_SSL_SRV_C 386 requires_config_enabled MBEDTLS_DEBUG_C 387 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 388 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 389 requires_config_enabled PSA_WANT_ALG_FFDH 390 requires_config_enabled PSA_WANT_DH_RFC7919_2048 391 requires_openssl_tls1_3_with_ffdh 392 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 393 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 394 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \ 395 0 \ 396 -s "Protocol is TLSv1.3" \ 397 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 398 -s "received signature algorithm: 0x804" \ 399 -s "got named group: ffdhe2048(0100)" \ 400 -s "Certificate verification was skipped" \ 401 -C "received HelloRetryRequest message" 402 403 requires_config_enabled MBEDTLS_SSL_SRV_C 404 requires_config_enabled MBEDTLS_DEBUG_C 405 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 406 requires_config_enabled PSA_WANT_ALG_ECDH 407 requires_openssl_tls1_3 408 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ 409 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 410 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \ 411 0 \ 412 -s "Protocol is TLSv1.3" \ 413 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 414 -s "received signature algorithm: 0x403" \ 415 -s "got named group: secp256r1(0017)" \ 416 -s "Certificate verification was skipped" \ 417 -C "received HelloRetryRequest message" 418 419 requires_config_enabled MBEDTLS_SSL_SRV_C 420 requires_config_enabled MBEDTLS_DEBUG_C 421 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 422 requires_config_enabled PSA_WANT_ALG_ECDH 423 requires_openssl_tls1_3 424 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ 425 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 426 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \ 427 0 \ 428 -s "Protocol is TLSv1.3" \ 429 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 430 -s "received signature algorithm: 0x503" \ 431 -s "got named group: secp256r1(0017)" \ 432 -s "Certificate verification was skipped" \ 433 -C "received HelloRetryRequest message" 434 435 requires_config_enabled MBEDTLS_SSL_SRV_C 436 requires_config_enabled MBEDTLS_DEBUG_C 437 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 438 requires_config_enabled PSA_WANT_ALG_ECDH 439 requires_openssl_tls1_3 440 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ 441 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 442 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \ 443 0 \ 444 -s "Protocol is TLSv1.3" \ 445 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 446 -s "received signature algorithm: 0x603" \ 447 -s "got named group: secp256r1(0017)" \ 448 -s "Certificate verification was skipped" \ 449 -C "received HelloRetryRequest message" 450 451 requires_config_enabled MBEDTLS_SSL_SRV_C 452 requires_config_enabled MBEDTLS_DEBUG_C 453 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 454 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 455 requires_config_enabled PSA_WANT_ALG_ECDH 456 requires_openssl_tls1_3 457 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ 458 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 459 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \ 460 0 \ 461 -s "Protocol is TLSv1.3" \ 462 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 463 -s "received signature algorithm: 0x804" \ 464 -s "got named group: secp256r1(0017)" \ 465 -s "Certificate verification was skipped" \ 466 -C "received HelloRetryRequest message" 467 468 requires_config_enabled MBEDTLS_SSL_SRV_C 469 requires_config_enabled MBEDTLS_DEBUG_C 470 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 471 requires_config_enabled PSA_WANT_ALG_ECDH 472 requires_openssl_tls1_3 473 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ 474 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 475 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \ 476 0 \ 477 -s "Protocol is TLSv1.3" \ 478 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 479 -s "received signature algorithm: 0x403" \ 480 -s "got named group: secp384r1(0018)" \ 481 -s "Certificate verification was skipped" \ 482 -C "received HelloRetryRequest message" 483 484 requires_config_enabled MBEDTLS_SSL_SRV_C 485 requires_config_enabled MBEDTLS_DEBUG_C 486 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 487 requires_config_enabled PSA_WANT_ALG_ECDH 488 requires_openssl_tls1_3 489 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ 490 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 491 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \ 492 0 \ 493 -s "Protocol is TLSv1.3" \ 494 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 495 -s "received signature algorithm: 0x503" \ 496 -s "got named group: secp384r1(0018)" \ 497 -s "Certificate verification was skipped" \ 498 -C "received HelloRetryRequest message" 499 500 requires_config_enabled MBEDTLS_SSL_SRV_C 501 requires_config_enabled MBEDTLS_DEBUG_C 502 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 503 requires_config_enabled PSA_WANT_ALG_ECDH 504 requires_openssl_tls1_3 505 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ 506 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 507 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \ 508 0 \ 509 -s "Protocol is TLSv1.3" \ 510 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 511 -s "received signature algorithm: 0x603" \ 512 -s "got named group: secp384r1(0018)" \ 513 -s "Certificate verification was skipped" \ 514 -C "received HelloRetryRequest message" 515 516 requires_config_enabled MBEDTLS_SSL_SRV_C 517 requires_config_enabled MBEDTLS_DEBUG_C 518 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 519 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 520 requires_config_enabled PSA_WANT_ALG_ECDH 521 requires_openssl_tls1_3 522 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ 523 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 524 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \ 525 0 \ 526 -s "Protocol is TLSv1.3" \ 527 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 528 -s "received signature algorithm: 0x804" \ 529 -s "got named group: secp384r1(0018)" \ 530 -s "Certificate verification was skipped" \ 531 -C "received HelloRetryRequest message" 532 533 requires_config_enabled MBEDTLS_SSL_SRV_C 534 requires_config_enabled MBEDTLS_DEBUG_C 535 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 536 requires_config_enabled PSA_WANT_ALG_ECDH 537 requires_openssl_tls1_3 538 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ 539 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 540 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \ 541 0 \ 542 -s "Protocol is TLSv1.3" \ 543 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 544 -s "received signature algorithm: 0x403" \ 545 -s "got named group: secp521r1(0019)" \ 546 -s "Certificate verification was skipped" \ 547 -C "received HelloRetryRequest message" 548 549 requires_config_enabled MBEDTLS_SSL_SRV_C 550 requires_config_enabled MBEDTLS_DEBUG_C 551 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 552 requires_config_enabled PSA_WANT_ALG_ECDH 553 requires_openssl_tls1_3 554 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ 555 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 556 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \ 557 0 \ 558 -s "Protocol is TLSv1.3" \ 559 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 560 -s "received signature algorithm: 0x503" \ 561 -s "got named group: secp521r1(0019)" \ 562 -s "Certificate verification was skipped" \ 563 -C "received HelloRetryRequest message" 564 565 requires_config_enabled MBEDTLS_SSL_SRV_C 566 requires_config_enabled MBEDTLS_DEBUG_C 567 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 568 requires_config_enabled PSA_WANT_ALG_ECDH 569 requires_openssl_tls1_3 570 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ 571 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 572 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \ 573 0 \ 574 -s "Protocol is TLSv1.3" \ 575 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 576 -s "received signature algorithm: 0x603" \ 577 -s "got named group: secp521r1(0019)" \ 578 -s "Certificate verification was skipped" \ 579 -C "received HelloRetryRequest message" 580 581 requires_config_enabled MBEDTLS_SSL_SRV_C 582 requires_config_enabled MBEDTLS_DEBUG_C 583 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 584 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 585 requires_config_enabled PSA_WANT_ALG_ECDH 586 requires_openssl_tls1_3 587 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ 588 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 589 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \ 590 0 \ 591 -s "Protocol is TLSv1.3" \ 592 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 593 -s "received signature algorithm: 0x804" \ 594 -s "got named group: secp521r1(0019)" \ 595 -s "Certificate verification was skipped" \ 596 -C "received HelloRetryRequest message" 597 598 requires_config_enabled MBEDTLS_SSL_SRV_C 599 requires_config_enabled MBEDTLS_DEBUG_C 600 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 601 requires_config_enabled PSA_WANT_ALG_ECDH 602 requires_openssl_tls1_3 603 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ 604 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 605 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \ 606 0 \ 607 -s "Protocol is TLSv1.3" \ 608 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 609 -s "received signature algorithm: 0x403" \ 610 -s "got named group: x25519(001d)" \ 611 -s "Certificate verification was skipped" \ 612 -C "received HelloRetryRequest message" 613 614 requires_config_enabled MBEDTLS_SSL_SRV_C 615 requires_config_enabled MBEDTLS_DEBUG_C 616 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 617 requires_config_enabled PSA_WANT_ALG_ECDH 618 requires_openssl_tls1_3 619 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ 620 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 621 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \ 622 0 \ 623 -s "Protocol is TLSv1.3" \ 624 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 625 -s "received signature algorithm: 0x503" \ 626 -s "got named group: x25519(001d)" \ 627 -s "Certificate verification was skipped" \ 628 -C "received HelloRetryRequest message" 629 630 requires_config_enabled MBEDTLS_SSL_SRV_C 631 requires_config_enabled MBEDTLS_DEBUG_C 632 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 633 requires_config_enabled PSA_WANT_ALG_ECDH 634 requires_openssl_tls1_3 635 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ 636 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 637 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \ 638 0 \ 639 -s "Protocol is TLSv1.3" \ 640 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 641 -s "received signature algorithm: 0x603" \ 642 -s "got named group: x25519(001d)" \ 643 -s "Certificate verification was skipped" \ 644 -C "received HelloRetryRequest message" 645 646 requires_config_enabled MBEDTLS_SSL_SRV_C 647 requires_config_enabled MBEDTLS_DEBUG_C 648 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 649 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 650 requires_config_enabled PSA_WANT_ALG_ECDH 651 requires_openssl_tls1_3 652 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ 653 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 654 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \ 655 0 \ 656 -s "Protocol is TLSv1.3" \ 657 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 658 -s "received signature algorithm: 0x804" \ 659 -s "got named group: x25519(001d)" \ 660 -s "Certificate verification was skipped" \ 661 -C "received HelloRetryRequest message" 662 663 requires_config_enabled MBEDTLS_SSL_SRV_C 664 requires_config_enabled MBEDTLS_DEBUG_C 665 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 666 requires_config_enabled PSA_WANT_ALG_ECDH 667 requires_openssl_tls1_3 668 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ 669 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 670 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \ 671 0 \ 672 -s "Protocol is TLSv1.3" \ 673 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 674 -s "received signature algorithm: 0x403" \ 675 -s "got named group: x448(001e)" \ 676 -s "Certificate verification was skipped" \ 677 -C "received HelloRetryRequest message" 678 679 requires_config_enabled MBEDTLS_SSL_SRV_C 680 requires_config_enabled MBEDTLS_DEBUG_C 681 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 682 requires_config_enabled PSA_WANT_ALG_ECDH 683 requires_openssl_tls1_3 684 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ 685 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 686 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \ 687 0 \ 688 -s "Protocol is TLSv1.3" \ 689 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 690 -s "received signature algorithm: 0x503" \ 691 -s "got named group: x448(001e)" \ 692 -s "Certificate verification was skipped" \ 693 -C "received HelloRetryRequest message" 694 695 requires_config_enabled MBEDTLS_SSL_SRV_C 696 requires_config_enabled MBEDTLS_DEBUG_C 697 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 698 requires_config_enabled PSA_WANT_ALG_ECDH 699 requires_openssl_tls1_3 700 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ 701 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 702 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \ 703 0 \ 704 -s "Protocol is TLSv1.3" \ 705 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 706 -s "received signature algorithm: 0x603" \ 707 -s "got named group: x448(001e)" \ 708 -s "Certificate verification was skipped" \ 709 -C "received HelloRetryRequest message" 710 711 requires_config_enabled MBEDTLS_SSL_SRV_C 712 requires_config_enabled MBEDTLS_DEBUG_C 713 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 714 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 715 requires_config_enabled PSA_WANT_ALG_ECDH 716 requires_openssl_tls1_3 717 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ 718 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 719 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \ 720 0 \ 721 -s "Protocol is TLSv1.3" \ 722 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 723 -s "received signature algorithm: 0x804" \ 724 -s "got named group: x448(001e)" \ 725 -s "Certificate verification was skipped" \ 726 -C "received HelloRetryRequest message" 727 728 requires_config_enabled MBEDTLS_SSL_SRV_C 729 requires_config_enabled MBEDTLS_DEBUG_C 730 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 731 requires_config_enabled PSA_WANT_ALG_FFDH 732 requires_config_enabled PSA_WANT_DH_RFC7919_2048 733 requires_openssl_tls1_3_with_ffdh 734 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \ 735 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 736 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \ 737 0 \ 738 -s "Protocol is TLSv1.3" \ 739 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 740 -s "received signature algorithm: 0x403" \ 741 -s "got named group: ffdhe2048(0100)" \ 742 -s "Certificate verification was skipped" \ 743 -C "received HelloRetryRequest message" 744 745 requires_config_enabled MBEDTLS_SSL_SRV_C 746 requires_config_enabled MBEDTLS_DEBUG_C 747 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 748 requires_config_enabled PSA_WANT_ALG_FFDH 749 requires_config_enabled PSA_WANT_DH_RFC7919_2048 750 requires_openssl_tls1_3_with_ffdh 751 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \ 752 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 753 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \ 754 0 \ 755 -s "Protocol is TLSv1.3" \ 756 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 757 -s "received signature algorithm: 0x503" \ 758 -s "got named group: ffdhe2048(0100)" \ 759 -s "Certificate verification was skipped" \ 760 -C "received HelloRetryRequest message" 761 762 requires_config_enabled MBEDTLS_SSL_SRV_C 763 requires_config_enabled MBEDTLS_DEBUG_C 764 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 765 requires_config_enabled PSA_WANT_ALG_FFDH 766 requires_config_enabled PSA_WANT_DH_RFC7919_2048 767 requires_openssl_tls1_3_with_ffdh 768 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \ 769 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 770 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \ 771 0 \ 772 -s "Protocol is TLSv1.3" \ 773 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 774 -s "received signature algorithm: 0x603" \ 775 -s "got named group: ffdhe2048(0100)" \ 776 -s "Certificate verification was skipped" \ 777 -C "received HelloRetryRequest message" 778 779 requires_config_enabled MBEDTLS_SSL_SRV_C 780 requires_config_enabled MBEDTLS_DEBUG_C 781 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 782 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 783 requires_config_enabled PSA_WANT_ALG_FFDH 784 requires_config_enabled PSA_WANT_DH_RFC7919_2048 785 requires_openssl_tls1_3_with_ffdh 786 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ 787 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 788 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \ 789 0 \ 790 -s "Protocol is TLSv1.3" \ 791 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 792 -s "received signature algorithm: 0x804" \ 793 -s "got named group: ffdhe2048(0100)" \ 794 -s "Certificate verification was skipped" \ 795 -C "received HelloRetryRequest message" 796 797 requires_config_enabled MBEDTLS_SSL_SRV_C 798 requires_config_enabled MBEDTLS_DEBUG_C 799 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 800 requires_config_enabled PSA_WANT_ALG_ECDH 801 requires_openssl_tls1_3 802 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 803 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 804 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \ 805 0 \ 806 -s "Protocol is TLSv1.3" \ 807 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 808 -s "received signature algorithm: 0x403" \ 809 -s "got named group: secp256r1(0017)" \ 810 -s "Certificate verification was skipped" \ 811 -C "received HelloRetryRequest message" 812 813 requires_config_enabled MBEDTLS_SSL_SRV_C 814 requires_config_enabled MBEDTLS_DEBUG_C 815 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 816 requires_config_enabled PSA_WANT_ALG_ECDH 817 requires_openssl_tls1_3 818 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 819 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 820 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \ 821 0 \ 822 -s "Protocol is TLSv1.3" \ 823 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 824 -s "received signature algorithm: 0x503" \ 825 -s "got named group: secp256r1(0017)" \ 826 -s "Certificate verification was skipped" \ 827 -C "received HelloRetryRequest message" 828 829 requires_config_enabled MBEDTLS_SSL_SRV_C 830 requires_config_enabled MBEDTLS_DEBUG_C 831 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 832 requires_config_enabled PSA_WANT_ALG_ECDH 833 requires_openssl_tls1_3 834 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 835 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 836 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \ 837 0 \ 838 -s "Protocol is TLSv1.3" \ 839 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 840 -s "received signature algorithm: 0x603" \ 841 -s "got named group: secp256r1(0017)" \ 842 -s "Certificate verification was skipped" \ 843 -C "received HelloRetryRequest message" 844 845 requires_config_enabled MBEDTLS_SSL_SRV_C 846 requires_config_enabled MBEDTLS_DEBUG_C 847 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 848 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 849 requires_config_enabled PSA_WANT_ALG_ECDH 850 requires_openssl_tls1_3 851 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 852 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 853 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \ 854 0 \ 855 -s "Protocol is TLSv1.3" \ 856 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 857 -s "received signature algorithm: 0x804" \ 858 -s "got named group: secp256r1(0017)" \ 859 -s "Certificate verification was skipped" \ 860 -C "received HelloRetryRequest message" 861 862 requires_config_enabled MBEDTLS_SSL_SRV_C 863 requires_config_enabled MBEDTLS_DEBUG_C 864 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 865 requires_config_enabled PSA_WANT_ALG_ECDH 866 requires_openssl_tls1_3 867 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 868 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 869 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \ 870 0 \ 871 -s "Protocol is TLSv1.3" \ 872 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 873 -s "received signature algorithm: 0x403" \ 874 -s "got named group: secp384r1(0018)" \ 875 -s "Certificate verification was skipped" \ 876 -C "received HelloRetryRequest message" 877 878 requires_config_enabled MBEDTLS_SSL_SRV_C 879 requires_config_enabled MBEDTLS_DEBUG_C 880 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 881 requires_config_enabled PSA_WANT_ALG_ECDH 882 requires_openssl_tls1_3 883 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 884 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 885 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \ 886 0 \ 887 -s "Protocol is TLSv1.3" \ 888 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 889 -s "received signature algorithm: 0x503" \ 890 -s "got named group: secp384r1(0018)" \ 891 -s "Certificate verification was skipped" \ 892 -C "received HelloRetryRequest message" 893 894 requires_config_enabled MBEDTLS_SSL_SRV_C 895 requires_config_enabled MBEDTLS_DEBUG_C 896 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 897 requires_config_enabled PSA_WANT_ALG_ECDH 898 requires_openssl_tls1_3 899 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 900 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 901 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \ 902 0 \ 903 -s "Protocol is TLSv1.3" \ 904 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 905 -s "received signature algorithm: 0x603" \ 906 -s "got named group: secp384r1(0018)" \ 907 -s "Certificate verification was skipped" \ 908 -C "received HelloRetryRequest message" 909 910 requires_config_enabled MBEDTLS_SSL_SRV_C 911 requires_config_enabled MBEDTLS_DEBUG_C 912 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 913 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 914 requires_config_enabled PSA_WANT_ALG_ECDH 915 requires_openssl_tls1_3 916 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 917 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 918 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \ 919 0 \ 920 -s "Protocol is TLSv1.3" \ 921 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 922 -s "received signature algorithm: 0x804" \ 923 -s "got named group: secp384r1(0018)" \ 924 -s "Certificate verification was skipped" \ 925 -C "received HelloRetryRequest message" 926 927 requires_config_enabled MBEDTLS_SSL_SRV_C 928 requires_config_enabled MBEDTLS_DEBUG_C 929 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 930 requires_config_enabled PSA_WANT_ALG_ECDH 931 requires_openssl_tls1_3 932 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 933 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 934 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \ 935 0 \ 936 -s "Protocol is TLSv1.3" \ 937 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 938 -s "received signature algorithm: 0x403" \ 939 -s "got named group: secp521r1(0019)" \ 940 -s "Certificate verification was skipped" \ 941 -C "received HelloRetryRequest message" 942 943 requires_config_enabled MBEDTLS_SSL_SRV_C 944 requires_config_enabled MBEDTLS_DEBUG_C 945 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 946 requires_config_enabled PSA_WANT_ALG_ECDH 947 requires_openssl_tls1_3 948 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 949 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 950 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \ 951 0 \ 952 -s "Protocol is TLSv1.3" \ 953 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 954 -s "received signature algorithm: 0x503" \ 955 -s "got named group: secp521r1(0019)" \ 956 -s "Certificate verification was skipped" \ 957 -C "received HelloRetryRequest message" 958 959 requires_config_enabled MBEDTLS_SSL_SRV_C 960 requires_config_enabled MBEDTLS_DEBUG_C 961 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 962 requires_config_enabled PSA_WANT_ALG_ECDH 963 requires_openssl_tls1_3 964 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 965 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 966 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \ 967 0 \ 968 -s "Protocol is TLSv1.3" \ 969 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 970 -s "received signature algorithm: 0x603" \ 971 -s "got named group: secp521r1(0019)" \ 972 -s "Certificate verification was skipped" \ 973 -C "received HelloRetryRequest message" 974 975 requires_config_enabled MBEDTLS_SSL_SRV_C 976 requires_config_enabled MBEDTLS_DEBUG_C 977 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 978 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 979 requires_config_enabled PSA_WANT_ALG_ECDH 980 requires_openssl_tls1_3 981 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 982 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 983 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \ 984 0 \ 985 -s "Protocol is TLSv1.3" \ 986 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 987 -s "received signature algorithm: 0x804" \ 988 -s "got named group: secp521r1(0019)" \ 989 -s "Certificate verification was skipped" \ 990 -C "received HelloRetryRequest message" 991 992 requires_config_enabled MBEDTLS_SSL_SRV_C 993 requires_config_enabled MBEDTLS_DEBUG_C 994 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 995 requires_config_enabled PSA_WANT_ALG_ECDH 996 requires_openssl_tls1_3 997 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ 998 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 999 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \ 1000 0 \ 1001 -s "Protocol is TLSv1.3" \ 1002 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1003 -s "received signature algorithm: 0x403" \ 1004 -s "got named group: x25519(001d)" \ 1005 -s "Certificate verification was skipped" \ 1006 -C "received HelloRetryRequest message" 1007 1008 requires_config_enabled MBEDTLS_SSL_SRV_C 1009 requires_config_enabled MBEDTLS_DEBUG_C 1010 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1011 requires_config_enabled PSA_WANT_ALG_ECDH 1012 requires_openssl_tls1_3 1013 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ 1014 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1015 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \ 1016 0 \ 1017 -s "Protocol is TLSv1.3" \ 1018 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1019 -s "received signature algorithm: 0x503" \ 1020 -s "got named group: x25519(001d)" \ 1021 -s "Certificate verification was skipped" \ 1022 -C "received HelloRetryRequest message" 1023 1024 requires_config_enabled MBEDTLS_SSL_SRV_C 1025 requires_config_enabled MBEDTLS_DEBUG_C 1026 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1027 requires_config_enabled PSA_WANT_ALG_ECDH 1028 requires_openssl_tls1_3 1029 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ 1030 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1031 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \ 1032 0 \ 1033 -s "Protocol is TLSv1.3" \ 1034 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1035 -s "received signature algorithm: 0x603" \ 1036 -s "got named group: x25519(001d)" \ 1037 -s "Certificate verification was skipped" \ 1038 -C "received HelloRetryRequest message" 1039 1040 requires_config_enabled MBEDTLS_SSL_SRV_C 1041 requires_config_enabled MBEDTLS_DEBUG_C 1042 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1043 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1044 requires_config_enabled PSA_WANT_ALG_ECDH 1045 requires_openssl_tls1_3 1046 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ 1047 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1048 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \ 1049 0 \ 1050 -s "Protocol is TLSv1.3" \ 1051 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1052 -s "received signature algorithm: 0x804" \ 1053 -s "got named group: x25519(001d)" \ 1054 -s "Certificate verification was skipped" \ 1055 -C "received HelloRetryRequest message" 1056 1057 requires_config_enabled MBEDTLS_SSL_SRV_C 1058 requires_config_enabled MBEDTLS_DEBUG_C 1059 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1060 requires_config_enabled PSA_WANT_ALG_ECDH 1061 requires_openssl_tls1_3 1062 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ 1063 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1064 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \ 1065 0 \ 1066 -s "Protocol is TLSv1.3" \ 1067 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1068 -s "received signature algorithm: 0x403" \ 1069 -s "got named group: x448(001e)" \ 1070 -s "Certificate verification was skipped" \ 1071 -C "received HelloRetryRequest message" 1072 1073 requires_config_enabled MBEDTLS_SSL_SRV_C 1074 requires_config_enabled MBEDTLS_DEBUG_C 1075 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1076 requires_config_enabled PSA_WANT_ALG_ECDH 1077 requires_openssl_tls1_3 1078 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ 1079 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1080 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \ 1081 0 \ 1082 -s "Protocol is TLSv1.3" \ 1083 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1084 -s "received signature algorithm: 0x503" \ 1085 -s "got named group: x448(001e)" \ 1086 -s "Certificate verification was skipped" \ 1087 -C "received HelloRetryRequest message" 1088 1089 requires_config_enabled MBEDTLS_SSL_SRV_C 1090 requires_config_enabled MBEDTLS_DEBUG_C 1091 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1092 requires_config_enabled PSA_WANT_ALG_ECDH 1093 requires_openssl_tls1_3 1094 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ 1095 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1096 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \ 1097 0 \ 1098 -s "Protocol is TLSv1.3" \ 1099 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1100 -s "received signature algorithm: 0x603" \ 1101 -s "got named group: x448(001e)" \ 1102 -s "Certificate verification was skipped" \ 1103 -C "received HelloRetryRequest message" 1104 1105 requires_config_enabled MBEDTLS_SSL_SRV_C 1106 requires_config_enabled MBEDTLS_DEBUG_C 1107 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1108 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1109 requires_config_enabled PSA_WANT_ALG_ECDH 1110 requires_openssl_tls1_3 1111 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ 1112 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1113 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \ 1114 0 \ 1115 -s "Protocol is TLSv1.3" \ 1116 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1117 -s "received signature algorithm: 0x804" \ 1118 -s "got named group: x448(001e)" \ 1119 -s "Certificate verification was skipped" \ 1120 -C "received HelloRetryRequest message" 1121 1122 requires_config_enabled MBEDTLS_SSL_SRV_C 1123 requires_config_enabled MBEDTLS_DEBUG_C 1124 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1125 requires_config_enabled PSA_WANT_ALG_FFDH 1126 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1127 requires_openssl_tls1_3_with_ffdh 1128 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 1129 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1130 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \ 1131 0 \ 1132 -s "Protocol is TLSv1.3" \ 1133 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1134 -s "received signature algorithm: 0x403" \ 1135 -s "got named group: ffdhe2048(0100)" \ 1136 -s "Certificate verification was skipped" \ 1137 -C "received HelloRetryRequest message" 1138 1139 requires_config_enabled MBEDTLS_SSL_SRV_C 1140 requires_config_enabled MBEDTLS_DEBUG_C 1141 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1142 requires_config_enabled PSA_WANT_ALG_FFDH 1143 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1144 requires_openssl_tls1_3_with_ffdh 1145 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 1146 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1147 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \ 1148 0 \ 1149 -s "Protocol is TLSv1.3" \ 1150 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1151 -s "received signature algorithm: 0x503" \ 1152 -s "got named group: ffdhe2048(0100)" \ 1153 -s "Certificate verification was skipped" \ 1154 -C "received HelloRetryRequest message" 1155 1156 requires_config_enabled MBEDTLS_SSL_SRV_C 1157 requires_config_enabled MBEDTLS_DEBUG_C 1158 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1159 requires_config_enabled PSA_WANT_ALG_FFDH 1160 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1161 requires_openssl_tls1_3_with_ffdh 1162 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 1163 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1164 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \ 1165 0 \ 1166 -s "Protocol is TLSv1.3" \ 1167 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1168 -s "received signature algorithm: 0x603" \ 1169 -s "got named group: ffdhe2048(0100)" \ 1170 -s "Certificate verification was skipped" \ 1171 -C "received HelloRetryRequest message" 1172 1173 requires_config_enabled MBEDTLS_SSL_SRV_C 1174 requires_config_enabled MBEDTLS_DEBUG_C 1175 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1176 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1177 requires_config_enabled PSA_WANT_ALG_FFDH 1178 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1179 requires_openssl_tls1_3_with_ffdh 1180 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 1181 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1182 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \ 1183 0 \ 1184 -s "Protocol is TLSv1.3" \ 1185 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 1186 -s "received signature algorithm: 0x804" \ 1187 -s "got named group: ffdhe2048(0100)" \ 1188 -s "Certificate verification was skipped" \ 1189 -C "received HelloRetryRequest message" 1190 1191 requires_config_enabled MBEDTLS_SSL_SRV_C 1192 requires_config_enabled MBEDTLS_DEBUG_C 1193 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1194 requires_config_enabled PSA_WANT_ALG_ECDH 1195 requires_openssl_tls1_3 1196 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 1197 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1198 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \ 1199 0 \ 1200 -s "Protocol is TLSv1.3" \ 1201 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1202 -s "received signature algorithm: 0x403" \ 1203 -s "got named group: secp256r1(0017)" \ 1204 -s "Certificate verification was skipped" \ 1205 -C "received HelloRetryRequest message" 1206 1207 requires_config_enabled MBEDTLS_SSL_SRV_C 1208 requires_config_enabled MBEDTLS_DEBUG_C 1209 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1210 requires_config_enabled PSA_WANT_ALG_ECDH 1211 requires_openssl_tls1_3 1212 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 1213 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1214 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \ 1215 0 \ 1216 -s "Protocol is TLSv1.3" \ 1217 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1218 -s "received signature algorithm: 0x503" \ 1219 -s "got named group: secp256r1(0017)" \ 1220 -s "Certificate verification was skipped" \ 1221 -C "received HelloRetryRequest message" 1222 1223 requires_config_enabled MBEDTLS_SSL_SRV_C 1224 requires_config_enabled MBEDTLS_DEBUG_C 1225 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1226 requires_config_enabled PSA_WANT_ALG_ECDH 1227 requires_openssl_tls1_3 1228 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 1229 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1230 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \ 1231 0 \ 1232 -s "Protocol is TLSv1.3" \ 1233 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1234 -s "received signature algorithm: 0x603" \ 1235 -s "got named group: secp256r1(0017)" \ 1236 -s "Certificate verification was skipped" \ 1237 -C "received HelloRetryRequest message" 1238 1239 requires_config_enabled MBEDTLS_SSL_SRV_C 1240 requires_config_enabled MBEDTLS_DEBUG_C 1241 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1242 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1243 requires_config_enabled PSA_WANT_ALG_ECDH 1244 requires_openssl_tls1_3 1245 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 1246 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1247 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \ 1248 0 \ 1249 -s "Protocol is TLSv1.3" \ 1250 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1251 -s "received signature algorithm: 0x804" \ 1252 -s "got named group: secp256r1(0017)" \ 1253 -s "Certificate verification was skipped" \ 1254 -C "received HelloRetryRequest message" 1255 1256 requires_config_enabled MBEDTLS_SSL_SRV_C 1257 requires_config_enabled MBEDTLS_DEBUG_C 1258 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1259 requires_config_enabled PSA_WANT_ALG_ECDH 1260 requires_openssl_tls1_3 1261 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 1262 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1263 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \ 1264 0 \ 1265 -s "Protocol is TLSv1.3" \ 1266 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1267 -s "received signature algorithm: 0x403" \ 1268 -s "got named group: secp384r1(0018)" \ 1269 -s "Certificate verification was skipped" \ 1270 -C "received HelloRetryRequest message" 1271 1272 requires_config_enabled MBEDTLS_SSL_SRV_C 1273 requires_config_enabled MBEDTLS_DEBUG_C 1274 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1275 requires_config_enabled PSA_WANT_ALG_ECDH 1276 requires_openssl_tls1_3 1277 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 1278 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1279 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \ 1280 0 \ 1281 -s "Protocol is TLSv1.3" \ 1282 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1283 -s "received signature algorithm: 0x503" \ 1284 -s "got named group: secp384r1(0018)" \ 1285 -s "Certificate verification was skipped" \ 1286 -C "received HelloRetryRequest message" 1287 1288 requires_config_enabled MBEDTLS_SSL_SRV_C 1289 requires_config_enabled MBEDTLS_DEBUG_C 1290 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1291 requires_config_enabled PSA_WANT_ALG_ECDH 1292 requires_openssl_tls1_3 1293 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 1294 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1295 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \ 1296 0 \ 1297 -s "Protocol is TLSv1.3" \ 1298 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1299 -s "received signature algorithm: 0x603" \ 1300 -s "got named group: secp384r1(0018)" \ 1301 -s "Certificate verification was skipped" \ 1302 -C "received HelloRetryRequest message" 1303 1304 requires_config_enabled MBEDTLS_SSL_SRV_C 1305 requires_config_enabled MBEDTLS_DEBUG_C 1306 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1307 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1308 requires_config_enabled PSA_WANT_ALG_ECDH 1309 requires_openssl_tls1_3 1310 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 1311 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1312 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \ 1313 0 \ 1314 -s "Protocol is TLSv1.3" \ 1315 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1316 -s "received signature algorithm: 0x804" \ 1317 -s "got named group: secp384r1(0018)" \ 1318 -s "Certificate verification was skipped" \ 1319 -C "received HelloRetryRequest message" 1320 1321 requires_config_enabled MBEDTLS_SSL_SRV_C 1322 requires_config_enabled MBEDTLS_DEBUG_C 1323 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1324 requires_config_enabled PSA_WANT_ALG_ECDH 1325 requires_openssl_tls1_3 1326 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 1327 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1328 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \ 1329 0 \ 1330 -s "Protocol is TLSv1.3" \ 1331 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1332 -s "received signature algorithm: 0x403" \ 1333 -s "got named group: secp521r1(0019)" \ 1334 -s "Certificate verification was skipped" \ 1335 -C "received HelloRetryRequest message" 1336 1337 requires_config_enabled MBEDTLS_SSL_SRV_C 1338 requires_config_enabled MBEDTLS_DEBUG_C 1339 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1340 requires_config_enabled PSA_WANT_ALG_ECDH 1341 requires_openssl_tls1_3 1342 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 1343 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1344 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \ 1345 0 \ 1346 -s "Protocol is TLSv1.3" \ 1347 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1348 -s "received signature algorithm: 0x503" \ 1349 -s "got named group: secp521r1(0019)" \ 1350 -s "Certificate verification was skipped" \ 1351 -C "received HelloRetryRequest message" 1352 1353 requires_config_enabled MBEDTLS_SSL_SRV_C 1354 requires_config_enabled MBEDTLS_DEBUG_C 1355 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1356 requires_config_enabled PSA_WANT_ALG_ECDH 1357 requires_openssl_tls1_3 1358 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 1359 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1360 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \ 1361 0 \ 1362 -s "Protocol is TLSv1.3" \ 1363 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1364 -s "received signature algorithm: 0x603" \ 1365 -s "got named group: secp521r1(0019)" \ 1366 -s "Certificate verification was skipped" \ 1367 -C "received HelloRetryRequest message" 1368 1369 requires_config_enabled MBEDTLS_SSL_SRV_C 1370 requires_config_enabled MBEDTLS_DEBUG_C 1371 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1372 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1373 requires_config_enabled PSA_WANT_ALG_ECDH 1374 requires_openssl_tls1_3 1375 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 1376 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1377 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \ 1378 0 \ 1379 -s "Protocol is TLSv1.3" \ 1380 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1381 -s "received signature algorithm: 0x804" \ 1382 -s "got named group: secp521r1(0019)" \ 1383 -s "Certificate verification was skipped" \ 1384 -C "received HelloRetryRequest message" 1385 1386 requires_config_enabled MBEDTLS_SSL_SRV_C 1387 requires_config_enabled MBEDTLS_DEBUG_C 1388 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1389 requires_config_enabled PSA_WANT_ALG_ECDH 1390 requires_openssl_tls1_3 1391 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ 1392 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1393 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \ 1394 0 \ 1395 -s "Protocol is TLSv1.3" \ 1396 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1397 -s "received signature algorithm: 0x403" \ 1398 -s "got named group: x25519(001d)" \ 1399 -s "Certificate verification was skipped" \ 1400 -C "received HelloRetryRequest message" 1401 1402 requires_config_enabled MBEDTLS_SSL_SRV_C 1403 requires_config_enabled MBEDTLS_DEBUG_C 1404 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1405 requires_config_enabled PSA_WANT_ALG_ECDH 1406 requires_openssl_tls1_3 1407 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ 1408 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1409 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \ 1410 0 \ 1411 -s "Protocol is TLSv1.3" \ 1412 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1413 -s "received signature algorithm: 0x503" \ 1414 -s "got named group: x25519(001d)" \ 1415 -s "Certificate verification was skipped" \ 1416 -C "received HelloRetryRequest message" 1417 1418 requires_config_enabled MBEDTLS_SSL_SRV_C 1419 requires_config_enabled MBEDTLS_DEBUG_C 1420 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1421 requires_config_enabled PSA_WANT_ALG_ECDH 1422 requires_openssl_tls1_3 1423 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ 1424 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1425 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \ 1426 0 \ 1427 -s "Protocol is TLSv1.3" \ 1428 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1429 -s "received signature algorithm: 0x603" \ 1430 -s "got named group: x25519(001d)" \ 1431 -s "Certificate verification was skipped" \ 1432 -C "received HelloRetryRequest message" 1433 1434 requires_config_enabled MBEDTLS_SSL_SRV_C 1435 requires_config_enabled MBEDTLS_DEBUG_C 1436 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1437 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1438 requires_config_enabled PSA_WANT_ALG_ECDH 1439 requires_openssl_tls1_3 1440 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ 1441 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1442 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \ 1443 0 \ 1444 -s "Protocol is TLSv1.3" \ 1445 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1446 -s "received signature algorithm: 0x804" \ 1447 -s "got named group: x25519(001d)" \ 1448 -s "Certificate verification was skipped" \ 1449 -C "received HelloRetryRequest message" 1450 1451 requires_config_enabled MBEDTLS_SSL_SRV_C 1452 requires_config_enabled MBEDTLS_DEBUG_C 1453 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1454 requires_config_enabled PSA_WANT_ALG_ECDH 1455 requires_openssl_tls1_3 1456 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ 1457 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1458 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \ 1459 0 \ 1460 -s "Protocol is TLSv1.3" \ 1461 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1462 -s "received signature algorithm: 0x403" \ 1463 -s "got named group: x448(001e)" \ 1464 -s "Certificate verification was skipped" \ 1465 -C "received HelloRetryRequest message" 1466 1467 requires_config_enabled MBEDTLS_SSL_SRV_C 1468 requires_config_enabled MBEDTLS_DEBUG_C 1469 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1470 requires_config_enabled PSA_WANT_ALG_ECDH 1471 requires_openssl_tls1_3 1472 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ 1473 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1474 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \ 1475 0 \ 1476 -s "Protocol is TLSv1.3" \ 1477 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1478 -s "received signature algorithm: 0x503" \ 1479 -s "got named group: x448(001e)" \ 1480 -s "Certificate verification was skipped" \ 1481 -C "received HelloRetryRequest message" 1482 1483 requires_config_enabled MBEDTLS_SSL_SRV_C 1484 requires_config_enabled MBEDTLS_DEBUG_C 1485 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1486 requires_config_enabled PSA_WANT_ALG_ECDH 1487 requires_openssl_tls1_3 1488 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ 1489 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1490 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \ 1491 0 \ 1492 -s "Protocol is TLSv1.3" \ 1493 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1494 -s "received signature algorithm: 0x603" \ 1495 -s "got named group: x448(001e)" \ 1496 -s "Certificate verification was skipped" \ 1497 -C "received HelloRetryRequest message" 1498 1499 requires_config_enabled MBEDTLS_SSL_SRV_C 1500 requires_config_enabled MBEDTLS_DEBUG_C 1501 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1502 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1503 requires_config_enabled PSA_WANT_ALG_ECDH 1504 requires_openssl_tls1_3 1505 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ 1506 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1507 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \ 1508 0 \ 1509 -s "Protocol is TLSv1.3" \ 1510 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1511 -s "received signature algorithm: 0x804" \ 1512 -s "got named group: x448(001e)" \ 1513 -s "Certificate verification was skipped" \ 1514 -C "received HelloRetryRequest message" 1515 1516 requires_config_enabled MBEDTLS_SSL_SRV_C 1517 requires_config_enabled MBEDTLS_DEBUG_C 1518 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1519 requires_config_enabled PSA_WANT_ALG_FFDH 1520 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1521 requires_openssl_tls1_3_with_ffdh 1522 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 1523 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1524 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \ 1525 0 \ 1526 -s "Protocol is TLSv1.3" \ 1527 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1528 -s "received signature algorithm: 0x403" \ 1529 -s "got named group: ffdhe2048(0100)" \ 1530 -s "Certificate verification was skipped" \ 1531 -C "received HelloRetryRequest message" 1532 1533 requires_config_enabled MBEDTLS_SSL_SRV_C 1534 requires_config_enabled MBEDTLS_DEBUG_C 1535 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1536 requires_config_enabled PSA_WANT_ALG_FFDH 1537 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1538 requires_openssl_tls1_3_with_ffdh 1539 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 1540 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1541 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \ 1542 0 \ 1543 -s "Protocol is TLSv1.3" \ 1544 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1545 -s "received signature algorithm: 0x503" \ 1546 -s "got named group: ffdhe2048(0100)" \ 1547 -s "Certificate verification was skipped" \ 1548 -C "received HelloRetryRequest message" 1549 1550 requires_config_enabled MBEDTLS_SSL_SRV_C 1551 requires_config_enabled MBEDTLS_DEBUG_C 1552 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1553 requires_config_enabled PSA_WANT_ALG_FFDH 1554 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1555 requires_openssl_tls1_3_with_ffdh 1556 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 1557 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1558 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \ 1559 0 \ 1560 -s "Protocol is TLSv1.3" \ 1561 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1562 -s "received signature algorithm: 0x603" \ 1563 -s "got named group: ffdhe2048(0100)" \ 1564 -s "Certificate verification was skipped" \ 1565 -C "received HelloRetryRequest message" 1566 1567 requires_config_enabled MBEDTLS_SSL_SRV_C 1568 requires_config_enabled MBEDTLS_DEBUG_C 1569 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1570 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1571 requires_config_enabled PSA_WANT_ALG_FFDH 1572 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1573 requires_openssl_tls1_3_with_ffdh 1574 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 1575 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1576 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \ 1577 0 \ 1578 -s "Protocol is TLSv1.3" \ 1579 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 1580 -s "received signature algorithm: 0x804" \ 1581 -s "got named group: ffdhe2048(0100)" \ 1582 -s "Certificate verification was skipped" \ 1583 -C "received HelloRetryRequest message" 1584 1585 requires_config_enabled MBEDTLS_SSL_SRV_C 1586 requires_config_enabled MBEDTLS_DEBUG_C 1587 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1588 requires_config_enabled PSA_WANT_ALG_ECDH 1589 requires_openssl_tls1_3 1590 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 1591 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1592 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \ 1593 0 \ 1594 -s "Protocol is TLSv1.3" \ 1595 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1596 -s "received signature algorithm: 0x403" \ 1597 -s "got named group: secp256r1(0017)" \ 1598 -s "Certificate verification was skipped" \ 1599 -C "received HelloRetryRequest message" 1600 1601 requires_config_enabled MBEDTLS_SSL_SRV_C 1602 requires_config_enabled MBEDTLS_DEBUG_C 1603 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1604 requires_config_enabled PSA_WANT_ALG_ECDH 1605 requires_openssl_tls1_3 1606 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 1607 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1608 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \ 1609 0 \ 1610 -s "Protocol is TLSv1.3" \ 1611 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1612 -s "received signature algorithm: 0x503" \ 1613 -s "got named group: secp256r1(0017)" \ 1614 -s "Certificate verification was skipped" \ 1615 -C "received HelloRetryRequest message" 1616 1617 requires_config_enabled MBEDTLS_SSL_SRV_C 1618 requires_config_enabled MBEDTLS_DEBUG_C 1619 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1620 requires_config_enabled PSA_WANT_ALG_ECDH 1621 requires_openssl_tls1_3 1622 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 1623 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1624 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \ 1625 0 \ 1626 -s "Protocol is TLSv1.3" \ 1627 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1628 -s "received signature algorithm: 0x603" \ 1629 -s "got named group: secp256r1(0017)" \ 1630 -s "Certificate verification was skipped" \ 1631 -C "received HelloRetryRequest message" 1632 1633 requires_config_enabled MBEDTLS_SSL_SRV_C 1634 requires_config_enabled MBEDTLS_DEBUG_C 1635 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1636 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1637 requires_config_enabled PSA_WANT_ALG_ECDH 1638 requires_openssl_tls1_3 1639 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 1640 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1641 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \ 1642 0 \ 1643 -s "Protocol is TLSv1.3" \ 1644 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1645 -s "received signature algorithm: 0x804" \ 1646 -s "got named group: secp256r1(0017)" \ 1647 -s "Certificate verification was skipped" \ 1648 -C "received HelloRetryRequest message" 1649 1650 requires_config_enabled MBEDTLS_SSL_SRV_C 1651 requires_config_enabled MBEDTLS_DEBUG_C 1652 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1653 requires_config_enabled PSA_WANT_ALG_ECDH 1654 requires_openssl_tls1_3 1655 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 1656 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1657 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \ 1658 0 \ 1659 -s "Protocol is TLSv1.3" \ 1660 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1661 -s "received signature algorithm: 0x403" \ 1662 -s "got named group: secp384r1(0018)" \ 1663 -s "Certificate verification was skipped" \ 1664 -C "received HelloRetryRequest message" 1665 1666 requires_config_enabled MBEDTLS_SSL_SRV_C 1667 requires_config_enabled MBEDTLS_DEBUG_C 1668 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1669 requires_config_enabled PSA_WANT_ALG_ECDH 1670 requires_openssl_tls1_3 1671 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 1672 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1673 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \ 1674 0 \ 1675 -s "Protocol is TLSv1.3" \ 1676 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1677 -s "received signature algorithm: 0x503" \ 1678 -s "got named group: secp384r1(0018)" \ 1679 -s "Certificate verification was skipped" \ 1680 -C "received HelloRetryRequest message" 1681 1682 requires_config_enabled MBEDTLS_SSL_SRV_C 1683 requires_config_enabled MBEDTLS_DEBUG_C 1684 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1685 requires_config_enabled PSA_WANT_ALG_ECDH 1686 requires_openssl_tls1_3 1687 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 1688 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1689 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \ 1690 0 \ 1691 -s "Protocol is TLSv1.3" \ 1692 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1693 -s "received signature algorithm: 0x603" \ 1694 -s "got named group: secp384r1(0018)" \ 1695 -s "Certificate verification was skipped" \ 1696 -C "received HelloRetryRequest message" 1697 1698 requires_config_enabled MBEDTLS_SSL_SRV_C 1699 requires_config_enabled MBEDTLS_DEBUG_C 1700 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1701 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1702 requires_config_enabled PSA_WANT_ALG_ECDH 1703 requires_openssl_tls1_3 1704 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 1705 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1706 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \ 1707 0 \ 1708 -s "Protocol is TLSv1.3" \ 1709 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1710 -s "received signature algorithm: 0x804" \ 1711 -s "got named group: secp384r1(0018)" \ 1712 -s "Certificate verification was skipped" \ 1713 -C "received HelloRetryRequest message" 1714 1715 requires_config_enabled MBEDTLS_SSL_SRV_C 1716 requires_config_enabled MBEDTLS_DEBUG_C 1717 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1718 requires_config_enabled PSA_WANT_ALG_ECDH 1719 requires_openssl_tls1_3 1720 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 1721 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1722 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \ 1723 0 \ 1724 -s "Protocol is TLSv1.3" \ 1725 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1726 -s "received signature algorithm: 0x403" \ 1727 -s "got named group: secp521r1(0019)" \ 1728 -s "Certificate verification was skipped" \ 1729 -C "received HelloRetryRequest message" 1730 1731 requires_config_enabled MBEDTLS_SSL_SRV_C 1732 requires_config_enabled MBEDTLS_DEBUG_C 1733 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1734 requires_config_enabled PSA_WANT_ALG_ECDH 1735 requires_openssl_tls1_3 1736 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 1737 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1738 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \ 1739 0 \ 1740 -s "Protocol is TLSv1.3" \ 1741 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1742 -s "received signature algorithm: 0x503" \ 1743 -s "got named group: secp521r1(0019)" \ 1744 -s "Certificate verification was skipped" \ 1745 -C "received HelloRetryRequest message" 1746 1747 requires_config_enabled MBEDTLS_SSL_SRV_C 1748 requires_config_enabled MBEDTLS_DEBUG_C 1749 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1750 requires_config_enabled PSA_WANT_ALG_ECDH 1751 requires_openssl_tls1_3 1752 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 1753 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1754 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \ 1755 0 \ 1756 -s "Protocol is TLSv1.3" \ 1757 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1758 -s "received signature algorithm: 0x603" \ 1759 -s "got named group: secp521r1(0019)" \ 1760 -s "Certificate verification was skipped" \ 1761 -C "received HelloRetryRequest message" 1762 1763 requires_config_enabled MBEDTLS_SSL_SRV_C 1764 requires_config_enabled MBEDTLS_DEBUG_C 1765 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1766 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1767 requires_config_enabled PSA_WANT_ALG_ECDH 1768 requires_openssl_tls1_3 1769 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 1770 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1771 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \ 1772 0 \ 1773 -s "Protocol is TLSv1.3" \ 1774 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1775 -s "received signature algorithm: 0x804" \ 1776 -s "got named group: secp521r1(0019)" \ 1777 -s "Certificate verification was skipped" \ 1778 -C "received HelloRetryRequest message" 1779 1780 requires_config_enabled MBEDTLS_SSL_SRV_C 1781 requires_config_enabled MBEDTLS_DEBUG_C 1782 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1783 requires_config_enabled PSA_WANT_ALG_ECDH 1784 requires_openssl_tls1_3 1785 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ 1786 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1787 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \ 1788 0 \ 1789 -s "Protocol is TLSv1.3" \ 1790 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1791 -s "received signature algorithm: 0x403" \ 1792 -s "got named group: x25519(001d)" \ 1793 -s "Certificate verification was skipped" \ 1794 -C "received HelloRetryRequest message" 1795 1796 requires_config_enabled MBEDTLS_SSL_SRV_C 1797 requires_config_enabled MBEDTLS_DEBUG_C 1798 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1799 requires_config_enabled PSA_WANT_ALG_ECDH 1800 requires_openssl_tls1_3 1801 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ 1802 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1803 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \ 1804 0 \ 1805 -s "Protocol is TLSv1.3" \ 1806 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1807 -s "received signature algorithm: 0x503" \ 1808 -s "got named group: x25519(001d)" \ 1809 -s "Certificate verification was skipped" \ 1810 -C "received HelloRetryRequest message" 1811 1812 requires_config_enabled MBEDTLS_SSL_SRV_C 1813 requires_config_enabled MBEDTLS_DEBUG_C 1814 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1815 requires_config_enabled PSA_WANT_ALG_ECDH 1816 requires_openssl_tls1_3 1817 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ 1818 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1819 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \ 1820 0 \ 1821 -s "Protocol is TLSv1.3" \ 1822 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1823 -s "received signature algorithm: 0x603" \ 1824 -s "got named group: x25519(001d)" \ 1825 -s "Certificate verification was skipped" \ 1826 -C "received HelloRetryRequest message" 1827 1828 requires_config_enabled MBEDTLS_SSL_SRV_C 1829 requires_config_enabled MBEDTLS_DEBUG_C 1830 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1831 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1832 requires_config_enabled PSA_WANT_ALG_ECDH 1833 requires_openssl_tls1_3 1834 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ 1835 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1836 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \ 1837 0 \ 1838 -s "Protocol is TLSv1.3" \ 1839 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1840 -s "received signature algorithm: 0x804" \ 1841 -s "got named group: x25519(001d)" \ 1842 -s "Certificate verification was skipped" \ 1843 -C "received HelloRetryRequest message" 1844 1845 requires_config_enabled MBEDTLS_SSL_SRV_C 1846 requires_config_enabled MBEDTLS_DEBUG_C 1847 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1848 requires_config_enabled PSA_WANT_ALG_ECDH 1849 requires_openssl_tls1_3 1850 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ 1851 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1852 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \ 1853 0 \ 1854 -s "Protocol is TLSv1.3" \ 1855 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1856 -s "received signature algorithm: 0x403" \ 1857 -s "got named group: x448(001e)" \ 1858 -s "Certificate verification was skipped" \ 1859 -C "received HelloRetryRequest message" 1860 1861 requires_config_enabled MBEDTLS_SSL_SRV_C 1862 requires_config_enabled MBEDTLS_DEBUG_C 1863 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1864 requires_config_enabled PSA_WANT_ALG_ECDH 1865 requires_openssl_tls1_3 1866 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ 1867 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1868 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \ 1869 0 \ 1870 -s "Protocol is TLSv1.3" \ 1871 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1872 -s "received signature algorithm: 0x503" \ 1873 -s "got named group: x448(001e)" \ 1874 -s "Certificate verification was skipped" \ 1875 -C "received HelloRetryRequest message" 1876 1877 requires_config_enabled MBEDTLS_SSL_SRV_C 1878 requires_config_enabled MBEDTLS_DEBUG_C 1879 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1880 requires_config_enabled PSA_WANT_ALG_ECDH 1881 requires_openssl_tls1_3 1882 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ 1883 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1884 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \ 1885 0 \ 1886 -s "Protocol is TLSv1.3" \ 1887 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1888 -s "received signature algorithm: 0x603" \ 1889 -s "got named group: x448(001e)" \ 1890 -s "Certificate verification was skipped" \ 1891 -C "received HelloRetryRequest message" 1892 1893 requires_config_enabled MBEDTLS_SSL_SRV_C 1894 requires_config_enabled MBEDTLS_DEBUG_C 1895 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1896 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1897 requires_config_enabled PSA_WANT_ALG_ECDH 1898 requires_openssl_tls1_3 1899 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ 1900 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1901 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \ 1902 0 \ 1903 -s "Protocol is TLSv1.3" \ 1904 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1905 -s "received signature algorithm: 0x804" \ 1906 -s "got named group: x448(001e)" \ 1907 -s "Certificate verification was skipped" \ 1908 -C "received HelloRetryRequest message" 1909 1910 requires_config_enabled MBEDTLS_SSL_SRV_C 1911 requires_config_enabled MBEDTLS_DEBUG_C 1912 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1913 requires_config_enabled PSA_WANT_ALG_FFDH 1914 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1915 requires_openssl_tls1_3_with_ffdh 1916 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 1917 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1918 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \ 1919 0 \ 1920 -s "Protocol is TLSv1.3" \ 1921 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1922 -s "received signature algorithm: 0x403" \ 1923 -s "got named group: ffdhe2048(0100)" \ 1924 -s "Certificate verification was skipped" \ 1925 -C "received HelloRetryRequest message" 1926 1927 requires_config_enabled MBEDTLS_SSL_SRV_C 1928 requires_config_enabled MBEDTLS_DEBUG_C 1929 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1930 requires_config_enabled PSA_WANT_ALG_FFDH 1931 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1932 requires_openssl_tls1_3_with_ffdh 1933 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 1934 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1935 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \ 1936 0 \ 1937 -s "Protocol is TLSv1.3" \ 1938 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1939 -s "received signature algorithm: 0x503" \ 1940 -s "got named group: ffdhe2048(0100)" \ 1941 -s "Certificate verification was skipped" \ 1942 -C "received HelloRetryRequest message" 1943 1944 requires_config_enabled MBEDTLS_SSL_SRV_C 1945 requires_config_enabled MBEDTLS_DEBUG_C 1946 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1947 requires_config_enabled PSA_WANT_ALG_FFDH 1948 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1949 requires_openssl_tls1_3_with_ffdh 1950 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 1951 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1952 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \ 1953 0 \ 1954 -s "Protocol is TLSv1.3" \ 1955 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1956 -s "received signature algorithm: 0x603" \ 1957 -s "got named group: ffdhe2048(0100)" \ 1958 -s "Certificate verification was skipped" \ 1959 -C "received HelloRetryRequest message" 1960 1961 requires_config_enabled MBEDTLS_SSL_SRV_C 1962 requires_config_enabled MBEDTLS_DEBUG_C 1963 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1964 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 1965 requires_config_enabled PSA_WANT_ALG_FFDH 1966 requires_config_enabled PSA_WANT_DH_RFC7919_2048 1967 requires_openssl_tls1_3_with_ffdh 1968 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 1969 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1970 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \ 1971 0 \ 1972 -s "Protocol is TLSv1.3" \ 1973 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 1974 -s "received signature algorithm: 0x804" \ 1975 -s "got named group: ffdhe2048(0100)" \ 1976 -s "Certificate verification was skipped" \ 1977 -C "received HelloRetryRequest message" 1978 1979 requires_config_enabled MBEDTLS_SSL_SRV_C 1980 requires_config_enabled MBEDTLS_DEBUG_C 1981 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1982 requires_config_enabled PSA_WANT_ALG_ECDH 1983 requires_gnutls_tls1_3 1984 requires_gnutls_next_no_ticket 1985 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 1986 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 1987 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 1988 0 \ 1989 -s "Protocol is TLSv1.3" \ 1990 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 1991 -s "received signature algorithm: 0x403" \ 1992 -s "got named group: secp256r1(0017)" \ 1993 -s "Certificate verification was skipped" \ 1994 -C "received HelloRetryRequest message" 1995 1996 requires_config_enabled MBEDTLS_SSL_SRV_C 1997 requires_config_enabled MBEDTLS_DEBUG_C 1998 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1999 requires_config_enabled PSA_WANT_ALG_ECDH 2000 requires_gnutls_tls1_3 2001 requires_gnutls_next_no_ticket 2002 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 2003 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2004 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2005 0 \ 2006 -s "Protocol is TLSv1.3" \ 2007 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2008 -s "received signature algorithm: 0x503" \ 2009 -s "got named group: secp256r1(0017)" \ 2010 -s "Certificate verification was skipped" \ 2011 -C "received HelloRetryRequest message" 2012 2013 requires_config_enabled MBEDTLS_SSL_SRV_C 2014 requires_config_enabled MBEDTLS_DEBUG_C 2015 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2016 requires_config_enabled PSA_WANT_ALG_ECDH 2017 requires_gnutls_tls1_3 2018 requires_gnutls_next_no_ticket 2019 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 2020 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2021 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2022 0 \ 2023 -s "Protocol is TLSv1.3" \ 2024 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2025 -s "received signature algorithm: 0x603" \ 2026 -s "got named group: secp256r1(0017)" \ 2027 -s "Certificate verification was skipped" \ 2028 -C "received HelloRetryRequest message" 2029 2030 requires_config_enabled MBEDTLS_SSL_SRV_C 2031 requires_config_enabled MBEDTLS_DEBUG_C 2032 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2033 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2034 requires_config_enabled PSA_WANT_ALG_ECDH 2035 requires_gnutls_tls1_3 2036 requires_gnutls_next_no_ticket 2037 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 2038 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2039 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2040 0 \ 2041 -s "Protocol is TLSv1.3" \ 2042 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2043 -s "received signature algorithm: 0x804" \ 2044 -s "got named group: secp256r1(0017)" \ 2045 -s "Certificate verification was skipped" \ 2046 -C "received HelloRetryRequest message" 2047 2048 requires_config_enabled MBEDTLS_SSL_SRV_C 2049 requires_config_enabled MBEDTLS_DEBUG_C 2050 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2051 requires_config_enabled PSA_WANT_ALG_ECDH 2052 requires_gnutls_tls1_3 2053 requires_gnutls_next_no_ticket 2054 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 2055 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2056 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2057 0 \ 2058 -s "Protocol is TLSv1.3" \ 2059 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2060 -s "received signature algorithm: 0x403" \ 2061 -s "got named group: secp384r1(0018)" \ 2062 -s "Certificate verification was skipped" \ 2063 -C "received HelloRetryRequest message" 2064 2065 requires_config_enabled MBEDTLS_SSL_SRV_C 2066 requires_config_enabled MBEDTLS_DEBUG_C 2067 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2068 requires_config_enabled PSA_WANT_ALG_ECDH 2069 requires_gnutls_tls1_3 2070 requires_gnutls_next_no_ticket 2071 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 2072 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2073 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2074 0 \ 2075 -s "Protocol is TLSv1.3" \ 2076 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2077 -s "received signature algorithm: 0x503" \ 2078 -s "got named group: secp384r1(0018)" \ 2079 -s "Certificate verification was skipped" \ 2080 -C "received HelloRetryRequest message" 2081 2082 requires_config_enabled MBEDTLS_SSL_SRV_C 2083 requires_config_enabled MBEDTLS_DEBUG_C 2084 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2085 requires_config_enabled PSA_WANT_ALG_ECDH 2086 requires_gnutls_tls1_3 2087 requires_gnutls_next_no_ticket 2088 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 2089 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2090 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2091 0 \ 2092 -s "Protocol is TLSv1.3" \ 2093 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2094 -s "received signature algorithm: 0x603" \ 2095 -s "got named group: secp384r1(0018)" \ 2096 -s "Certificate verification was skipped" \ 2097 -C "received HelloRetryRequest message" 2098 2099 requires_config_enabled MBEDTLS_SSL_SRV_C 2100 requires_config_enabled MBEDTLS_DEBUG_C 2101 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2102 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2103 requires_config_enabled PSA_WANT_ALG_ECDH 2104 requires_gnutls_tls1_3 2105 requires_gnutls_next_no_ticket 2106 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 2107 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2108 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2109 0 \ 2110 -s "Protocol is TLSv1.3" \ 2111 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2112 -s "received signature algorithm: 0x804" \ 2113 -s "got named group: secp384r1(0018)" \ 2114 -s "Certificate verification was skipped" \ 2115 -C "received HelloRetryRequest message" 2116 2117 requires_config_enabled MBEDTLS_SSL_SRV_C 2118 requires_config_enabled MBEDTLS_DEBUG_C 2119 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2120 requires_config_enabled PSA_WANT_ALG_ECDH 2121 requires_gnutls_tls1_3 2122 requires_gnutls_next_no_ticket 2123 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 2124 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2125 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2126 0 \ 2127 -s "Protocol is TLSv1.3" \ 2128 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2129 -s "received signature algorithm: 0x403" \ 2130 -s "got named group: secp521r1(0019)" \ 2131 -s "Certificate verification was skipped" \ 2132 -C "received HelloRetryRequest message" 2133 2134 requires_config_enabled MBEDTLS_SSL_SRV_C 2135 requires_config_enabled MBEDTLS_DEBUG_C 2136 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2137 requires_config_enabled PSA_WANT_ALG_ECDH 2138 requires_gnutls_tls1_3 2139 requires_gnutls_next_no_ticket 2140 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 2141 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2142 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2143 0 \ 2144 -s "Protocol is TLSv1.3" \ 2145 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2146 -s "received signature algorithm: 0x503" \ 2147 -s "got named group: secp521r1(0019)" \ 2148 -s "Certificate verification was skipped" \ 2149 -C "received HelloRetryRequest message" 2150 2151 requires_config_enabled MBEDTLS_SSL_SRV_C 2152 requires_config_enabled MBEDTLS_DEBUG_C 2153 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2154 requires_config_enabled PSA_WANT_ALG_ECDH 2155 requires_gnutls_tls1_3 2156 requires_gnutls_next_no_ticket 2157 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 2158 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2159 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2160 0 \ 2161 -s "Protocol is TLSv1.3" \ 2162 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2163 -s "received signature algorithm: 0x603" \ 2164 -s "got named group: secp521r1(0019)" \ 2165 -s "Certificate verification was skipped" \ 2166 -C "received HelloRetryRequest message" 2167 2168 requires_config_enabled MBEDTLS_SSL_SRV_C 2169 requires_config_enabled MBEDTLS_DEBUG_C 2170 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2171 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2172 requires_config_enabled PSA_WANT_ALG_ECDH 2173 requires_gnutls_tls1_3 2174 requires_gnutls_next_no_ticket 2175 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 2176 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2177 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2178 0 \ 2179 -s "Protocol is TLSv1.3" \ 2180 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2181 -s "received signature algorithm: 0x804" \ 2182 -s "got named group: secp521r1(0019)" \ 2183 -s "Certificate verification was skipped" \ 2184 -C "received HelloRetryRequest message" 2185 2186 requires_config_enabled MBEDTLS_SSL_SRV_C 2187 requires_config_enabled MBEDTLS_DEBUG_C 2188 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2189 requires_config_enabled PSA_WANT_ALG_ECDH 2190 requires_gnutls_tls1_3 2191 requires_gnutls_next_no_ticket 2192 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ 2193 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2194 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 2195 0 \ 2196 -s "Protocol is TLSv1.3" \ 2197 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2198 -s "received signature algorithm: 0x403" \ 2199 -s "got named group: x25519(001d)" \ 2200 -s "Certificate verification was skipped" \ 2201 -C "received HelloRetryRequest message" 2202 2203 requires_config_enabled MBEDTLS_SSL_SRV_C 2204 requires_config_enabled MBEDTLS_DEBUG_C 2205 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2206 requires_config_enabled PSA_WANT_ALG_ECDH 2207 requires_gnutls_tls1_3 2208 requires_gnutls_next_no_ticket 2209 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ 2210 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2211 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 2212 0 \ 2213 -s "Protocol is TLSv1.3" \ 2214 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2215 -s "received signature algorithm: 0x503" \ 2216 -s "got named group: x25519(001d)" \ 2217 -s "Certificate verification was skipped" \ 2218 -C "received HelloRetryRequest message" 2219 2220 requires_config_enabled MBEDTLS_SSL_SRV_C 2221 requires_config_enabled MBEDTLS_DEBUG_C 2222 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2223 requires_config_enabled PSA_WANT_ALG_ECDH 2224 requires_gnutls_tls1_3 2225 requires_gnutls_next_no_ticket 2226 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ 2227 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2228 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 2229 0 \ 2230 -s "Protocol is TLSv1.3" \ 2231 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2232 -s "received signature algorithm: 0x603" \ 2233 -s "got named group: x25519(001d)" \ 2234 -s "Certificate verification was skipped" \ 2235 -C "received HelloRetryRequest message" 2236 2237 requires_config_enabled MBEDTLS_SSL_SRV_C 2238 requires_config_enabled MBEDTLS_DEBUG_C 2239 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2240 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2241 requires_config_enabled PSA_WANT_ALG_ECDH 2242 requires_gnutls_tls1_3 2243 requires_gnutls_next_no_ticket 2244 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ 2245 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2246 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 2247 0 \ 2248 -s "Protocol is TLSv1.3" \ 2249 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2250 -s "received signature algorithm: 0x804" \ 2251 -s "got named group: x25519(001d)" \ 2252 -s "Certificate verification was skipped" \ 2253 -C "received HelloRetryRequest message" 2254 2255 requires_config_enabled MBEDTLS_SSL_SRV_C 2256 requires_config_enabled MBEDTLS_DEBUG_C 2257 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2258 requires_config_enabled PSA_WANT_ALG_ECDH 2259 requires_gnutls_tls1_3 2260 requires_gnutls_next_no_ticket 2261 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ 2262 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2263 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 2264 0 \ 2265 -s "Protocol is TLSv1.3" \ 2266 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2267 -s "received signature algorithm: 0x403" \ 2268 -s "got named group: x448(001e)" \ 2269 -s "Certificate verification was skipped" \ 2270 -C "received HelloRetryRequest message" 2271 2272 requires_config_enabled MBEDTLS_SSL_SRV_C 2273 requires_config_enabled MBEDTLS_DEBUG_C 2274 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2275 requires_config_enabled PSA_WANT_ALG_ECDH 2276 requires_gnutls_tls1_3 2277 requires_gnutls_next_no_ticket 2278 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ 2279 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2280 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 2281 0 \ 2282 -s "Protocol is TLSv1.3" \ 2283 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2284 -s "received signature algorithm: 0x503" \ 2285 -s "got named group: x448(001e)" \ 2286 -s "Certificate verification was skipped" \ 2287 -C "received HelloRetryRequest message" 2288 2289 requires_config_enabled MBEDTLS_SSL_SRV_C 2290 requires_config_enabled MBEDTLS_DEBUG_C 2291 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2292 requires_config_enabled PSA_WANT_ALG_ECDH 2293 requires_gnutls_tls1_3 2294 requires_gnutls_next_no_ticket 2295 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ 2296 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2297 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 2298 0 \ 2299 -s "Protocol is TLSv1.3" \ 2300 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2301 -s "received signature algorithm: 0x603" \ 2302 -s "got named group: x448(001e)" \ 2303 -s "Certificate verification was skipped" \ 2304 -C "received HelloRetryRequest message" 2305 2306 requires_config_enabled MBEDTLS_SSL_SRV_C 2307 requires_config_enabled MBEDTLS_DEBUG_C 2308 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2309 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2310 requires_config_enabled PSA_WANT_ALG_ECDH 2311 requires_gnutls_tls1_3 2312 requires_gnutls_next_no_ticket 2313 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ 2314 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2315 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 2316 0 \ 2317 -s "Protocol is TLSv1.3" \ 2318 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2319 -s "received signature algorithm: 0x804" \ 2320 -s "got named group: x448(001e)" \ 2321 -s "Certificate verification was skipped" \ 2322 -C "received HelloRetryRequest message" 2323 2324 requires_config_enabled MBEDTLS_SSL_SRV_C 2325 requires_config_enabled MBEDTLS_DEBUG_C 2326 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2327 requires_config_enabled PSA_WANT_ALG_FFDH 2328 requires_config_enabled PSA_WANT_DH_RFC7919_2048 2329 requires_gnutls_tls1_3 2330 requires_gnutls_next_no_ticket 2331 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 2332 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2333 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 2334 0 \ 2335 -s "Protocol is TLSv1.3" \ 2336 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2337 -s "received signature algorithm: 0x403" \ 2338 -s "got named group: ffdhe2048(0100)" \ 2339 -s "Certificate verification was skipped" \ 2340 -C "received HelloRetryRequest message" 2341 2342 requires_config_enabled MBEDTLS_SSL_SRV_C 2343 requires_config_enabled MBEDTLS_DEBUG_C 2344 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2345 requires_config_enabled PSA_WANT_ALG_FFDH 2346 requires_config_enabled PSA_WANT_DH_RFC7919_2048 2347 requires_gnutls_tls1_3 2348 requires_gnutls_next_no_ticket 2349 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 2350 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2351 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 2352 0 \ 2353 -s "Protocol is TLSv1.3" \ 2354 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2355 -s "received signature algorithm: 0x503" \ 2356 -s "got named group: ffdhe2048(0100)" \ 2357 -s "Certificate verification was skipped" \ 2358 -C "received HelloRetryRequest message" 2359 2360 requires_config_enabled MBEDTLS_SSL_SRV_C 2361 requires_config_enabled MBEDTLS_DEBUG_C 2362 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2363 requires_config_enabled PSA_WANT_ALG_FFDH 2364 requires_config_enabled PSA_WANT_DH_RFC7919_2048 2365 requires_gnutls_tls1_3 2366 requires_gnutls_next_no_ticket 2367 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 2368 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2369 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 2370 0 \ 2371 -s "Protocol is TLSv1.3" \ 2372 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2373 -s "received signature algorithm: 0x603" \ 2374 -s "got named group: ffdhe2048(0100)" \ 2375 -s "Certificate verification was skipped" \ 2376 -C "received HelloRetryRequest message" 2377 2378 requires_config_enabled MBEDTLS_SSL_SRV_C 2379 requires_config_enabled MBEDTLS_DEBUG_C 2380 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2381 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2382 requires_config_enabled PSA_WANT_ALG_FFDH 2383 requires_config_enabled PSA_WANT_DH_RFC7919_2048 2384 requires_gnutls_tls1_3 2385 requires_gnutls_next_no_ticket 2386 run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 2387 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2388 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 2389 0 \ 2390 -s "Protocol is TLSv1.3" \ 2391 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 2392 -s "received signature algorithm: 0x804" \ 2393 -s "got named group: ffdhe2048(0100)" \ 2394 -s "Certificate verification was skipped" \ 2395 -C "received HelloRetryRequest message" 2396 2397 requires_config_enabled MBEDTLS_SSL_SRV_C 2398 requires_config_enabled MBEDTLS_DEBUG_C 2399 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2400 requires_config_enabled PSA_WANT_ALG_ECDH 2401 requires_gnutls_tls1_3 2402 requires_gnutls_next_no_ticket 2403 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ 2404 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2405 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2406 0 \ 2407 -s "Protocol is TLSv1.3" \ 2408 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2409 -s "received signature algorithm: 0x403" \ 2410 -s "got named group: secp256r1(0017)" \ 2411 -s "Certificate verification was skipped" \ 2412 -C "received HelloRetryRequest message" 2413 2414 requires_config_enabled MBEDTLS_SSL_SRV_C 2415 requires_config_enabled MBEDTLS_DEBUG_C 2416 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2417 requires_config_enabled PSA_WANT_ALG_ECDH 2418 requires_gnutls_tls1_3 2419 requires_gnutls_next_no_ticket 2420 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ 2421 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2422 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2423 0 \ 2424 -s "Protocol is TLSv1.3" \ 2425 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2426 -s "received signature algorithm: 0x503" \ 2427 -s "got named group: secp256r1(0017)" \ 2428 -s "Certificate verification was skipped" \ 2429 -C "received HelloRetryRequest message" 2430 2431 requires_config_enabled MBEDTLS_SSL_SRV_C 2432 requires_config_enabled MBEDTLS_DEBUG_C 2433 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2434 requires_config_enabled PSA_WANT_ALG_ECDH 2435 requires_gnutls_tls1_3 2436 requires_gnutls_next_no_ticket 2437 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ 2438 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2439 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2440 0 \ 2441 -s "Protocol is TLSv1.3" \ 2442 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2443 -s "received signature algorithm: 0x603" \ 2444 -s "got named group: secp256r1(0017)" \ 2445 -s "Certificate verification was skipped" \ 2446 -C "received HelloRetryRequest message" 2447 2448 requires_config_enabled MBEDTLS_SSL_SRV_C 2449 requires_config_enabled MBEDTLS_DEBUG_C 2450 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2451 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2452 requires_config_enabled PSA_WANT_ALG_ECDH 2453 requires_gnutls_tls1_3 2454 requires_gnutls_next_no_ticket 2455 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ 2456 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2457 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2458 0 \ 2459 -s "Protocol is TLSv1.3" \ 2460 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2461 -s "received signature algorithm: 0x804" \ 2462 -s "got named group: secp256r1(0017)" \ 2463 -s "Certificate verification was skipped" \ 2464 -C "received HelloRetryRequest message" 2465 2466 requires_config_enabled MBEDTLS_SSL_SRV_C 2467 requires_config_enabled MBEDTLS_DEBUG_C 2468 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2469 requires_config_enabled PSA_WANT_ALG_ECDH 2470 requires_gnutls_tls1_3 2471 requires_gnutls_next_no_ticket 2472 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ 2473 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2474 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2475 0 \ 2476 -s "Protocol is TLSv1.3" \ 2477 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2478 -s "received signature algorithm: 0x403" \ 2479 -s "got named group: secp384r1(0018)" \ 2480 -s "Certificate verification was skipped" \ 2481 -C "received HelloRetryRequest message" 2482 2483 requires_config_enabled MBEDTLS_SSL_SRV_C 2484 requires_config_enabled MBEDTLS_DEBUG_C 2485 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2486 requires_config_enabled PSA_WANT_ALG_ECDH 2487 requires_gnutls_tls1_3 2488 requires_gnutls_next_no_ticket 2489 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ 2490 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2491 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2492 0 \ 2493 -s "Protocol is TLSv1.3" \ 2494 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2495 -s "received signature algorithm: 0x503" \ 2496 -s "got named group: secp384r1(0018)" \ 2497 -s "Certificate verification was skipped" \ 2498 -C "received HelloRetryRequest message" 2499 2500 requires_config_enabled MBEDTLS_SSL_SRV_C 2501 requires_config_enabled MBEDTLS_DEBUG_C 2502 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2503 requires_config_enabled PSA_WANT_ALG_ECDH 2504 requires_gnutls_tls1_3 2505 requires_gnutls_next_no_ticket 2506 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ 2507 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2508 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2509 0 \ 2510 -s "Protocol is TLSv1.3" \ 2511 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2512 -s "received signature algorithm: 0x603" \ 2513 -s "got named group: secp384r1(0018)" \ 2514 -s "Certificate verification was skipped" \ 2515 -C "received HelloRetryRequest message" 2516 2517 requires_config_enabled MBEDTLS_SSL_SRV_C 2518 requires_config_enabled MBEDTLS_DEBUG_C 2519 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2520 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2521 requires_config_enabled PSA_WANT_ALG_ECDH 2522 requires_gnutls_tls1_3 2523 requires_gnutls_next_no_ticket 2524 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ 2525 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2526 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2527 0 \ 2528 -s "Protocol is TLSv1.3" \ 2529 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2530 -s "received signature algorithm: 0x804" \ 2531 -s "got named group: secp384r1(0018)" \ 2532 -s "Certificate verification was skipped" \ 2533 -C "received HelloRetryRequest message" 2534 2535 requires_config_enabled MBEDTLS_SSL_SRV_C 2536 requires_config_enabled MBEDTLS_DEBUG_C 2537 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2538 requires_config_enabled PSA_WANT_ALG_ECDH 2539 requires_gnutls_tls1_3 2540 requires_gnutls_next_no_ticket 2541 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ 2542 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2543 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2544 0 \ 2545 -s "Protocol is TLSv1.3" \ 2546 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2547 -s "received signature algorithm: 0x403" \ 2548 -s "got named group: secp521r1(0019)" \ 2549 -s "Certificate verification was skipped" \ 2550 -C "received HelloRetryRequest message" 2551 2552 requires_config_enabled MBEDTLS_SSL_SRV_C 2553 requires_config_enabled MBEDTLS_DEBUG_C 2554 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2555 requires_config_enabled PSA_WANT_ALG_ECDH 2556 requires_gnutls_tls1_3 2557 requires_gnutls_next_no_ticket 2558 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ 2559 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2560 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2561 0 \ 2562 -s "Protocol is TLSv1.3" \ 2563 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2564 -s "received signature algorithm: 0x503" \ 2565 -s "got named group: secp521r1(0019)" \ 2566 -s "Certificate verification was skipped" \ 2567 -C "received HelloRetryRequest message" 2568 2569 requires_config_enabled MBEDTLS_SSL_SRV_C 2570 requires_config_enabled MBEDTLS_DEBUG_C 2571 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2572 requires_config_enabled PSA_WANT_ALG_ECDH 2573 requires_gnutls_tls1_3 2574 requires_gnutls_next_no_ticket 2575 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ 2576 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2577 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2578 0 \ 2579 -s "Protocol is TLSv1.3" \ 2580 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2581 -s "received signature algorithm: 0x603" \ 2582 -s "got named group: secp521r1(0019)" \ 2583 -s "Certificate verification was skipped" \ 2584 -C "received HelloRetryRequest message" 2585 2586 requires_config_enabled MBEDTLS_SSL_SRV_C 2587 requires_config_enabled MBEDTLS_DEBUG_C 2588 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2589 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2590 requires_config_enabled PSA_WANT_ALG_ECDH 2591 requires_gnutls_tls1_3 2592 requires_gnutls_next_no_ticket 2593 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ 2594 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2595 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2596 0 \ 2597 -s "Protocol is TLSv1.3" \ 2598 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2599 -s "received signature algorithm: 0x804" \ 2600 -s "got named group: secp521r1(0019)" \ 2601 -s "Certificate verification was skipped" \ 2602 -C "received HelloRetryRequest message" 2603 2604 requires_config_enabled MBEDTLS_SSL_SRV_C 2605 requires_config_enabled MBEDTLS_DEBUG_C 2606 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2607 requires_config_enabled PSA_WANT_ALG_ECDH 2608 requires_gnutls_tls1_3 2609 requires_gnutls_next_no_ticket 2610 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ 2611 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2612 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 2613 0 \ 2614 -s "Protocol is TLSv1.3" \ 2615 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2616 -s "received signature algorithm: 0x403" \ 2617 -s "got named group: x25519(001d)" \ 2618 -s "Certificate verification was skipped" \ 2619 -C "received HelloRetryRequest message" 2620 2621 requires_config_enabled MBEDTLS_SSL_SRV_C 2622 requires_config_enabled MBEDTLS_DEBUG_C 2623 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2624 requires_config_enabled PSA_WANT_ALG_ECDH 2625 requires_gnutls_tls1_3 2626 requires_gnutls_next_no_ticket 2627 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ 2628 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2629 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 2630 0 \ 2631 -s "Protocol is TLSv1.3" \ 2632 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2633 -s "received signature algorithm: 0x503" \ 2634 -s "got named group: x25519(001d)" \ 2635 -s "Certificate verification was skipped" \ 2636 -C "received HelloRetryRequest message" 2637 2638 requires_config_enabled MBEDTLS_SSL_SRV_C 2639 requires_config_enabled MBEDTLS_DEBUG_C 2640 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2641 requires_config_enabled PSA_WANT_ALG_ECDH 2642 requires_gnutls_tls1_3 2643 requires_gnutls_next_no_ticket 2644 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ 2645 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2646 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 2647 0 \ 2648 -s "Protocol is TLSv1.3" \ 2649 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2650 -s "received signature algorithm: 0x603" \ 2651 -s "got named group: x25519(001d)" \ 2652 -s "Certificate verification was skipped" \ 2653 -C "received HelloRetryRequest message" 2654 2655 requires_config_enabled MBEDTLS_SSL_SRV_C 2656 requires_config_enabled MBEDTLS_DEBUG_C 2657 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2658 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2659 requires_config_enabled PSA_WANT_ALG_ECDH 2660 requires_gnutls_tls1_3 2661 requires_gnutls_next_no_ticket 2662 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ 2663 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2664 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 2665 0 \ 2666 -s "Protocol is TLSv1.3" \ 2667 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2668 -s "received signature algorithm: 0x804" \ 2669 -s "got named group: x25519(001d)" \ 2670 -s "Certificate verification was skipped" \ 2671 -C "received HelloRetryRequest message" 2672 2673 requires_config_enabled MBEDTLS_SSL_SRV_C 2674 requires_config_enabled MBEDTLS_DEBUG_C 2675 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2676 requires_config_enabled PSA_WANT_ALG_ECDH 2677 requires_gnutls_tls1_3 2678 requires_gnutls_next_no_ticket 2679 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ 2680 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2681 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 2682 0 \ 2683 -s "Protocol is TLSv1.3" \ 2684 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2685 -s "received signature algorithm: 0x403" \ 2686 -s "got named group: x448(001e)" \ 2687 -s "Certificate verification was skipped" \ 2688 -C "received HelloRetryRequest message" 2689 2690 requires_config_enabled MBEDTLS_SSL_SRV_C 2691 requires_config_enabled MBEDTLS_DEBUG_C 2692 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2693 requires_config_enabled PSA_WANT_ALG_ECDH 2694 requires_gnutls_tls1_3 2695 requires_gnutls_next_no_ticket 2696 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ 2697 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2698 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 2699 0 \ 2700 -s "Protocol is TLSv1.3" \ 2701 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2702 -s "received signature algorithm: 0x503" \ 2703 -s "got named group: x448(001e)" \ 2704 -s "Certificate verification was skipped" \ 2705 -C "received HelloRetryRequest message" 2706 2707 requires_config_enabled MBEDTLS_SSL_SRV_C 2708 requires_config_enabled MBEDTLS_DEBUG_C 2709 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2710 requires_config_enabled PSA_WANT_ALG_ECDH 2711 requires_gnutls_tls1_3 2712 requires_gnutls_next_no_ticket 2713 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ 2714 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2715 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 2716 0 \ 2717 -s "Protocol is TLSv1.3" \ 2718 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2719 -s "received signature algorithm: 0x603" \ 2720 -s "got named group: x448(001e)" \ 2721 -s "Certificate verification was skipped" \ 2722 -C "received HelloRetryRequest message" 2723 2724 requires_config_enabled MBEDTLS_SSL_SRV_C 2725 requires_config_enabled MBEDTLS_DEBUG_C 2726 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2727 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2728 requires_config_enabled PSA_WANT_ALG_ECDH 2729 requires_gnutls_tls1_3 2730 requires_gnutls_next_no_ticket 2731 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ 2732 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2733 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 2734 0 \ 2735 -s "Protocol is TLSv1.3" \ 2736 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2737 -s "received signature algorithm: 0x804" \ 2738 -s "got named group: x448(001e)" \ 2739 -s "Certificate verification was skipped" \ 2740 -C "received HelloRetryRequest message" 2741 2742 requires_config_enabled MBEDTLS_SSL_SRV_C 2743 requires_config_enabled MBEDTLS_DEBUG_C 2744 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2745 requires_config_enabled PSA_WANT_ALG_FFDH 2746 requires_config_enabled PSA_WANT_DH_RFC7919_2048 2747 requires_gnutls_tls1_3 2748 requires_gnutls_next_no_ticket 2749 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \ 2750 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2751 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 2752 0 \ 2753 -s "Protocol is TLSv1.3" \ 2754 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2755 -s "received signature algorithm: 0x403" \ 2756 -s "got named group: ffdhe2048(0100)" \ 2757 -s "Certificate verification was skipped" \ 2758 -C "received HelloRetryRequest message" 2759 2760 requires_config_enabled MBEDTLS_SSL_SRV_C 2761 requires_config_enabled MBEDTLS_DEBUG_C 2762 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2763 requires_config_enabled PSA_WANT_ALG_FFDH 2764 requires_config_enabled PSA_WANT_DH_RFC7919_2048 2765 requires_gnutls_tls1_3 2766 requires_gnutls_next_no_ticket 2767 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \ 2768 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2769 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 2770 0 \ 2771 -s "Protocol is TLSv1.3" \ 2772 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2773 -s "received signature algorithm: 0x503" \ 2774 -s "got named group: ffdhe2048(0100)" \ 2775 -s "Certificate verification was skipped" \ 2776 -C "received HelloRetryRequest message" 2777 2778 requires_config_enabled MBEDTLS_SSL_SRV_C 2779 requires_config_enabled MBEDTLS_DEBUG_C 2780 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2781 requires_config_enabled PSA_WANT_ALG_FFDH 2782 requires_config_enabled PSA_WANT_DH_RFC7919_2048 2783 requires_gnutls_tls1_3 2784 requires_gnutls_next_no_ticket 2785 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \ 2786 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2787 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 2788 0 \ 2789 -s "Protocol is TLSv1.3" \ 2790 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2791 -s "received signature algorithm: 0x603" \ 2792 -s "got named group: ffdhe2048(0100)" \ 2793 -s "Certificate verification was skipped" \ 2794 -C "received HelloRetryRequest message" 2795 2796 requires_config_enabled MBEDTLS_SSL_SRV_C 2797 requires_config_enabled MBEDTLS_DEBUG_C 2798 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2799 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2800 requires_config_enabled PSA_WANT_ALG_FFDH 2801 requires_config_enabled PSA_WANT_DH_RFC7919_2048 2802 requires_gnutls_tls1_3 2803 requires_gnutls_next_no_ticket 2804 run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ 2805 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2806 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 2807 0 \ 2808 -s "Protocol is TLSv1.3" \ 2809 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 2810 -s "received signature algorithm: 0x804" \ 2811 -s "got named group: ffdhe2048(0100)" \ 2812 -s "Certificate verification was skipped" \ 2813 -C "received HelloRetryRequest message" 2814 2815 requires_config_enabled MBEDTLS_SSL_SRV_C 2816 requires_config_enabled MBEDTLS_DEBUG_C 2817 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2818 requires_config_enabled PSA_WANT_ALG_ECDH 2819 requires_gnutls_tls1_3 2820 requires_gnutls_next_no_ticket 2821 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 2822 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2823 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2824 0 \ 2825 -s "Protocol is TLSv1.3" \ 2826 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2827 -s "received signature algorithm: 0x403" \ 2828 -s "got named group: secp256r1(0017)" \ 2829 -s "Certificate verification was skipped" \ 2830 -C "received HelloRetryRequest message" 2831 2832 requires_config_enabled MBEDTLS_SSL_SRV_C 2833 requires_config_enabled MBEDTLS_DEBUG_C 2834 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2835 requires_config_enabled PSA_WANT_ALG_ECDH 2836 requires_gnutls_tls1_3 2837 requires_gnutls_next_no_ticket 2838 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 2839 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2840 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2841 0 \ 2842 -s "Protocol is TLSv1.3" \ 2843 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2844 -s "received signature algorithm: 0x503" \ 2845 -s "got named group: secp256r1(0017)" \ 2846 -s "Certificate verification was skipped" \ 2847 -C "received HelloRetryRequest message" 2848 2849 requires_config_enabled MBEDTLS_SSL_SRV_C 2850 requires_config_enabled MBEDTLS_DEBUG_C 2851 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2852 requires_config_enabled PSA_WANT_ALG_ECDH 2853 requires_gnutls_tls1_3 2854 requires_gnutls_next_no_ticket 2855 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 2856 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2857 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2858 0 \ 2859 -s "Protocol is TLSv1.3" \ 2860 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2861 -s "received signature algorithm: 0x603" \ 2862 -s "got named group: secp256r1(0017)" \ 2863 -s "Certificate verification was skipped" \ 2864 -C "received HelloRetryRequest message" 2865 2866 requires_config_enabled MBEDTLS_SSL_SRV_C 2867 requires_config_enabled MBEDTLS_DEBUG_C 2868 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2869 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2870 requires_config_enabled PSA_WANT_ALG_ECDH 2871 requires_gnutls_tls1_3 2872 requires_gnutls_next_no_ticket 2873 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 2874 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2875 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 2876 0 \ 2877 -s "Protocol is TLSv1.3" \ 2878 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2879 -s "received signature algorithm: 0x804" \ 2880 -s "got named group: secp256r1(0017)" \ 2881 -s "Certificate verification was skipped" \ 2882 -C "received HelloRetryRequest message" 2883 2884 requires_config_enabled MBEDTLS_SSL_SRV_C 2885 requires_config_enabled MBEDTLS_DEBUG_C 2886 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2887 requires_config_enabled PSA_WANT_ALG_ECDH 2888 requires_gnutls_tls1_3 2889 requires_gnutls_next_no_ticket 2890 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 2891 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2892 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2893 0 \ 2894 -s "Protocol is TLSv1.3" \ 2895 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2896 -s "received signature algorithm: 0x403" \ 2897 -s "got named group: secp384r1(0018)" \ 2898 -s "Certificate verification was skipped" \ 2899 -C "received HelloRetryRequest message" 2900 2901 requires_config_enabled MBEDTLS_SSL_SRV_C 2902 requires_config_enabled MBEDTLS_DEBUG_C 2903 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2904 requires_config_enabled PSA_WANT_ALG_ECDH 2905 requires_gnutls_tls1_3 2906 requires_gnutls_next_no_ticket 2907 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 2908 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2909 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2910 0 \ 2911 -s "Protocol is TLSv1.3" \ 2912 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2913 -s "received signature algorithm: 0x503" \ 2914 -s "got named group: secp384r1(0018)" \ 2915 -s "Certificate verification was skipped" \ 2916 -C "received HelloRetryRequest message" 2917 2918 requires_config_enabled MBEDTLS_SSL_SRV_C 2919 requires_config_enabled MBEDTLS_DEBUG_C 2920 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2921 requires_config_enabled PSA_WANT_ALG_ECDH 2922 requires_gnutls_tls1_3 2923 requires_gnutls_next_no_ticket 2924 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 2925 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2926 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2927 0 \ 2928 -s "Protocol is TLSv1.3" \ 2929 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2930 -s "received signature algorithm: 0x603" \ 2931 -s "got named group: secp384r1(0018)" \ 2932 -s "Certificate verification was skipped" \ 2933 -C "received HelloRetryRequest message" 2934 2935 requires_config_enabled MBEDTLS_SSL_SRV_C 2936 requires_config_enabled MBEDTLS_DEBUG_C 2937 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2938 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 2939 requires_config_enabled PSA_WANT_ALG_ECDH 2940 requires_gnutls_tls1_3 2941 requires_gnutls_next_no_ticket 2942 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 2943 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2944 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 2945 0 \ 2946 -s "Protocol is TLSv1.3" \ 2947 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2948 -s "received signature algorithm: 0x804" \ 2949 -s "got named group: secp384r1(0018)" \ 2950 -s "Certificate verification was skipped" \ 2951 -C "received HelloRetryRequest message" 2952 2953 requires_config_enabled MBEDTLS_SSL_SRV_C 2954 requires_config_enabled MBEDTLS_DEBUG_C 2955 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2956 requires_config_enabled PSA_WANT_ALG_ECDH 2957 requires_gnutls_tls1_3 2958 requires_gnutls_next_no_ticket 2959 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 2960 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2961 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2962 0 \ 2963 -s "Protocol is TLSv1.3" \ 2964 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2965 -s "received signature algorithm: 0x403" \ 2966 -s "got named group: secp521r1(0019)" \ 2967 -s "Certificate verification was skipped" \ 2968 -C "received HelloRetryRequest message" 2969 2970 requires_config_enabled MBEDTLS_SSL_SRV_C 2971 requires_config_enabled MBEDTLS_DEBUG_C 2972 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2973 requires_config_enabled PSA_WANT_ALG_ECDH 2974 requires_gnutls_tls1_3 2975 requires_gnutls_next_no_ticket 2976 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 2977 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2978 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2979 0 \ 2980 -s "Protocol is TLSv1.3" \ 2981 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2982 -s "received signature algorithm: 0x503" \ 2983 -s "got named group: secp521r1(0019)" \ 2984 -s "Certificate verification was skipped" \ 2985 -C "received HelloRetryRequest message" 2986 2987 requires_config_enabled MBEDTLS_SSL_SRV_C 2988 requires_config_enabled MBEDTLS_DEBUG_C 2989 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2990 requires_config_enabled PSA_WANT_ALG_ECDH 2991 requires_gnutls_tls1_3 2992 requires_gnutls_next_no_ticket 2993 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 2994 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 2995 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 2996 0 \ 2997 -s "Protocol is TLSv1.3" \ 2998 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 2999 -s "received signature algorithm: 0x603" \ 3000 -s "got named group: secp521r1(0019)" \ 3001 -s "Certificate verification was skipped" \ 3002 -C "received HelloRetryRequest message" 3003 3004 requires_config_enabled MBEDTLS_SSL_SRV_C 3005 requires_config_enabled MBEDTLS_DEBUG_C 3006 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3007 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3008 requires_config_enabled PSA_WANT_ALG_ECDH 3009 requires_gnutls_tls1_3 3010 requires_gnutls_next_no_ticket 3011 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 3012 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3013 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 3014 0 \ 3015 -s "Protocol is TLSv1.3" \ 3016 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3017 -s "received signature algorithm: 0x804" \ 3018 -s "got named group: secp521r1(0019)" \ 3019 -s "Certificate verification was skipped" \ 3020 -C "received HelloRetryRequest message" 3021 3022 requires_config_enabled MBEDTLS_SSL_SRV_C 3023 requires_config_enabled MBEDTLS_DEBUG_C 3024 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3025 requires_config_enabled PSA_WANT_ALG_ECDH 3026 requires_gnutls_tls1_3 3027 requires_gnutls_next_no_ticket 3028 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ 3029 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3030 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3031 0 \ 3032 -s "Protocol is TLSv1.3" \ 3033 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3034 -s "received signature algorithm: 0x403" \ 3035 -s "got named group: x25519(001d)" \ 3036 -s "Certificate verification was skipped" \ 3037 -C "received HelloRetryRequest message" 3038 3039 requires_config_enabled MBEDTLS_SSL_SRV_C 3040 requires_config_enabled MBEDTLS_DEBUG_C 3041 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3042 requires_config_enabled PSA_WANT_ALG_ECDH 3043 requires_gnutls_tls1_3 3044 requires_gnutls_next_no_ticket 3045 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ 3046 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3047 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3048 0 \ 3049 -s "Protocol is TLSv1.3" \ 3050 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3051 -s "received signature algorithm: 0x503" \ 3052 -s "got named group: x25519(001d)" \ 3053 -s "Certificate verification was skipped" \ 3054 -C "received HelloRetryRequest message" 3055 3056 requires_config_enabled MBEDTLS_SSL_SRV_C 3057 requires_config_enabled MBEDTLS_DEBUG_C 3058 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3059 requires_config_enabled PSA_WANT_ALG_ECDH 3060 requires_gnutls_tls1_3 3061 requires_gnutls_next_no_ticket 3062 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ 3063 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3064 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3065 0 \ 3066 -s "Protocol is TLSv1.3" \ 3067 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3068 -s "received signature algorithm: 0x603" \ 3069 -s "got named group: x25519(001d)" \ 3070 -s "Certificate verification was skipped" \ 3071 -C "received HelloRetryRequest message" 3072 3073 requires_config_enabled MBEDTLS_SSL_SRV_C 3074 requires_config_enabled MBEDTLS_DEBUG_C 3075 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3076 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3077 requires_config_enabled PSA_WANT_ALG_ECDH 3078 requires_gnutls_tls1_3 3079 requires_gnutls_next_no_ticket 3080 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ 3081 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3082 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3083 0 \ 3084 -s "Protocol is TLSv1.3" \ 3085 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3086 -s "received signature algorithm: 0x804" \ 3087 -s "got named group: x25519(001d)" \ 3088 -s "Certificate verification was skipped" \ 3089 -C "received HelloRetryRequest message" 3090 3091 requires_config_enabled MBEDTLS_SSL_SRV_C 3092 requires_config_enabled MBEDTLS_DEBUG_C 3093 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3094 requires_config_enabled PSA_WANT_ALG_ECDH 3095 requires_gnutls_tls1_3 3096 requires_gnutls_next_no_ticket 3097 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ 3098 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3099 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3100 0 \ 3101 -s "Protocol is TLSv1.3" \ 3102 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3103 -s "received signature algorithm: 0x403" \ 3104 -s "got named group: x448(001e)" \ 3105 -s "Certificate verification was skipped" \ 3106 -C "received HelloRetryRequest message" 3107 3108 requires_config_enabled MBEDTLS_SSL_SRV_C 3109 requires_config_enabled MBEDTLS_DEBUG_C 3110 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3111 requires_config_enabled PSA_WANT_ALG_ECDH 3112 requires_gnutls_tls1_3 3113 requires_gnutls_next_no_ticket 3114 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ 3115 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3116 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3117 0 \ 3118 -s "Protocol is TLSv1.3" \ 3119 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3120 -s "received signature algorithm: 0x503" \ 3121 -s "got named group: x448(001e)" \ 3122 -s "Certificate verification was skipped" \ 3123 -C "received HelloRetryRequest message" 3124 3125 requires_config_enabled MBEDTLS_SSL_SRV_C 3126 requires_config_enabled MBEDTLS_DEBUG_C 3127 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3128 requires_config_enabled PSA_WANT_ALG_ECDH 3129 requires_gnutls_tls1_3 3130 requires_gnutls_next_no_ticket 3131 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ 3132 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3133 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3134 0 \ 3135 -s "Protocol is TLSv1.3" \ 3136 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3137 -s "received signature algorithm: 0x603" \ 3138 -s "got named group: x448(001e)" \ 3139 -s "Certificate verification was skipped" \ 3140 -C "received HelloRetryRequest message" 3141 3142 requires_config_enabled MBEDTLS_SSL_SRV_C 3143 requires_config_enabled MBEDTLS_DEBUG_C 3144 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3145 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3146 requires_config_enabled PSA_WANT_ALG_ECDH 3147 requires_gnutls_tls1_3 3148 requires_gnutls_next_no_ticket 3149 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ 3150 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3151 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3152 0 \ 3153 -s "Protocol is TLSv1.3" \ 3154 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3155 -s "received signature algorithm: 0x804" \ 3156 -s "got named group: x448(001e)" \ 3157 -s "Certificate verification was skipped" \ 3158 -C "received HelloRetryRequest message" 3159 3160 requires_config_enabled MBEDTLS_SSL_SRV_C 3161 requires_config_enabled MBEDTLS_DEBUG_C 3162 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3163 requires_config_enabled PSA_WANT_ALG_FFDH 3164 requires_config_enabled PSA_WANT_DH_RFC7919_2048 3165 requires_gnutls_tls1_3 3166 requires_gnutls_next_no_ticket 3167 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 3168 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3169 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 3170 0 \ 3171 -s "Protocol is TLSv1.3" \ 3172 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3173 -s "received signature algorithm: 0x403" \ 3174 -s "got named group: ffdhe2048(0100)" \ 3175 -s "Certificate verification was skipped" \ 3176 -C "received HelloRetryRequest message" 3177 3178 requires_config_enabled MBEDTLS_SSL_SRV_C 3179 requires_config_enabled MBEDTLS_DEBUG_C 3180 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3181 requires_config_enabled PSA_WANT_ALG_FFDH 3182 requires_config_enabled PSA_WANT_DH_RFC7919_2048 3183 requires_gnutls_tls1_3 3184 requires_gnutls_next_no_ticket 3185 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 3186 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3187 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 3188 0 \ 3189 -s "Protocol is TLSv1.3" \ 3190 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3191 -s "received signature algorithm: 0x503" \ 3192 -s "got named group: ffdhe2048(0100)" \ 3193 -s "Certificate verification was skipped" \ 3194 -C "received HelloRetryRequest message" 3195 3196 requires_config_enabled MBEDTLS_SSL_SRV_C 3197 requires_config_enabled MBEDTLS_DEBUG_C 3198 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3199 requires_config_enabled PSA_WANT_ALG_FFDH 3200 requires_config_enabled PSA_WANT_DH_RFC7919_2048 3201 requires_gnutls_tls1_3 3202 requires_gnutls_next_no_ticket 3203 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 3204 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3205 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 3206 0 \ 3207 -s "Protocol is TLSv1.3" \ 3208 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3209 -s "received signature algorithm: 0x603" \ 3210 -s "got named group: ffdhe2048(0100)" \ 3211 -s "Certificate verification was skipped" \ 3212 -C "received HelloRetryRequest message" 3213 3214 requires_config_enabled MBEDTLS_SSL_SRV_C 3215 requires_config_enabled MBEDTLS_DEBUG_C 3216 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3217 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3218 requires_config_enabled PSA_WANT_ALG_FFDH 3219 requires_config_enabled PSA_WANT_DH_RFC7919_2048 3220 requires_gnutls_tls1_3 3221 requires_gnutls_next_no_ticket 3222 run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 3223 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3224 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 3225 0 \ 3226 -s "Protocol is TLSv1.3" \ 3227 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 3228 -s "received signature algorithm: 0x804" \ 3229 -s "got named group: ffdhe2048(0100)" \ 3230 -s "Certificate verification was skipped" \ 3231 -C "received HelloRetryRequest message" 3232 3233 requires_config_enabled MBEDTLS_SSL_SRV_C 3234 requires_config_enabled MBEDTLS_DEBUG_C 3235 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3236 requires_config_enabled PSA_WANT_ALG_ECDH 3237 requires_gnutls_tls1_3 3238 requires_gnutls_next_no_ticket 3239 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 3240 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3241 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 3242 0 \ 3243 -s "Protocol is TLSv1.3" \ 3244 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3245 -s "received signature algorithm: 0x403" \ 3246 -s "got named group: secp256r1(0017)" \ 3247 -s "Certificate verification was skipped" \ 3248 -C "received HelloRetryRequest message" 3249 3250 requires_config_enabled MBEDTLS_SSL_SRV_C 3251 requires_config_enabled MBEDTLS_DEBUG_C 3252 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3253 requires_config_enabled PSA_WANT_ALG_ECDH 3254 requires_gnutls_tls1_3 3255 requires_gnutls_next_no_ticket 3256 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 3257 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3258 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 3259 0 \ 3260 -s "Protocol is TLSv1.3" \ 3261 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3262 -s "received signature algorithm: 0x503" \ 3263 -s "got named group: secp256r1(0017)" \ 3264 -s "Certificate verification was skipped" \ 3265 -C "received HelloRetryRequest message" 3266 3267 requires_config_enabled MBEDTLS_SSL_SRV_C 3268 requires_config_enabled MBEDTLS_DEBUG_C 3269 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3270 requires_config_enabled PSA_WANT_ALG_ECDH 3271 requires_gnutls_tls1_3 3272 requires_gnutls_next_no_ticket 3273 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 3274 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3275 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 3276 0 \ 3277 -s "Protocol is TLSv1.3" \ 3278 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3279 -s "received signature algorithm: 0x603" \ 3280 -s "got named group: secp256r1(0017)" \ 3281 -s "Certificate verification was skipped" \ 3282 -C "received HelloRetryRequest message" 3283 3284 requires_config_enabled MBEDTLS_SSL_SRV_C 3285 requires_config_enabled MBEDTLS_DEBUG_C 3286 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3287 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3288 requires_config_enabled PSA_WANT_ALG_ECDH 3289 requires_gnutls_tls1_3 3290 requires_gnutls_next_no_ticket 3291 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 3292 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3293 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 3294 0 \ 3295 -s "Protocol is TLSv1.3" \ 3296 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3297 -s "received signature algorithm: 0x804" \ 3298 -s "got named group: secp256r1(0017)" \ 3299 -s "Certificate verification was skipped" \ 3300 -C "received HelloRetryRequest message" 3301 3302 requires_config_enabled MBEDTLS_SSL_SRV_C 3303 requires_config_enabled MBEDTLS_DEBUG_C 3304 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3305 requires_config_enabled PSA_WANT_ALG_ECDH 3306 requires_gnutls_tls1_3 3307 requires_gnutls_next_no_ticket 3308 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 3309 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3310 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 3311 0 \ 3312 -s "Protocol is TLSv1.3" \ 3313 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3314 -s "received signature algorithm: 0x403" \ 3315 -s "got named group: secp384r1(0018)" \ 3316 -s "Certificate verification was skipped" \ 3317 -C "received HelloRetryRequest message" 3318 3319 requires_config_enabled MBEDTLS_SSL_SRV_C 3320 requires_config_enabled MBEDTLS_DEBUG_C 3321 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3322 requires_config_enabled PSA_WANT_ALG_ECDH 3323 requires_gnutls_tls1_3 3324 requires_gnutls_next_no_ticket 3325 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 3326 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3327 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 3328 0 \ 3329 -s "Protocol is TLSv1.3" \ 3330 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3331 -s "received signature algorithm: 0x503" \ 3332 -s "got named group: secp384r1(0018)" \ 3333 -s "Certificate verification was skipped" \ 3334 -C "received HelloRetryRequest message" 3335 3336 requires_config_enabled MBEDTLS_SSL_SRV_C 3337 requires_config_enabled MBEDTLS_DEBUG_C 3338 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3339 requires_config_enabled PSA_WANT_ALG_ECDH 3340 requires_gnutls_tls1_3 3341 requires_gnutls_next_no_ticket 3342 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 3343 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3344 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 3345 0 \ 3346 -s "Protocol is TLSv1.3" \ 3347 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3348 -s "received signature algorithm: 0x603" \ 3349 -s "got named group: secp384r1(0018)" \ 3350 -s "Certificate verification was skipped" \ 3351 -C "received HelloRetryRequest message" 3352 3353 requires_config_enabled MBEDTLS_SSL_SRV_C 3354 requires_config_enabled MBEDTLS_DEBUG_C 3355 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3356 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3357 requires_config_enabled PSA_WANT_ALG_ECDH 3358 requires_gnutls_tls1_3 3359 requires_gnutls_next_no_ticket 3360 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 3361 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3362 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 3363 0 \ 3364 -s "Protocol is TLSv1.3" \ 3365 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3366 -s "received signature algorithm: 0x804" \ 3367 -s "got named group: secp384r1(0018)" \ 3368 -s "Certificate verification was skipped" \ 3369 -C "received HelloRetryRequest message" 3370 3371 requires_config_enabled MBEDTLS_SSL_SRV_C 3372 requires_config_enabled MBEDTLS_DEBUG_C 3373 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3374 requires_config_enabled PSA_WANT_ALG_ECDH 3375 requires_gnutls_tls1_3 3376 requires_gnutls_next_no_ticket 3377 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 3378 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3379 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 3380 0 \ 3381 -s "Protocol is TLSv1.3" \ 3382 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3383 -s "received signature algorithm: 0x403" \ 3384 -s "got named group: secp521r1(0019)" \ 3385 -s "Certificate verification was skipped" \ 3386 -C "received HelloRetryRequest message" 3387 3388 requires_config_enabled MBEDTLS_SSL_SRV_C 3389 requires_config_enabled MBEDTLS_DEBUG_C 3390 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3391 requires_config_enabled PSA_WANT_ALG_ECDH 3392 requires_gnutls_tls1_3 3393 requires_gnutls_next_no_ticket 3394 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 3395 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3396 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 3397 0 \ 3398 -s "Protocol is TLSv1.3" \ 3399 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3400 -s "received signature algorithm: 0x503" \ 3401 -s "got named group: secp521r1(0019)" \ 3402 -s "Certificate verification was skipped" \ 3403 -C "received HelloRetryRequest message" 3404 3405 requires_config_enabled MBEDTLS_SSL_SRV_C 3406 requires_config_enabled MBEDTLS_DEBUG_C 3407 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3408 requires_config_enabled PSA_WANT_ALG_ECDH 3409 requires_gnutls_tls1_3 3410 requires_gnutls_next_no_ticket 3411 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 3412 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3413 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 3414 0 \ 3415 -s "Protocol is TLSv1.3" \ 3416 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3417 -s "received signature algorithm: 0x603" \ 3418 -s "got named group: secp521r1(0019)" \ 3419 -s "Certificate verification was skipped" \ 3420 -C "received HelloRetryRequest message" 3421 3422 requires_config_enabled MBEDTLS_SSL_SRV_C 3423 requires_config_enabled MBEDTLS_DEBUG_C 3424 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3425 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3426 requires_config_enabled PSA_WANT_ALG_ECDH 3427 requires_gnutls_tls1_3 3428 requires_gnutls_next_no_ticket 3429 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 3430 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3431 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 3432 0 \ 3433 -s "Protocol is TLSv1.3" \ 3434 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3435 -s "received signature algorithm: 0x804" \ 3436 -s "got named group: secp521r1(0019)" \ 3437 -s "Certificate verification was skipped" \ 3438 -C "received HelloRetryRequest message" 3439 3440 requires_config_enabled MBEDTLS_SSL_SRV_C 3441 requires_config_enabled MBEDTLS_DEBUG_C 3442 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3443 requires_config_enabled PSA_WANT_ALG_ECDH 3444 requires_gnutls_tls1_3 3445 requires_gnutls_next_no_ticket 3446 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ 3447 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3448 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3449 0 \ 3450 -s "Protocol is TLSv1.3" \ 3451 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3452 -s "received signature algorithm: 0x403" \ 3453 -s "got named group: x25519(001d)" \ 3454 -s "Certificate verification was skipped" \ 3455 -C "received HelloRetryRequest message" 3456 3457 requires_config_enabled MBEDTLS_SSL_SRV_C 3458 requires_config_enabled MBEDTLS_DEBUG_C 3459 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3460 requires_config_enabled PSA_WANT_ALG_ECDH 3461 requires_gnutls_tls1_3 3462 requires_gnutls_next_no_ticket 3463 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ 3464 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3465 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3466 0 \ 3467 -s "Protocol is TLSv1.3" \ 3468 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3469 -s "received signature algorithm: 0x503" \ 3470 -s "got named group: x25519(001d)" \ 3471 -s "Certificate verification was skipped" \ 3472 -C "received HelloRetryRequest message" 3473 3474 requires_config_enabled MBEDTLS_SSL_SRV_C 3475 requires_config_enabled MBEDTLS_DEBUG_C 3476 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3477 requires_config_enabled PSA_WANT_ALG_ECDH 3478 requires_gnutls_tls1_3 3479 requires_gnutls_next_no_ticket 3480 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ 3481 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3482 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3483 0 \ 3484 -s "Protocol is TLSv1.3" \ 3485 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3486 -s "received signature algorithm: 0x603" \ 3487 -s "got named group: x25519(001d)" \ 3488 -s "Certificate verification was skipped" \ 3489 -C "received HelloRetryRequest message" 3490 3491 requires_config_enabled MBEDTLS_SSL_SRV_C 3492 requires_config_enabled MBEDTLS_DEBUG_C 3493 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3494 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3495 requires_config_enabled PSA_WANT_ALG_ECDH 3496 requires_gnutls_tls1_3 3497 requires_gnutls_next_no_ticket 3498 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ 3499 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3500 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3501 0 \ 3502 -s "Protocol is TLSv1.3" \ 3503 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3504 -s "received signature algorithm: 0x804" \ 3505 -s "got named group: x25519(001d)" \ 3506 -s "Certificate verification was skipped" \ 3507 -C "received HelloRetryRequest message" 3508 3509 requires_config_enabled MBEDTLS_SSL_SRV_C 3510 requires_config_enabled MBEDTLS_DEBUG_C 3511 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3512 requires_config_enabled PSA_WANT_ALG_ECDH 3513 requires_gnutls_tls1_3 3514 requires_gnutls_next_no_ticket 3515 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ 3516 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3517 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3518 0 \ 3519 -s "Protocol is TLSv1.3" \ 3520 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3521 -s "received signature algorithm: 0x403" \ 3522 -s "got named group: x448(001e)" \ 3523 -s "Certificate verification was skipped" \ 3524 -C "received HelloRetryRequest message" 3525 3526 requires_config_enabled MBEDTLS_SSL_SRV_C 3527 requires_config_enabled MBEDTLS_DEBUG_C 3528 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3529 requires_config_enabled PSA_WANT_ALG_ECDH 3530 requires_gnutls_tls1_3 3531 requires_gnutls_next_no_ticket 3532 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ 3533 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3534 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3535 0 \ 3536 -s "Protocol is TLSv1.3" \ 3537 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3538 -s "received signature algorithm: 0x503" \ 3539 -s "got named group: x448(001e)" \ 3540 -s "Certificate verification was skipped" \ 3541 -C "received HelloRetryRequest message" 3542 3543 requires_config_enabled MBEDTLS_SSL_SRV_C 3544 requires_config_enabled MBEDTLS_DEBUG_C 3545 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3546 requires_config_enabled PSA_WANT_ALG_ECDH 3547 requires_gnutls_tls1_3 3548 requires_gnutls_next_no_ticket 3549 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ 3550 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3551 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3552 0 \ 3553 -s "Protocol is TLSv1.3" \ 3554 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3555 -s "received signature algorithm: 0x603" \ 3556 -s "got named group: x448(001e)" \ 3557 -s "Certificate verification was skipped" \ 3558 -C "received HelloRetryRequest message" 3559 3560 requires_config_enabled MBEDTLS_SSL_SRV_C 3561 requires_config_enabled MBEDTLS_DEBUG_C 3562 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3563 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3564 requires_config_enabled PSA_WANT_ALG_ECDH 3565 requires_gnutls_tls1_3 3566 requires_gnutls_next_no_ticket 3567 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ 3568 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3569 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3570 0 \ 3571 -s "Protocol is TLSv1.3" \ 3572 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3573 -s "received signature algorithm: 0x804" \ 3574 -s "got named group: x448(001e)" \ 3575 -s "Certificate verification was skipped" \ 3576 -C "received HelloRetryRequest message" 3577 3578 requires_config_enabled MBEDTLS_SSL_SRV_C 3579 requires_config_enabled MBEDTLS_DEBUG_C 3580 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3581 requires_config_enabled PSA_WANT_ALG_FFDH 3582 requires_config_enabled PSA_WANT_DH_RFC7919_2048 3583 requires_gnutls_tls1_3 3584 requires_gnutls_next_no_ticket 3585 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 3586 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3587 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 3588 0 \ 3589 -s "Protocol is TLSv1.3" \ 3590 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3591 -s "received signature algorithm: 0x403" \ 3592 -s "got named group: ffdhe2048(0100)" \ 3593 -s "Certificate verification was skipped" \ 3594 -C "received HelloRetryRequest message" 3595 3596 requires_config_enabled MBEDTLS_SSL_SRV_C 3597 requires_config_enabled MBEDTLS_DEBUG_C 3598 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3599 requires_config_enabled PSA_WANT_ALG_FFDH 3600 requires_config_enabled PSA_WANT_DH_RFC7919_2048 3601 requires_gnutls_tls1_3 3602 requires_gnutls_next_no_ticket 3603 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 3604 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3605 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 3606 0 \ 3607 -s "Protocol is TLSv1.3" \ 3608 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3609 -s "received signature algorithm: 0x503" \ 3610 -s "got named group: ffdhe2048(0100)" \ 3611 -s "Certificate verification was skipped" \ 3612 -C "received HelloRetryRequest message" 3613 3614 requires_config_enabled MBEDTLS_SSL_SRV_C 3615 requires_config_enabled MBEDTLS_DEBUG_C 3616 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3617 requires_config_enabled PSA_WANT_ALG_FFDH 3618 requires_config_enabled PSA_WANT_DH_RFC7919_2048 3619 requires_gnutls_tls1_3 3620 requires_gnutls_next_no_ticket 3621 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 3622 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3623 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 3624 0 \ 3625 -s "Protocol is TLSv1.3" \ 3626 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3627 -s "received signature algorithm: 0x603" \ 3628 -s "got named group: ffdhe2048(0100)" \ 3629 -s "Certificate verification was skipped" \ 3630 -C "received HelloRetryRequest message" 3631 3632 requires_config_enabled MBEDTLS_SSL_SRV_C 3633 requires_config_enabled MBEDTLS_DEBUG_C 3634 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3635 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3636 requires_config_enabled PSA_WANT_ALG_FFDH 3637 requires_config_enabled PSA_WANT_DH_RFC7919_2048 3638 requires_gnutls_tls1_3 3639 requires_gnutls_next_no_ticket 3640 run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 3641 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3642 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 3643 0 \ 3644 -s "Protocol is TLSv1.3" \ 3645 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 3646 -s "received signature algorithm: 0x804" \ 3647 -s "got named group: ffdhe2048(0100)" \ 3648 -s "Certificate verification was skipped" \ 3649 -C "received HelloRetryRequest message" 3650 3651 requires_config_enabled MBEDTLS_SSL_SRV_C 3652 requires_config_enabled MBEDTLS_DEBUG_C 3653 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3654 requires_config_enabled PSA_WANT_ALG_ECDH 3655 requires_gnutls_tls1_3 3656 requires_gnutls_next_no_ticket 3657 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 3658 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3659 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 3660 0 \ 3661 -s "Protocol is TLSv1.3" \ 3662 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3663 -s "received signature algorithm: 0x403" \ 3664 -s "got named group: secp256r1(0017)" \ 3665 -s "Certificate verification was skipped" \ 3666 -C "received HelloRetryRequest message" 3667 3668 requires_config_enabled MBEDTLS_SSL_SRV_C 3669 requires_config_enabled MBEDTLS_DEBUG_C 3670 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3671 requires_config_enabled PSA_WANT_ALG_ECDH 3672 requires_gnutls_tls1_3 3673 requires_gnutls_next_no_ticket 3674 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 3675 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3676 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 3677 0 \ 3678 -s "Protocol is TLSv1.3" \ 3679 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3680 -s "received signature algorithm: 0x503" \ 3681 -s "got named group: secp256r1(0017)" \ 3682 -s "Certificate verification was skipped" \ 3683 -C "received HelloRetryRequest message" 3684 3685 requires_config_enabled MBEDTLS_SSL_SRV_C 3686 requires_config_enabled MBEDTLS_DEBUG_C 3687 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3688 requires_config_enabled PSA_WANT_ALG_ECDH 3689 requires_gnutls_tls1_3 3690 requires_gnutls_next_no_ticket 3691 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 3692 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3693 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 3694 0 \ 3695 -s "Protocol is TLSv1.3" \ 3696 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3697 -s "received signature algorithm: 0x603" \ 3698 -s "got named group: secp256r1(0017)" \ 3699 -s "Certificate verification was skipped" \ 3700 -C "received HelloRetryRequest message" 3701 3702 requires_config_enabled MBEDTLS_SSL_SRV_C 3703 requires_config_enabled MBEDTLS_DEBUG_C 3704 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3705 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3706 requires_config_enabled PSA_WANT_ALG_ECDH 3707 requires_gnutls_tls1_3 3708 requires_gnutls_next_no_ticket 3709 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 3710 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3711 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 3712 0 \ 3713 -s "Protocol is TLSv1.3" \ 3714 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3715 -s "received signature algorithm: 0x804" \ 3716 -s "got named group: secp256r1(0017)" \ 3717 -s "Certificate verification was skipped" \ 3718 -C "received HelloRetryRequest message" 3719 3720 requires_config_enabled MBEDTLS_SSL_SRV_C 3721 requires_config_enabled MBEDTLS_DEBUG_C 3722 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3723 requires_config_enabled PSA_WANT_ALG_ECDH 3724 requires_gnutls_tls1_3 3725 requires_gnutls_next_no_ticket 3726 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 3727 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3728 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 3729 0 \ 3730 -s "Protocol is TLSv1.3" \ 3731 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3732 -s "received signature algorithm: 0x403" \ 3733 -s "got named group: secp384r1(0018)" \ 3734 -s "Certificate verification was skipped" \ 3735 -C "received HelloRetryRequest message" 3736 3737 requires_config_enabled MBEDTLS_SSL_SRV_C 3738 requires_config_enabled MBEDTLS_DEBUG_C 3739 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3740 requires_config_enabled PSA_WANT_ALG_ECDH 3741 requires_gnutls_tls1_3 3742 requires_gnutls_next_no_ticket 3743 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 3744 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3745 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 3746 0 \ 3747 -s "Protocol is TLSv1.3" \ 3748 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3749 -s "received signature algorithm: 0x503" \ 3750 -s "got named group: secp384r1(0018)" \ 3751 -s "Certificate verification was skipped" \ 3752 -C "received HelloRetryRequest message" 3753 3754 requires_config_enabled MBEDTLS_SSL_SRV_C 3755 requires_config_enabled MBEDTLS_DEBUG_C 3756 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3757 requires_config_enabled PSA_WANT_ALG_ECDH 3758 requires_gnutls_tls1_3 3759 requires_gnutls_next_no_ticket 3760 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 3761 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3762 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 3763 0 \ 3764 -s "Protocol is TLSv1.3" \ 3765 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3766 -s "received signature algorithm: 0x603" \ 3767 -s "got named group: secp384r1(0018)" \ 3768 -s "Certificate verification was skipped" \ 3769 -C "received HelloRetryRequest message" 3770 3771 requires_config_enabled MBEDTLS_SSL_SRV_C 3772 requires_config_enabled MBEDTLS_DEBUG_C 3773 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3774 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3775 requires_config_enabled PSA_WANT_ALG_ECDH 3776 requires_gnutls_tls1_3 3777 requires_gnutls_next_no_ticket 3778 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 3779 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3780 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 3781 0 \ 3782 -s "Protocol is TLSv1.3" \ 3783 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3784 -s "received signature algorithm: 0x804" \ 3785 -s "got named group: secp384r1(0018)" \ 3786 -s "Certificate verification was skipped" \ 3787 -C "received HelloRetryRequest message" 3788 3789 requires_config_enabled MBEDTLS_SSL_SRV_C 3790 requires_config_enabled MBEDTLS_DEBUG_C 3791 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3792 requires_config_enabled PSA_WANT_ALG_ECDH 3793 requires_gnutls_tls1_3 3794 requires_gnutls_next_no_ticket 3795 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 3796 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3797 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 3798 0 \ 3799 -s "Protocol is TLSv1.3" \ 3800 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3801 -s "received signature algorithm: 0x403" \ 3802 -s "got named group: secp521r1(0019)" \ 3803 -s "Certificate verification was skipped" \ 3804 -C "received HelloRetryRequest message" 3805 3806 requires_config_enabled MBEDTLS_SSL_SRV_C 3807 requires_config_enabled MBEDTLS_DEBUG_C 3808 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3809 requires_config_enabled PSA_WANT_ALG_ECDH 3810 requires_gnutls_tls1_3 3811 requires_gnutls_next_no_ticket 3812 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 3813 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3814 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 3815 0 \ 3816 -s "Protocol is TLSv1.3" \ 3817 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3818 -s "received signature algorithm: 0x503" \ 3819 -s "got named group: secp521r1(0019)" \ 3820 -s "Certificate verification was skipped" \ 3821 -C "received HelloRetryRequest message" 3822 3823 requires_config_enabled MBEDTLS_SSL_SRV_C 3824 requires_config_enabled MBEDTLS_DEBUG_C 3825 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3826 requires_config_enabled PSA_WANT_ALG_ECDH 3827 requires_gnutls_tls1_3 3828 requires_gnutls_next_no_ticket 3829 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 3830 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3831 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 3832 0 \ 3833 -s "Protocol is TLSv1.3" \ 3834 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3835 -s "received signature algorithm: 0x603" \ 3836 -s "got named group: secp521r1(0019)" \ 3837 -s "Certificate verification was skipped" \ 3838 -C "received HelloRetryRequest message" 3839 3840 requires_config_enabled MBEDTLS_SSL_SRV_C 3841 requires_config_enabled MBEDTLS_DEBUG_C 3842 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3843 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3844 requires_config_enabled PSA_WANT_ALG_ECDH 3845 requires_gnutls_tls1_3 3846 requires_gnutls_next_no_ticket 3847 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 3848 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3849 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 3850 0 \ 3851 -s "Protocol is TLSv1.3" \ 3852 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3853 -s "received signature algorithm: 0x804" \ 3854 -s "got named group: secp521r1(0019)" \ 3855 -s "Certificate verification was skipped" \ 3856 -C "received HelloRetryRequest message" 3857 3858 requires_config_enabled MBEDTLS_SSL_SRV_C 3859 requires_config_enabled MBEDTLS_DEBUG_C 3860 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3861 requires_config_enabled PSA_WANT_ALG_ECDH 3862 requires_gnutls_tls1_3 3863 requires_gnutls_next_no_ticket 3864 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ 3865 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3866 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3867 0 \ 3868 -s "Protocol is TLSv1.3" \ 3869 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3870 -s "received signature algorithm: 0x403" \ 3871 -s "got named group: x25519(001d)" \ 3872 -s "Certificate verification was skipped" \ 3873 -C "received HelloRetryRequest message" 3874 3875 requires_config_enabled MBEDTLS_SSL_SRV_C 3876 requires_config_enabled MBEDTLS_DEBUG_C 3877 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3878 requires_config_enabled PSA_WANT_ALG_ECDH 3879 requires_gnutls_tls1_3 3880 requires_gnutls_next_no_ticket 3881 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ 3882 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3883 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3884 0 \ 3885 -s "Protocol is TLSv1.3" \ 3886 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3887 -s "received signature algorithm: 0x503" \ 3888 -s "got named group: x25519(001d)" \ 3889 -s "Certificate verification was skipped" \ 3890 -C "received HelloRetryRequest message" 3891 3892 requires_config_enabled MBEDTLS_SSL_SRV_C 3893 requires_config_enabled MBEDTLS_DEBUG_C 3894 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3895 requires_config_enabled PSA_WANT_ALG_ECDH 3896 requires_gnutls_tls1_3 3897 requires_gnutls_next_no_ticket 3898 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ 3899 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3900 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3901 0 \ 3902 -s "Protocol is TLSv1.3" \ 3903 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3904 -s "received signature algorithm: 0x603" \ 3905 -s "got named group: x25519(001d)" \ 3906 -s "Certificate verification was skipped" \ 3907 -C "received HelloRetryRequest message" 3908 3909 requires_config_enabled MBEDTLS_SSL_SRV_C 3910 requires_config_enabled MBEDTLS_DEBUG_C 3911 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3912 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3913 requires_config_enabled PSA_WANT_ALG_ECDH 3914 requires_gnutls_tls1_3 3915 requires_gnutls_next_no_ticket 3916 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ 3917 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3918 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 3919 0 \ 3920 -s "Protocol is TLSv1.3" \ 3921 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3922 -s "received signature algorithm: 0x804" \ 3923 -s "got named group: x25519(001d)" \ 3924 -s "Certificate verification was skipped" \ 3925 -C "received HelloRetryRequest message" 3926 3927 requires_config_enabled MBEDTLS_SSL_SRV_C 3928 requires_config_enabled MBEDTLS_DEBUG_C 3929 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3930 requires_config_enabled PSA_WANT_ALG_ECDH 3931 requires_gnutls_tls1_3 3932 requires_gnutls_next_no_ticket 3933 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ 3934 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3935 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3936 0 \ 3937 -s "Protocol is TLSv1.3" \ 3938 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3939 -s "received signature algorithm: 0x403" \ 3940 -s "got named group: x448(001e)" \ 3941 -s "Certificate verification was skipped" \ 3942 -C "received HelloRetryRequest message" 3943 3944 requires_config_enabled MBEDTLS_SSL_SRV_C 3945 requires_config_enabled MBEDTLS_DEBUG_C 3946 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3947 requires_config_enabled PSA_WANT_ALG_ECDH 3948 requires_gnutls_tls1_3 3949 requires_gnutls_next_no_ticket 3950 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ 3951 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3952 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3953 0 \ 3954 -s "Protocol is TLSv1.3" \ 3955 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3956 -s "received signature algorithm: 0x503" \ 3957 -s "got named group: x448(001e)" \ 3958 -s "Certificate verification was skipped" \ 3959 -C "received HelloRetryRequest message" 3960 3961 requires_config_enabled MBEDTLS_SSL_SRV_C 3962 requires_config_enabled MBEDTLS_DEBUG_C 3963 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3964 requires_config_enabled PSA_WANT_ALG_ECDH 3965 requires_gnutls_tls1_3 3966 requires_gnutls_next_no_ticket 3967 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ 3968 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3969 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3970 0 \ 3971 -s "Protocol is TLSv1.3" \ 3972 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3973 -s "received signature algorithm: 0x603" \ 3974 -s "got named group: x448(001e)" \ 3975 -s "Certificate verification was skipped" \ 3976 -C "received HelloRetryRequest message" 3977 3978 requires_config_enabled MBEDTLS_SSL_SRV_C 3979 requires_config_enabled MBEDTLS_DEBUG_C 3980 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3981 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 3982 requires_config_enabled PSA_WANT_ALG_ECDH 3983 requires_gnutls_tls1_3 3984 requires_gnutls_next_no_ticket 3985 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ 3986 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 3987 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 3988 0 \ 3989 -s "Protocol is TLSv1.3" \ 3990 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 3991 -s "received signature algorithm: 0x804" \ 3992 -s "got named group: x448(001e)" \ 3993 -s "Certificate verification was skipped" \ 3994 -C "received HelloRetryRequest message" 3995 3996 requires_config_enabled MBEDTLS_SSL_SRV_C 3997 requires_config_enabled MBEDTLS_DEBUG_C 3998 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 3999 requires_config_enabled PSA_WANT_ALG_FFDH 4000 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4001 requires_gnutls_tls1_3 4002 requires_gnutls_next_no_ticket 4003 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 4004 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 4005 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 4006 0 \ 4007 -s "Protocol is TLSv1.3" \ 4008 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 4009 -s "received signature algorithm: 0x403" \ 4010 -s "got named group: ffdhe2048(0100)" \ 4011 -s "Certificate verification was skipped" \ 4012 -C "received HelloRetryRequest message" 4013 4014 requires_config_enabled MBEDTLS_SSL_SRV_C 4015 requires_config_enabled MBEDTLS_DEBUG_C 4016 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4017 requires_config_enabled PSA_WANT_ALG_FFDH 4018 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4019 requires_gnutls_tls1_3 4020 requires_gnutls_next_no_ticket 4021 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 4022 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 4023 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 4024 0 \ 4025 -s "Protocol is TLSv1.3" \ 4026 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 4027 -s "received signature algorithm: 0x503" \ 4028 -s "got named group: ffdhe2048(0100)" \ 4029 -s "Certificate verification was skipped" \ 4030 -C "received HelloRetryRequest message" 4031 4032 requires_config_enabled MBEDTLS_SSL_SRV_C 4033 requires_config_enabled MBEDTLS_DEBUG_C 4034 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4035 requires_config_enabled PSA_WANT_ALG_FFDH 4036 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4037 requires_gnutls_tls1_3 4038 requires_gnutls_next_no_ticket 4039 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 4040 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 4041 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 4042 0 \ 4043 -s "Protocol is TLSv1.3" \ 4044 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 4045 -s "received signature algorithm: 0x603" \ 4046 -s "got named group: ffdhe2048(0100)" \ 4047 -s "Certificate verification was skipped" \ 4048 -C "received HelloRetryRequest message" 4049 4050 requires_config_enabled MBEDTLS_SSL_SRV_C 4051 requires_config_enabled MBEDTLS_DEBUG_C 4052 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4053 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4054 requires_config_enabled PSA_WANT_ALG_FFDH 4055 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4056 requires_gnutls_tls1_3 4057 requires_gnutls_next_no_ticket 4058 run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 4059 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 4060 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 4061 0 \ 4062 -s "Protocol is TLSv1.3" \ 4063 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 4064 -s "received signature algorithm: 0x804" \ 4065 -s "got named group: ffdhe2048(0100)" \ 4066 -s "Certificate verification was skipped" \ 4067 -C "received HelloRetryRequest message" 4068 4069 requires_openssl_tls1_3 4070 requires_config_enabled MBEDTLS_SSL_CLI_C 4071 requires_config_enabled MBEDTLS_DEBUG_C 4072 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4073 requires_config_enabled PSA_WANT_ALG_ECDH 4074 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 4075 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4076 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 4077 0 \ 4078 -c "HTTP/1.0 200 ok" \ 4079 -c "Protocol is TLSv1.3" \ 4080 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4081 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4082 -c "NamedGroup: secp256r1 ( 17 )" \ 4083 -c "Verifying peer X.509 certificate... ok" \ 4084 -C "received HelloRetryRequest message" 4085 4086 requires_openssl_tls1_3 4087 requires_config_enabled MBEDTLS_SSL_CLI_C 4088 requires_config_enabled MBEDTLS_DEBUG_C 4089 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4090 requires_config_enabled PSA_WANT_ALG_ECDH 4091 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 4092 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4093 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 4094 0 \ 4095 -c "HTTP/1.0 200 ok" \ 4096 -c "Protocol is TLSv1.3" \ 4097 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4098 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4099 -c "NamedGroup: secp256r1 ( 17 )" \ 4100 -c "Verifying peer X.509 certificate... ok" \ 4101 -C "received HelloRetryRequest message" 4102 4103 requires_openssl_tls1_3 4104 requires_config_enabled MBEDTLS_SSL_CLI_C 4105 requires_config_enabled MBEDTLS_DEBUG_C 4106 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4107 requires_config_enabled PSA_WANT_ALG_ECDH 4108 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 4109 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4110 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 4111 0 \ 4112 -c "HTTP/1.0 200 ok" \ 4113 -c "Protocol is TLSv1.3" \ 4114 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4115 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4116 -c "NamedGroup: secp256r1 ( 17 )" \ 4117 -c "Verifying peer X.509 certificate... ok" \ 4118 -C "received HelloRetryRequest message" 4119 4120 requires_openssl_tls1_3 4121 requires_config_enabled MBEDTLS_SSL_CLI_C 4122 requires_config_enabled MBEDTLS_DEBUG_C 4123 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4124 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4125 requires_config_enabled PSA_WANT_ALG_ECDH 4126 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 4127 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4128 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 4129 0 \ 4130 -c "HTTP/1.0 200 ok" \ 4131 -c "Protocol is TLSv1.3" \ 4132 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4133 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4134 -c "NamedGroup: secp256r1 ( 17 )" \ 4135 -c "Verifying peer X.509 certificate... ok" \ 4136 -C "received HelloRetryRequest message" 4137 4138 requires_openssl_tls1_3 4139 requires_config_enabled MBEDTLS_SSL_CLI_C 4140 requires_config_enabled MBEDTLS_DEBUG_C 4141 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4142 requires_config_enabled PSA_WANT_ALG_ECDH 4143 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 4144 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4145 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 4146 0 \ 4147 -c "HTTP/1.0 200 ok" \ 4148 -c "Protocol is TLSv1.3" \ 4149 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4150 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4151 -c "NamedGroup: secp384r1 ( 18 )" \ 4152 -c "Verifying peer X.509 certificate... ok" \ 4153 -C "received HelloRetryRequest message" 4154 4155 requires_openssl_tls1_3 4156 requires_config_enabled MBEDTLS_SSL_CLI_C 4157 requires_config_enabled MBEDTLS_DEBUG_C 4158 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4159 requires_config_enabled PSA_WANT_ALG_ECDH 4160 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 4161 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4162 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 4163 0 \ 4164 -c "HTTP/1.0 200 ok" \ 4165 -c "Protocol is TLSv1.3" \ 4166 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4167 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4168 -c "NamedGroup: secp384r1 ( 18 )" \ 4169 -c "Verifying peer X.509 certificate... ok" \ 4170 -C "received HelloRetryRequest message" 4171 4172 requires_openssl_tls1_3 4173 requires_config_enabled MBEDTLS_SSL_CLI_C 4174 requires_config_enabled MBEDTLS_DEBUG_C 4175 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4176 requires_config_enabled PSA_WANT_ALG_ECDH 4177 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 4178 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4179 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 4180 0 \ 4181 -c "HTTP/1.0 200 ok" \ 4182 -c "Protocol is TLSv1.3" \ 4183 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4184 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4185 -c "NamedGroup: secp384r1 ( 18 )" \ 4186 -c "Verifying peer X.509 certificate... ok" \ 4187 -C "received HelloRetryRequest message" 4188 4189 requires_openssl_tls1_3 4190 requires_config_enabled MBEDTLS_SSL_CLI_C 4191 requires_config_enabled MBEDTLS_DEBUG_C 4192 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4193 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4194 requires_config_enabled PSA_WANT_ALG_ECDH 4195 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 4196 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4197 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 4198 0 \ 4199 -c "HTTP/1.0 200 ok" \ 4200 -c "Protocol is TLSv1.3" \ 4201 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4202 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4203 -c "NamedGroup: secp384r1 ( 18 )" \ 4204 -c "Verifying peer X.509 certificate... ok" \ 4205 -C "received HelloRetryRequest message" 4206 4207 requires_openssl_tls1_3 4208 requires_config_enabled MBEDTLS_SSL_CLI_C 4209 requires_config_enabled MBEDTLS_DEBUG_C 4210 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4211 requires_config_enabled PSA_WANT_ALG_ECDH 4212 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 4213 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4214 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 4215 0 \ 4216 -c "HTTP/1.0 200 ok" \ 4217 -c "Protocol is TLSv1.3" \ 4218 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4219 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4220 -c "NamedGroup: secp521r1 ( 19 )" \ 4221 -c "Verifying peer X.509 certificate... ok" \ 4222 -C "received HelloRetryRequest message" 4223 4224 requires_openssl_tls1_3 4225 requires_config_enabled MBEDTLS_SSL_CLI_C 4226 requires_config_enabled MBEDTLS_DEBUG_C 4227 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4228 requires_config_enabled PSA_WANT_ALG_ECDH 4229 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 4230 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4231 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 4232 0 \ 4233 -c "HTTP/1.0 200 ok" \ 4234 -c "Protocol is TLSv1.3" \ 4235 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4236 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4237 -c "NamedGroup: secp521r1 ( 19 )" \ 4238 -c "Verifying peer X.509 certificate... ok" \ 4239 -C "received HelloRetryRequest message" 4240 4241 requires_openssl_tls1_3 4242 requires_config_enabled MBEDTLS_SSL_CLI_C 4243 requires_config_enabled MBEDTLS_DEBUG_C 4244 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4245 requires_config_enabled PSA_WANT_ALG_ECDH 4246 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 4247 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4248 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 4249 0 \ 4250 -c "HTTP/1.0 200 ok" \ 4251 -c "Protocol is TLSv1.3" \ 4252 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4253 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4254 -c "NamedGroup: secp521r1 ( 19 )" \ 4255 -c "Verifying peer X.509 certificate... ok" \ 4256 -C "received HelloRetryRequest message" 4257 4258 requires_openssl_tls1_3 4259 requires_config_enabled MBEDTLS_SSL_CLI_C 4260 requires_config_enabled MBEDTLS_DEBUG_C 4261 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4262 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4263 requires_config_enabled PSA_WANT_ALG_ECDH 4264 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 4265 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4266 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 4267 0 \ 4268 -c "HTTP/1.0 200 ok" \ 4269 -c "Protocol is TLSv1.3" \ 4270 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4271 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4272 -c "NamedGroup: secp521r1 ( 19 )" \ 4273 -c "Verifying peer X.509 certificate... ok" \ 4274 -C "received HelloRetryRequest message" 4275 4276 requires_openssl_tls1_3 4277 requires_config_enabled MBEDTLS_SSL_CLI_C 4278 requires_config_enabled MBEDTLS_DEBUG_C 4279 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4280 requires_config_enabled PSA_WANT_ALG_ECDH 4281 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ 4282 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4283 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 4284 0 \ 4285 -c "HTTP/1.0 200 ok" \ 4286 -c "Protocol is TLSv1.3" \ 4287 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4288 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4289 -c "NamedGroup: x25519 ( 1d )" \ 4290 -c "Verifying peer X.509 certificate... ok" \ 4291 -C "received HelloRetryRequest message" 4292 4293 requires_openssl_tls1_3 4294 requires_config_enabled MBEDTLS_SSL_CLI_C 4295 requires_config_enabled MBEDTLS_DEBUG_C 4296 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4297 requires_config_enabled PSA_WANT_ALG_ECDH 4298 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ 4299 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4300 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 4301 0 \ 4302 -c "HTTP/1.0 200 ok" \ 4303 -c "Protocol is TLSv1.3" \ 4304 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4305 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4306 -c "NamedGroup: x25519 ( 1d )" \ 4307 -c "Verifying peer X.509 certificate... ok" \ 4308 -C "received HelloRetryRequest message" 4309 4310 requires_openssl_tls1_3 4311 requires_config_enabled MBEDTLS_SSL_CLI_C 4312 requires_config_enabled MBEDTLS_DEBUG_C 4313 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4314 requires_config_enabled PSA_WANT_ALG_ECDH 4315 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ 4316 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4317 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 4318 0 \ 4319 -c "HTTP/1.0 200 ok" \ 4320 -c "Protocol is TLSv1.3" \ 4321 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4322 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4323 -c "NamedGroup: x25519 ( 1d )" \ 4324 -c "Verifying peer X.509 certificate... ok" \ 4325 -C "received HelloRetryRequest message" 4326 4327 requires_openssl_tls1_3 4328 requires_config_enabled MBEDTLS_SSL_CLI_C 4329 requires_config_enabled MBEDTLS_DEBUG_C 4330 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4331 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4332 requires_config_enabled PSA_WANT_ALG_ECDH 4333 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ 4334 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4335 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 4336 0 \ 4337 -c "HTTP/1.0 200 ok" \ 4338 -c "Protocol is TLSv1.3" \ 4339 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4340 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4341 -c "NamedGroup: x25519 ( 1d )" \ 4342 -c "Verifying peer X.509 certificate... ok" \ 4343 -C "received HelloRetryRequest message" 4344 4345 requires_openssl_tls1_3 4346 requires_config_enabled MBEDTLS_SSL_CLI_C 4347 requires_config_enabled MBEDTLS_DEBUG_C 4348 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4349 requires_config_enabled PSA_WANT_ALG_ECDH 4350 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ 4351 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4352 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 4353 0 \ 4354 -c "HTTP/1.0 200 ok" \ 4355 -c "Protocol is TLSv1.3" \ 4356 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4357 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4358 -c "NamedGroup: x448 ( 1e )" \ 4359 -c "Verifying peer X.509 certificate... ok" \ 4360 -C "received HelloRetryRequest message" 4361 4362 requires_openssl_tls1_3 4363 requires_config_enabled MBEDTLS_SSL_CLI_C 4364 requires_config_enabled MBEDTLS_DEBUG_C 4365 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4366 requires_config_enabled PSA_WANT_ALG_ECDH 4367 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ 4368 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4369 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 4370 0 \ 4371 -c "HTTP/1.0 200 ok" \ 4372 -c "Protocol is TLSv1.3" \ 4373 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4374 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4375 -c "NamedGroup: x448 ( 1e )" \ 4376 -c "Verifying peer X.509 certificate... ok" \ 4377 -C "received HelloRetryRequest message" 4378 4379 requires_openssl_tls1_3 4380 requires_config_enabled MBEDTLS_SSL_CLI_C 4381 requires_config_enabled MBEDTLS_DEBUG_C 4382 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4383 requires_config_enabled PSA_WANT_ALG_ECDH 4384 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ 4385 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4386 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 4387 0 \ 4388 -c "HTTP/1.0 200 ok" \ 4389 -c "Protocol is TLSv1.3" \ 4390 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4391 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4392 -c "NamedGroup: x448 ( 1e )" \ 4393 -c "Verifying peer X.509 certificate... ok" \ 4394 -C "received HelloRetryRequest message" 4395 4396 requires_openssl_tls1_3 4397 requires_config_enabled MBEDTLS_SSL_CLI_C 4398 requires_config_enabled MBEDTLS_DEBUG_C 4399 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4400 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4401 requires_config_enabled PSA_WANT_ALG_ECDH 4402 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ 4403 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4404 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 4405 0 \ 4406 -c "HTTP/1.0 200 ok" \ 4407 -c "Protocol is TLSv1.3" \ 4408 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4409 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4410 -c "NamedGroup: x448 ( 1e )" \ 4411 -c "Verifying peer X.509 certificate... ok" \ 4412 -C "received HelloRetryRequest message" 4413 4414 requires_openssl_tls1_3_with_ffdh 4415 requires_config_enabled MBEDTLS_SSL_CLI_C 4416 requires_config_enabled MBEDTLS_DEBUG_C 4417 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4418 requires_config_enabled PSA_WANT_ALG_FFDH 4419 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4420 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 4421 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4422 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 4423 0 \ 4424 -c "HTTP/1.0 200 ok" \ 4425 -c "Protocol is TLSv1.3" \ 4426 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4427 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4428 -c "NamedGroup: ffdhe2048 ( 100 )" \ 4429 -c "Verifying peer X.509 certificate... ok" \ 4430 -C "received HelloRetryRequest message" 4431 4432 requires_openssl_tls1_3_with_ffdh 4433 requires_config_enabled MBEDTLS_SSL_CLI_C 4434 requires_config_enabled MBEDTLS_DEBUG_C 4435 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4436 requires_config_enabled PSA_WANT_ALG_FFDH 4437 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4438 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 4439 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4440 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 4441 0 \ 4442 -c "HTTP/1.0 200 ok" \ 4443 -c "Protocol is TLSv1.3" \ 4444 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4445 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4446 -c "NamedGroup: ffdhe2048 ( 100 )" \ 4447 -c "Verifying peer X.509 certificate... ok" \ 4448 -C "received HelloRetryRequest message" 4449 4450 requires_openssl_tls1_3_with_ffdh 4451 requires_config_enabled MBEDTLS_SSL_CLI_C 4452 requires_config_enabled MBEDTLS_DEBUG_C 4453 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4454 requires_config_enabled PSA_WANT_ALG_FFDH 4455 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4456 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 4457 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4458 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 4459 0 \ 4460 -c "HTTP/1.0 200 ok" \ 4461 -c "Protocol is TLSv1.3" \ 4462 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4463 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4464 -c "NamedGroup: ffdhe2048 ( 100 )" \ 4465 -c "Verifying peer X.509 certificate... ok" \ 4466 -C "received HelloRetryRequest message" 4467 4468 requires_openssl_tls1_3_with_ffdh 4469 requires_config_enabled MBEDTLS_SSL_CLI_C 4470 requires_config_enabled MBEDTLS_DEBUG_C 4471 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4472 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4473 requires_config_enabled PSA_WANT_ALG_FFDH 4474 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4475 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 4476 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4477 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 4478 0 \ 4479 -c "HTTP/1.0 200 ok" \ 4480 -c "Protocol is TLSv1.3" \ 4481 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 4482 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4483 -c "NamedGroup: ffdhe2048 ( 100 )" \ 4484 -c "Verifying peer X.509 certificate... ok" \ 4485 -C "received HelloRetryRequest message" 4486 4487 requires_openssl_tls1_3 4488 requires_config_enabled MBEDTLS_SSL_CLI_C 4489 requires_config_enabled MBEDTLS_DEBUG_C 4490 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4491 requires_config_enabled PSA_WANT_ALG_ECDH 4492 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ 4493 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4494 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 4495 0 \ 4496 -c "HTTP/1.0 200 ok" \ 4497 -c "Protocol is TLSv1.3" \ 4498 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4499 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4500 -c "NamedGroup: secp256r1 ( 17 )" \ 4501 -c "Verifying peer X.509 certificate... ok" \ 4502 -C "received HelloRetryRequest message" 4503 4504 requires_openssl_tls1_3 4505 requires_config_enabled MBEDTLS_SSL_CLI_C 4506 requires_config_enabled MBEDTLS_DEBUG_C 4507 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4508 requires_config_enabled PSA_WANT_ALG_ECDH 4509 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ 4510 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4511 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 4512 0 \ 4513 -c "HTTP/1.0 200 ok" \ 4514 -c "Protocol is TLSv1.3" \ 4515 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4516 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4517 -c "NamedGroup: secp256r1 ( 17 )" \ 4518 -c "Verifying peer X.509 certificate... ok" \ 4519 -C "received HelloRetryRequest message" 4520 4521 requires_openssl_tls1_3 4522 requires_config_enabled MBEDTLS_SSL_CLI_C 4523 requires_config_enabled MBEDTLS_DEBUG_C 4524 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4525 requires_config_enabled PSA_WANT_ALG_ECDH 4526 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ 4527 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4528 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 4529 0 \ 4530 -c "HTTP/1.0 200 ok" \ 4531 -c "Protocol is TLSv1.3" \ 4532 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4533 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4534 -c "NamedGroup: secp256r1 ( 17 )" \ 4535 -c "Verifying peer X.509 certificate... ok" \ 4536 -C "received HelloRetryRequest message" 4537 4538 requires_openssl_tls1_3 4539 requires_config_enabled MBEDTLS_SSL_CLI_C 4540 requires_config_enabled MBEDTLS_DEBUG_C 4541 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4542 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4543 requires_config_enabled PSA_WANT_ALG_ECDH 4544 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ 4545 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4546 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 4547 0 \ 4548 -c "HTTP/1.0 200 ok" \ 4549 -c "Protocol is TLSv1.3" \ 4550 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4551 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4552 -c "NamedGroup: secp256r1 ( 17 )" \ 4553 -c "Verifying peer X.509 certificate... ok" \ 4554 -C "received HelloRetryRequest message" 4555 4556 requires_openssl_tls1_3 4557 requires_config_enabled MBEDTLS_SSL_CLI_C 4558 requires_config_enabled MBEDTLS_DEBUG_C 4559 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4560 requires_config_enabled PSA_WANT_ALG_ECDH 4561 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ 4562 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4563 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 4564 0 \ 4565 -c "HTTP/1.0 200 ok" \ 4566 -c "Protocol is TLSv1.3" \ 4567 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4568 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4569 -c "NamedGroup: secp384r1 ( 18 )" \ 4570 -c "Verifying peer X.509 certificate... ok" \ 4571 -C "received HelloRetryRequest message" 4572 4573 requires_openssl_tls1_3 4574 requires_config_enabled MBEDTLS_SSL_CLI_C 4575 requires_config_enabled MBEDTLS_DEBUG_C 4576 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4577 requires_config_enabled PSA_WANT_ALG_ECDH 4578 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ 4579 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4580 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 4581 0 \ 4582 -c "HTTP/1.0 200 ok" \ 4583 -c "Protocol is TLSv1.3" \ 4584 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4585 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4586 -c "NamedGroup: secp384r1 ( 18 )" \ 4587 -c "Verifying peer X.509 certificate... ok" \ 4588 -C "received HelloRetryRequest message" 4589 4590 requires_openssl_tls1_3 4591 requires_config_enabled MBEDTLS_SSL_CLI_C 4592 requires_config_enabled MBEDTLS_DEBUG_C 4593 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4594 requires_config_enabled PSA_WANT_ALG_ECDH 4595 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ 4596 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4597 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 4598 0 \ 4599 -c "HTTP/1.0 200 ok" \ 4600 -c "Protocol is TLSv1.3" \ 4601 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4602 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4603 -c "NamedGroup: secp384r1 ( 18 )" \ 4604 -c "Verifying peer X.509 certificate... ok" \ 4605 -C "received HelloRetryRequest message" 4606 4607 requires_openssl_tls1_3 4608 requires_config_enabled MBEDTLS_SSL_CLI_C 4609 requires_config_enabled MBEDTLS_DEBUG_C 4610 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4611 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4612 requires_config_enabled PSA_WANT_ALG_ECDH 4613 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ 4614 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4615 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 4616 0 \ 4617 -c "HTTP/1.0 200 ok" \ 4618 -c "Protocol is TLSv1.3" \ 4619 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4620 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4621 -c "NamedGroup: secp384r1 ( 18 )" \ 4622 -c "Verifying peer X.509 certificate... ok" \ 4623 -C "received HelloRetryRequest message" 4624 4625 requires_openssl_tls1_3 4626 requires_config_enabled MBEDTLS_SSL_CLI_C 4627 requires_config_enabled MBEDTLS_DEBUG_C 4628 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4629 requires_config_enabled PSA_WANT_ALG_ECDH 4630 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ 4631 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4632 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 4633 0 \ 4634 -c "HTTP/1.0 200 ok" \ 4635 -c "Protocol is TLSv1.3" \ 4636 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4637 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4638 -c "NamedGroup: secp521r1 ( 19 )" \ 4639 -c "Verifying peer X.509 certificate... ok" \ 4640 -C "received HelloRetryRequest message" 4641 4642 requires_openssl_tls1_3 4643 requires_config_enabled MBEDTLS_SSL_CLI_C 4644 requires_config_enabled MBEDTLS_DEBUG_C 4645 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4646 requires_config_enabled PSA_WANT_ALG_ECDH 4647 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ 4648 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4649 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 4650 0 \ 4651 -c "HTTP/1.0 200 ok" \ 4652 -c "Protocol is TLSv1.3" \ 4653 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4654 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4655 -c "NamedGroup: secp521r1 ( 19 )" \ 4656 -c "Verifying peer X.509 certificate... ok" \ 4657 -C "received HelloRetryRequest message" 4658 4659 requires_openssl_tls1_3 4660 requires_config_enabled MBEDTLS_SSL_CLI_C 4661 requires_config_enabled MBEDTLS_DEBUG_C 4662 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4663 requires_config_enabled PSA_WANT_ALG_ECDH 4664 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ 4665 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4666 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 4667 0 \ 4668 -c "HTTP/1.0 200 ok" \ 4669 -c "Protocol is TLSv1.3" \ 4670 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4671 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4672 -c "NamedGroup: secp521r1 ( 19 )" \ 4673 -c "Verifying peer X.509 certificate... ok" \ 4674 -C "received HelloRetryRequest message" 4675 4676 requires_openssl_tls1_3 4677 requires_config_enabled MBEDTLS_SSL_CLI_C 4678 requires_config_enabled MBEDTLS_DEBUG_C 4679 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4680 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4681 requires_config_enabled PSA_WANT_ALG_ECDH 4682 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ 4683 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4684 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 4685 0 \ 4686 -c "HTTP/1.0 200 ok" \ 4687 -c "Protocol is TLSv1.3" \ 4688 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4689 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4690 -c "NamedGroup: secp521r1 ( 19 )" \ 4691 -c "Verifying peer X.509 certificate... ok" \ 4692 -C "received HelloRetryRequest message" 4693 4694 requires_openssl_tls1_3 4695 requires_config_enabled MBEDTLS_SSL_CLI_C 4696 requires_config_enabled MBEDTLS_DEBUG_C 4697 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4698 requires_config_enabled PSA_WANT_ALG_ECDH 4699 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ 4700 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4701 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 4702 0 \ 4703 -c "HTTP/1.0 200 ok" \ 4704 -c "Protocol is TLSv1.3" \ 4705 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4706 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4707 -c "NamedGroup: x25519 ( 1d )" \ 4708 -c "Verifying peer X.509 certificate... ok" \ 4709 -C "received HelloRetryRequest message" 4710 4711 requires_openssl_tls1_3 4712 requires_config_enabled MBEDTLS_SSL_CLI_C 4713 requires_config_enabled MBEDTLS_DEBUG_C 4714 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4715 requires_config_enabled PSA_WANT_ALG_ECDH 4716 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ 4717 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4718 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 4719 0 \ 4720 -c "HTTP/1.0 200 ok" \ 4721 -c "Protocol is TLSv1.3" \ 4722 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4723 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4724 -c "NamedGroup: x25519 ( 1d )" \ 4725 -c "Verifying peer X.509 certificate... ok" \ 4726 -C "received HelloRetryRequest message" 4727 4728 requires_openssl_tls1_3 4729 requires_config_enabled MBEDTLS_SSL_CLI_C 4730 requires_config_enabled MBEDTLS_DEBUG_C 4731 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4732 requires_config_enabled PSA_WANT_ALG_ECDH 4733 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ 4734 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4735 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 4736 0 \ 4737 -c "HTTP/1.0 200 ok" \ 4738 -c "Protocol is TLSv1.3" \ 4739 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4740 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4741 -c "NamedGroup: x25519 ( 1d )" \ 4742 -c "Verifying peer X.509 certificate... ok" \ 4743 -C "received HelloRetryRequest message" 4744 4745 requires_openssl_tls1_3 4746 requires_config_enabled MBEDTLS_SSL_CLI_C 4747 requires_config_enabled MBEDTLS_DEBUG_C 4748 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4749 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4750 requires_config_enabled PSA_WANT_ALG_ECDH 4751 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ 4752 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4753 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 4754 0 \ 4755 -c "HTTP/1.0 200 ok" \ 4756 -c "Protocol is TLSv1.3" \ 4757 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4758 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4759 -c "NamedGroup: x25519 ( 1d )" \ 4760 -c "Verifying peer X.509 certificate... ok" \ 4761 -C "received HelloRetryRequest message" 4762 4763 requires_openssl_tls1_3 4764 requires_config_enabled MBEDTLS_SSL_CLI_C 4765 requires_config_enabled MBEDTLS_DEBUG_C 4766 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4767 requires_config_enabled PSA_WANT_ALG_ECDH 4768 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ 4769 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4770 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 4771 0 \ 4772 -c "HTTP/1.0 200 ok" \ 4773 -c "Protocol is TLSv1.3" \ 4774 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4775 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4776 -c "NamedGroup: x448 ( 1e )" \ 4777 -c "Verifying peer X.509 certificate... ok" \ 4778 -C "received HelloRetryRequest message" 4779 4780 requires_openssl_tls1_3 4781 requires_config_enabled MBEDTLS_SSL_CLI_C 4782 requires_config_enabled MBEDTLS_DEBUG_C 4783 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4784 requires_config_enabled PSA_WANT_ALG_ECDH 4785 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ 4786 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4787 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 4788 0 \ 4789 -c "HTTP/1.0 200 ok" \ 4790 -c "Protocol is TLSv1.3" \ 4791 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4792 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4793 -c "NamedGroup: x448 ( 1e )" \ 4794 -c "Verifying peer X.509 certificate... ok" \ 4795 -C "received HelloRetryRequest message" 4796 4797 requires_openssl_tls1_3 4798 requires_config_enabled MBEDTLS_SSL_CLI_C 4799 requires_config_enabled MBEDTLS_DEBUG_C 4800 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4801 requires_config_enabled PSA_WANT_ALG_ECDH 4802 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ 4803 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4804 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 4805 0 \ 4806 -c "HTTP/1.0 200 ok" \ 4807 -c "Protocol is TLSv1.3" \ 4808 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4809 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4810 -c "NamedGroup: x448 ( 1e )" \ 4811 -c "Verifying peer X.509 certificate... ok" \ 4812 -C "received HelloRetryRequest message" 4813 4814 requires_openssl_tls1_3 4815 requires_config_enabled MBEDTLS_SSL_CLI_C 4816 requires_config_enabled MBEDTLS_DEBUG_C 4817 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4818 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4819 requires_config_enabled PSA_WANT_ALG_ECDH 4820 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ 4821 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4822 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 4823 0 \ 4824 -c "HTTP/1.0 200 ok" \ 4825 -c "Protocol is TLSv1.3" \ 4826 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4827 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4828 -c "NamedGroup: x448 ( 1e )" \ 4829 -c "Verifying peer X.509 certificate... ok" \ 4830 -C "received HelloRetryRequest message" 4831 4832 requires_openssl_tls1_3_with_ffdh 4833 requires_config_enabled MBEDTLS_SSL_CLI_C 4834 requires_config_enabled MBEDTLS_DEBUG_C 4835 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4836 requires_config_enabled PSA_WANT_ALG_FFDH 4837 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4838 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \ 4839 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4840 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 4841 0 \ 4842 -c "HTTP/1.0 200 ok" \ 4843 -c "Protocol is TLSv1.3" \ 4844 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4845 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4846 -c "NamedGroup: ffdhe2048 ( 100 )" \ 4847 -c "Verifying peer X.509 certificate... ok" \ 4848 -C "received HelloRetryRequest message" 4849 4850 requires_openssl_tls1_3_with_ffdh 4851 requires_config_enabled MBEDTLS_SSL_CLI_C 4852 requires_config_enabled MBEDTLS_DEBUG_C 4853 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4854 requires_config_enabled PSA_WANT_ALG_FFDH 4855 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4856 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \ 4857 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4858 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 4859 0 \ 4860 -c "HTTP/1.0 200 ok" \ 4861 -c "Protocol is TLSv1.3" \ 4862 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4863 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4864 -c "NamedGroup: ffdhe2048 ( 100 )" \ 4865 -c "Verifying peer X.509 certificate... ok" \ 4866 -C "received HelloRetryRequest message" 4867 4868 requires_openssl_tls1_3_with_ffdh 4869 requires_config_enabled MBEDTLS_SSL_CLI_C 4870 requires_config_enabled MBEDTLS_DEBUG_C 4871 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4872 requires_config_enabled PSA_WANT_ALG_FFDH 4873 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4874 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \ 4875 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4876 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 4877 0 \ 4878 -c "HTTP/1.0 200 ok" \ 4879 -c "Protocol is TLSv1.3" \ 4880 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4881 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4882 -c "NamedGroup: ffdhe2048 ( 100 )" \ 4883 -c "Verifying peer X.509 certificate... ok" \ 4884 -C "received HelloRetryRequest message" 4885 4886 requires_openssl_tls1_3_with_ffdh 4887 requires_config_enabled MBEDTLS_SSL_CLI_C 4888 requires_config_enabled MBEDTLS_DEBUG_C 4889 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4890 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4891 requires_config_enabled PSA_WANT_ALG_FFDH 4892 requires_config_enabled PSA_WANT_DH_RFC7919_2048 4893 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ 4894 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4895 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 4896 0 \ 4897 -c "HTTP/1.0 200 ok" \ 4898 -c "Protocol is TLSv1.3" \ 4899 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 4900 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4901 -c "NamedGroup: ffdhe2048 ( 100 )" \ 4902 -c "Verifying peer X.509 certificate... ok" \ 4903 -C "received HelloRetryRequest message" 4904 4905 requires_openssl_tls1_3 4906 requires_config_enabled MBEDTLS_SSL_CLI_C 4907 requires_config_enabled MBEDTLS_DEBUG_C 4908 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4909 requires_config_enabled PSA_WANT_ALG_ECDH 4910 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 4911 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4912 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 4913 0 \ 4914 -c "HTTP/1.0 200 ok" \ 4915 -c "Protocol is TLSv1.3" \ 4916 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 4917 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4918 -c "NamedGroup: secp256r1 ( 17 )" \ 4919 -c "Verifying peer X.509 certificate... ok" \ 4920 -C "received HelloRetryRequest message" 4921 4922 requires_openssl_tls1_3 4923 requires_config_enabled MBEDTLS_SSL_CLI_C 4924 requires_config_enabled MBEDTLS_DEBUG_C 4925 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4926 requires_config_enabled PSA_WANT_ALG_ECDH 4927 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 4928 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4929 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 4930 0 \ 4931 -c "HTTP/1.0 200 ok" \ 4932 -c "Protocol is TLSv1.3" \ 4933 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 4934 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 4935 -c "NamedGroup: secp256r1 ( 17 )" \ 4936 -c "Verifying peer X.509 certificate... ok" \ 4937 -C "received HelloRetryRequest message" 4938 4939 requires_openssl_tls1_3 4940 requires_config_enabled MBEDTLS_SSL_CLI_C 4941 requires_config_enabled MBEDTLS_DEBUG_C 4942 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4943 requires_config_enabled PSA_WANT_ALG_ECDH 4944 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 4945 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4946 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 4947 0 \ 4948 -c "HTTP/1.0 200 ok" \ 4949 -c "Protocol is TLSv1.3" \ 4950 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 4951 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 4952 -c "NamedGroup: secp256r1 ( 17 )" \ 4953 -c "Verifying peer X.509 certificate... ok" \ 4954 -C "received HelloRetryRequest message" 4955 4956 requires_openssl_tls1_3 4957 requires_config_enabled MBEDTLS_SSL_CLI_C 4958 requires_config_enabled MBEDTLS_DEBUG_C 4959 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4960 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 4961 requires_config_enabled PSA_WANT_ALG_ECDH 4962 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 4963 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4964 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 4965 0 \ 4966 -c "HTTP/1.0 200 ok" \ 4967 -c "Protocol is TLSv1.3" \ 4968 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 4969 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 4970 -c "NamedGroup: secp256r1 ( 17 )" \ 4971 -c "Verifying peer X.509 certificate... ok" \ 4972 -C "received HelloRetryRequest message" 4973 4974 requires_openssl_tls1_3 4975 requires_config_enabled MBEDTLS_SSL_CLI_C 4976 requires_config_enabled MBEDTLS_DEBUG_C 4977 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4978 requires_config_enabled PSA_WANT_ALG_ECDH 4979 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 4980 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4981 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 4982 0 \ 4983 -c "HTTP/1.0 200 ok" \ 4984 -c "Protocol is TLSv1.3" \ 4985 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 4986 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 4987 -c "NamedGroup: secp384r1 ( 18 )" \ 4988 -c "Verifying peer X.509 certificate... ok" \ 4989 -C "received HelloRetryRequest message" 4990 4991 requires_openssl_tls1_3 4992 requires_config_enabled MBEDTLS_SSL_CLI_C 4993 requires_config_enabled MBEDTLS_DEBUG_C 4994 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 4995 requires_config_enabled PSA_WANT_ALG_ECDH 4996 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 4997 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 4998 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 4999 0 \ 5000 -c "HTTP/1.0 200 ok" \ 5001 -c "Protocol is TLSv1.3" \ 5002 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5003 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5004 -c "NamedGroup: secp384r1 ( 18 )" \ 5005 -c "Verifying peer X.509 certificate... ok" \ 5006 -C "received HelloRetryRequest message" 5007 5008 requires_openssl_tls1_3 5009 requires_config_enabled MBEDTLS_SSL_CLI_C 5010 requires_config_enabled MBEDTLS_DEBUG_C 5011 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5012 requires_config_enabled PSA_WANT_ALG_ECDH 5013 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 5014 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5015 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 5016 0 \ 5017 -c "HTTP/1.0 200 ok" \ 5018 -c "Protocol is TLSv1.3" \ 5019 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5020 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5021 -c "NamedGroup: secp384r1 ( 18 )" \ 5022 -c "Verifying peer X.509 certificate... ok" \ 5023 -C "received HelloRetryRequest message" 5024 5025 requires_openssl_tls1_3 5026 requires_config_enabled MBEDTLS_SSL_CLI_C 5027 requires_config_enabled MBEDTLS_DEBUG_C 5028 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5029 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5030 requires_config_enabled PSA_WANT_ALG_ECDH 5031 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 5032 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5033 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 5034 0 \ 5035 -c "HTTP/1.0 200 ok" \ 5036 -c "Protocol is TLSv1.3" \ 5037 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5038 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5039 -c "NamedGroup: secp384r1 ( 18 )" \ 5040 -c "Verifying peer X.509 certificate... ok" \ 5041 -C "received HelloRetryRequest message" 5042 5043 requires_openssl_tls1_3 5044 requires_config_enabled MBEDTLS_SSL_CLI_C 5045 requires_config_enabled MBEDTLS_DEBUG_C 5046 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5047 requires_config_enabled PSA_WANT_ALG_ECDH 5048 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 5049 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5050 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 5051 0 \ 5052 -c "HTTP/1.0 200 ok" \ 5053 -c "Protocol is TLSv1.3" \ 5054 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5055 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5056 -c "NamedGroup: secp521r1 ( 19 )" \ 5057 -c "Verifying peer X.509 certificate... ok" \ 5058 -C "received HelloRetryRequest message" 5059 5060 requires_openssl_tls1_3 5061 requires_config_enabled MBEDTLS_SSL_CLI_C 5062 requires_config_enabled MBEDTLS_DEBUG_C 5063 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5064 requires_config_enabled PSA_WANT_ALG_ECDH 5065 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 5066 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5067 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 5068 0 \ 5069 -c "HTTP/1.0 200 ok" \ 5070 -c "Protocol is TLSv1.3" \ 5071 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5072 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5073 -c "NamedGroup: secp521r1 ( 19 )" \ 5074 -c "Verifying peer X.509 certificate... ok" \ 5075 -C "received HelloRetryRequest message" 5076 5077 requires_openssl_tls1_3 5078 requires_config_enabled MBEDTLS_SSL_CLI_C 5079 requires_config_enabled MBEDTLS_DEBUG_C 5080 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5081 requires_config_enabled PSA_WANT_ALG_ECDH 5082 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 5083 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5084 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 5085 0 \ 5086 -c "HTTP/1.0 200 ok" \ 5087 -c "Protocol is TLSv1.3" \ 5088 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5089 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5090 -c "NamedGroup: secp521r1 ( 19 )" \ 5091 -c "Verifying peer X.509 certificate... ok" \ 5092 -C "received HelloRetryRequest message" 5093 5094 requires_openssl_tls1_3 5095 requires_config_enabled MBEDTLS_SSL_CLI_C 5096 requires_config_enabled MBEDTLS_DEBUG_C 5097 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5098 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5099 requires_config_enabled PSA_WANT_ALG_ECDH 5100 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 5101 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5102 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 5103 0 \ 5104 -c "HTTP/1.0 200 ok" \ 5105 -c "Protocol is TLSv1.3" \ 5106 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5107 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5108 -c "NamedGroup: secp521r1 ( 19 )" \ 5109 -c "Verifying peer X.509 certificate... ok" \ 5110 -C "received HelloRetryRequest message" 5111 5112 requires_openssl_tls1_3 5113 requires_config_enabled MBEDTLS_SSL_CLI_C 5114 requires_config_enabled MBEDTLS_DEBUG_C 5115 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5116 requires_config_enabled PSA_WANT_ALG_ECDH 5117 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ 5118 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5119 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 5120 0 \ 5121 -c "HTTP/1.0 200 ok" \ 5122 -c "Protocol is TLSv1.3" \ 5123 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5124 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5125 -c "NamedGroup: x25519 ( 1d )" \ 5126 -c "Verifying peer X.509 certificate... ok" \ 5127 -C "received HelloRetryRequest message" 5128 5129 requires_openssl_tls1_3 5130 requires_config_enabled MBEDTLS_SSL_CLI_C 5131 requires_config_enabled MBEDTLS_DEBUG_C 5132 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5133 requires_config_enabled PSA_WANT_ALG_ECDH 5134 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ 5135 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5136 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 5137 0 \ 5138 -c "HTTP/1.0 200 ok" \ 5139 -c "Protocol is TLSv1.3" \ 5140 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5141 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5142 -c "NamedGroup: x25519 ( 1d )" \ 5143 -c "Verifying peer X.509 certificate... ok" \ 5144 -C "received HelloRetryRequest message" 5145 5146 requires_openssl_tls1_3 5147 requires_config_enabled MBEDTLS_SSL_CLI_C 5148 requires_config_enabled MBEDTLS_DEBUG_C 5149 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5150 requires_config_enabled PSA_WANT_ALG_ECDH 5151 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ 5152 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5153 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 5154 0 \ 5155 -c "HTTP/1.0 200 ok" \ 5156 -c "Protocol is TLSv1.3" \ 5157 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5158 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5159 -c "NamedGroup: x25519 ( 1d )" \ 5160 -c "Verifying peer X.509 certificate... ok" \ 5161 -C "received HelloRetryRequest message" 5162 5163 requires_openssl_tls1_3 5164 requires_config_enabled MBEDTLS_SSL_CLI_C 5165 requires_config_enabled MBEDTLS_DEBUG_C 5166 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5167 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5168 requires_config_enabled PSA_WANT_ALG_ECDH 5169 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ 5170 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5171 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 5172 0 \ 5173 -c "HTTP/1.0 200 ok" \ 5174 -c "Protocol is TLSv1.3" \ 5175 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5176 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5177 -c "NamedGroup: x25519 ( 1d )" \ 5178 -c "Verifying peer X.509 certificate... ok" \ 5179 -C "received HelloRetryRequest message" 5180 5181 requires_openssl_tls1_3 5182 requires_config_enabled MBEDTLS_SSL_CLI_C 5183 requires_config_enabled MBEDTLS_DEBUG_C 5184 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5185 requires_config_enabled PSA_WANT_ALG_ECDH 5186 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ 5187 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5188 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 5189 0 \ 5190 -c "HTTP/1.0 200 ok" \ 5191 -c "Protocol is TLSv1.3" \ 5192 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5193 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5194 -c "NamedGroup: x448 ( 1e )" \ 5195 -c "Verifying peer X.509 certificate... ok" \ 5196 -C "received HelloRetryRequest message" 5197 5198 requires_openssl_tls1_3 5199 requires_config_enabled MBEDTLS_SSL_CLI_C 5200 requires_config_enabled MBEDTLS_DEBUG_C 5201 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5202 requires_config_enabled PSA_WANT_ALG_ECDH 5203 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ 5204 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5205 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 5206 0 \ 5207 -c "HTTP/1.0 200 ok" \ 5208 -c "Protocol is TLSv1.3" \ 5209 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5210 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5211 -c "NamedGroup: x448 ( 1e )" \ 5212 -c "Verifying peer X.509 certificate... ok" \ 5213 -C "received HelloRetryRequest message" 5214 5215 requires_openssl_tls1_3 5216 requires_config_enabled MBEDTLS_SSL_CLI_C 5217 requires_config_enabled MBEDTLS_DEBUG_C 5218 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5219 requires_config_enabled PSA_WANT_ALG_ECDH 5220 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ 5221 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5222 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 5223 0 \ 5224 -c "HTTP/1.0 200 ok" \ 5225 -c "Protocol is TLSv1.3" \ 5226 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5227 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5228 -c "NamedGroup: x448 ( 1e )" \ 5229 -c "Verifying peer X.509 certificate... ok" \ 5230 -C "received HelloRetryRequest message" 5231 5232 requires_openssl_tls1_3 5233 requires_config_enabled MBEDTLS_SSL_CLI_C 5234 requires_config_enabled MBEDTLS_DEBUG_C 5235 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5236 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5237 requires_config_enabled PSA_WANT_ALG_ECDH 5238 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ 5239 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5240 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 5241 0 \ 5242 -c "HTTP/1.0 200 ok" \ 5243 -c "Protocol is TLSv1.3" \ 5244 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5245 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5246 -c "NamedGroup: x448 ( 1e )" \ 5247 -c "Verifying peer X.509 certificate... ok" \ 5248 -C "received HelloRetryRequest message" 5249 5250 requires_openssl_tls1_3_with_ffdh 5251 requires_config_enabled MBEDTLS_SSL_CLI_C 5252 requires_config_enabled MBEDTLS_DEBUG_C 5253 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5254 requires_config_enabled PSA_WANT_ALG_FFDH 5255 requires_config_enabled PSA_WANT_DH_RFC7919_2048 5256 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 5257 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5258 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 5259 0 \ 5260 -c "HTTP/1.0 200 ok" \ 5261 -c "Protocol is TLSv1.3" \ 5262 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5263 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5264 -c "NamedGroup: ffdhe2048 ( 100 )" \ 5265 -c "Verifying peer X.509 certificate... ok" \ 5266 -C "received HelloRetryRequest message" 5267 5268 requires_openssl_tls1_3_with_ffdh 5269 requires_config_enabled MBEDTLS_SSL_CLI_C 5270 requires_config_enabled MBEDTLS_DEBUG_C 5271 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5272 requires_config_enabled PSA_WANT_ALG_FFDH 5273 requires_config_enabled PSA_WANT_DH_RFC7919_2048 5274 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 5275 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5276 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 5277 0 \ 5278 -c "HTTP/1.0 200 ok" \ 5279 -c "Protocol is TLSv1.3" \ 5280 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5281 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5282 -c "NamedGroup: ffdhe2048 ( 100 )" \ 5283 -c "Verifying peer X.509 certificate... ok" \ 5284 -C "received HelloRetryRequest message" 5285 5286 requires_openssl_tls1_3_with_ffdh 5287 requires_config_enabled MBEDTLS_SSL_CLI_C 5288 requires_config_enabled MBEDTLS_DEBUG_C 5289 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5290 requires_config_enabled PSA_WANT_ALG_FFDH 5291 requires_config_enabled PSA_WANT_DH_RFC7919_2048 5292 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 5293 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5294 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 5295 0 \ 5296 -c "HTTP/1.0 200 ok" \ 5297 -c "Protocol is TLSv1.3" \ 5298 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5299 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5300 -c "NamedGroup: ffdhe2048 ( 100 )" \ 5301 -c "Verifying peer X.509 certificate... ok" \ 5302 -C "received HelloRetryRequest message" 5303 5304 requires_openssl_tls1_3_with_ffdh 5305 requires_config_enabled MBEDTLS_SSL_CLI_C 5306 requires_config_enabled MBEDTLS_DEBUG_C 5307 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5308 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5309 requires_config_enabled PSA_WANT_ALG_FFDH 5310 requires_config_enabled PSA_WANT_DH_RFC7919_2048 5311 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 5312 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5313 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 5314 0 \ 5315 -c "HTTP/1.0 200 ok" \ 5316 -c "Protocol is TLSv1.3" \ 5317 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 5318 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5319 -c "NamedGroup: ffdhe2048 ( 100 )" \ 5320 -c "Verifying peer X.509 certificate... ok" \ 5321 -C "received HelloRetryRequest message" 5322 5323 requires_openssl_tls1_3 5324 requires_config_enabled MBEDTLS_SSL_CLI_C 5325 requires_config_enabled MBEDTLS_DEBUG_C 5326 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5327 requires_config_enabled PSA_WANT_ALG_ECDH 5328 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 5329 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5330 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 5331 0 \ 5332 -c "HTTP/1.0 200 ok" \ 5333 -c "Protocol is TLSv1.3" \ 5334 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5335 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5336 -c "NamedGroup: secp256r1 ( 17 )" \ 5337 -c "Verifying peer X.509 certificate... ok" \ 5338 -C "received HelloRetryRequest message" 5339 5340 requires_openssl_tls1_3 5341 requires_config_enabled MBEDTLS_SSL_CLI_C 5342 requires_config_enabled MBEDTLS_DEBUG_C 5343 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5344 requires_config_enabled PSA_WANT_ALG_ECDH 5345 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 5346 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5347 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 5348 0 \ 5349 -c "HTTP/1.0 200 ok" \ 5350 -c "Protocol is TLSv1.3" \ 5351 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5352 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5353 -c "NamedGroup: secp256r1 ( 17 )" \ 5354 -c "Verifying peer X.509 certificate... ok" \ 5355 -C "received HelloRetryRequest message" 5356 5357 requires_openssl_tls1_3 5358 requires_config_enabled MBEDTLS_SSL_CLI_C 5359 requires_config_enabled MBEDTLS_DEBUG_C 5360 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5361 requires_config_enabled PSA_WANT_ALG_ECDH 5362 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 5363 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5364 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 5365 0 \ 5366 -c "HTTP/1.0 200 ok" \ 5367 -c "Protocol is TLSv1.3" \ 5368 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5369 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5370 -c "NamedGroup: secp256r1 ( 17 )" \ 5371 -c "Verifying peer X.509 certificate... ok" \ 5372 -C "received HelloRetryRequest message" 5373 5374 requires_openssl_tls1_3 5375 requires_config_enabled MBEDTLS_SSL_CLI_C 5376 requires_config_enabled MBEDTLS_DEBUG_C 5377 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5378 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5379 requires_config_enabled PSA_WANT_ALG_ECDH 5380 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 5381 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5382 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 5383 0 \ 5384 -c "HTTP/1.0 200 ok" \ 5385 -c "Protocol is TLSv1.3" \ 5386 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5387 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5388 -c "NamedGroup: secp256r1 ( 17 )" \ 5389 -c "Verifying peer X.509 certificate... ok" \ 5390 -C "received HelloRetryRequest message" 5391 5392 requires_openssl_tls1_3 5393 requires_config_enabled MBEDTLS_SSL_CLI_C 5394 requires_config_enabled MBEDTLS_DEBUG_C 5395 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5396 requires_config_enabled PSA_WANT_ALG_ECDH 5397 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 5398 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5399 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 5400 0 \ 5401 -c "HTTP/1.0 200 ok" \ 5402 -c "Protocol is TLSv1.3" \ 5403 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5404 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5405 -c "NamedGroup: secp384r1 ( 18 )" \ 5406 -c "Verifying peer X.509 certificate... ok" \ 5407 -C "received HelloRetryRequest message" 5408 5409 requires_openssl_tls1_3 5410 requires_config_enabled MBEDTLS_SSL_CLI_C 5411 requires_config_enabled MBEDTLS_DEBUG_C 5412 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5413 requires_config_enabled PSA_WANT_ALG_ECDH 5414 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 5415 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5416 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 5417 0 \ 5418 -c "HTTP/1.0 200 ok" \ 5419 -c "Protocol is TLSv1.3" \ 5420 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5421 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5422 -c "NamedGroup: secp384r1 ( 18 )" \ 5423 -c "Verifying peer X.509 certificate... ok" \ 5424 -C "received HelloRetryRequest message" 5425 5426 requires_openssl_tls1_3 5427 requires_config_enabled MBEDTLS_SSL_CLI_C 5428 requires_config_enabled MBEDTLS_DEBUG_C 5429 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5430 requires_config_enabled PSA_WANT_ALG_ECDH 5431 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 5432 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5433 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 5434 0 \ 5435 -c "HTTP/1.0 200 ok" \ 5436 -c "Protocol is TLSv1.3" \ 5437 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5438 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5439 -c "NamedGroup: secp384r1 ( 18 )" \ 5440 -c "Verifying peer X.509 certificate... ok" \ 5441 -C "received HelloRetryRequest message" 5442 5443 requires_openssl_tls1_3 5444 requires_config_enabled MBEDTLS_SSL_CLI_C 5445 requires_config_enabled MBEDTLS_DEBUG_C 5446 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5447 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5448 requires_config_enabled PSA_WANT_ALG_ECDH 5449 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 5450 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5451 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 5452 0 \ 5453 -c "HTTP/1.0 200 ok" \ 5454 -c "Protocol is TLSv1.3" \ 5455 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5456 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5457 -c "NamedGroup: secp384r1 ( 18 )" \ 5458 -c "Verifying peer X.509 certificate... ok" \ 5459 -C "received HelloRetryRequest message" 5460 5461 requires_openssl_tls1_3 5462 requires_config_enabled MBEDTLS_SSL_CLI_C 5463 requires_config_enabled MBEDTLS_DEBUG_C 5464 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5465 requires_config_enabled PSA_WANT_ALG_ECDH 5466 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 5467 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5468 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 5469 0 \ 5470 -c "HTTP/1.0 200 ok" \ 5471 -c "Protocol is TLSv1.3" \ 5472 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5473 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5474 -c "NamedGroup: secp521r1 ( 19 )" \ 5475 -c "Verifying peer X.509 certificate... ok" \ 5476 -C "received HelloRetryRequest message" 5477 5478 requires_openssl_tls1_3 5479 requires_config_enabled MBEDTLS_SSL_CLI_C 5480 requires_config_enabled MBEDTLS_DEBUG_C 5481 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5482 requires_config_enabled PSA_WANT_ALG_ECDH 5483 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 5484 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5485 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 5486 0 \ 5487 -c "HTTP/1.0 200 ok" \ 5488 -c "Protocol is TLSv1.3" \ 5489 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5490 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5491 -c "NamedGroup: secp521r1 ( 19 )" \ 5492 -c "Verifying peer X.509 certificate... ok" \ 5493 -C "received HelloRetryRequest message" 5494 5495 requires_openssl_tls1_3 5496 requires_config_enabled MBEDTLS_SSL_CLI_C 5497 requires_config_enabled MBEDTLS_DEBUG_C 5498 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5499 requires_config_enabled PSA_WANT_ALG_ECDH 5500 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 5501 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5502 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 5503 0 \ 5504 -c "HTTP/1.0 200 ok" \ 5505 -c "Protocol is TLSv1.3" \ 5506 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5507 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5508 -c "NamedGroup: secp521r1 ( 19 )" \ 5509 -c "Verifying peer X.509 certificate... ok" \ 5510 -C "received HelloRetryRequest message" 5511 5512 requires_openssl_tls1_3 5513 requires_config_enabled MBEDTLS_SSL_CLI_C 5514 requires_config_enabled MBEDTLS_DEBUG_C 5515 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5516 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5517 requires_config_enabled PSA_WANT_ALG_ECDH 5518 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 5519 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5520 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 5521 0 \ 5522 -c "HTTP/1.0 200 ok" \ 5523 -c "Protocol is TLSv1.3" \ 5524 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5525 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5526 -c "NamedGroup: secp521r1 ( 19 )" \ 5527 -c "Verifying peer X.509 certificate... ok" \ 5528 -C "received HelloRetryRequest message" 5529 5530 requires_openssl_tls1_3 5531 requires_config_enabled MBEDTLS_SSL_CLI_C 5532 requires_config_enabled MBEDTLS_DEBUG_C 5533 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5534 requires_config_enabled PSA_WANT_ALG_ECDH 5535 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ 5536 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5537 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 5538 0 \ 5539 -c "HTTP/1.0 200 ok" \ 5540 -c "Protocol is TLSv1.3" \ 5541 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5542 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5543 -c "NamedGroup: x25519 ( 1d )" \ 5544 -c "Verifying peer X.509 certificate... ok" \ 5545 -C "received HelloRetryRequest message" 5546 5547 requires_openssl_tls1_3 5548 requires_config_enabled MBEDTLS_SSL_CLI_C 5549 requires_config_enabled MBEDTLS_DEBUG_C 5550 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5551 requires_config_enabled PSA_WANT_ALG_ECDH 5552 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ 5553 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5554 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 5555 0 \ 5556 -c "HTTP/1.0 200 ok" \ 5557 -c "Protocol is TLSv1.3" \ 5558 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5559 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5560 -c "NamedGroup: x25519 ( 1d )" \ 5561 -c "Verifying peer X.509 certificate... ok" \ 5562 -C "received HelloRetryRequest message" 5563 5564 requires_openssl_tls1_3 5565 requires_config_enabled MBEDTLS_SSL_CLI_C 5566 requires_config_enabled MBEDTLS_DEBUG_C 5567 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5568 requires_config_enabled PSA_WANT_ALG_ECDH 5569 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ 5570 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5571 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 5572 0 \ 5573 -c "HTTP/1.0 200 ok" \ 5574 -c "Protocol is TLSv1.3" \ 5575 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5576 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5577 -c "NamedGroup: x25519 ( 1d )" \ 5578 -c "Verifying peer X.509 certificate... ok" \ 5579 -C "received HelloRetryRequest message" 5580 5581 requires_openssl_tls1_3 5582 requires_config_enabled MBEDTLS_SSL_CLI_C 5583 requires_config_enabled MBEDTLS_DEBUG_C 5584 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5585 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5586 requires_config_enabled PSA_WANT_ALG_ECDH 5587 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ 5588 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5589 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 5590 0 \ 5591 -c "HTTP/1.0 200 ok" \ 5592 -c "Protocol is TLSv1.3" \ 5593 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5594 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5595 -c "NamedGroup: x25519 ( 1d )" \ 5596 -c "Verifying peer X.509 certificate... ok" \ 5597 -C "received HelloRetryRequest message" 5598 5599 requires_openssl_tls1_3 5600 requires_config_enabled MBEDTLS_SSL_CLI_C 5601 requires_config_enabled MBEDTLS_DEBUG_C 5602 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5603 requires_config_enabled PSA_WANT_ALG_ECDH 5604 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ 5605 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5606 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 5607 0 \ 5608 -c "HTTP/1.0 200 ok" \ 5609 -c "Protocol is TLSv1.3" \ 5610 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5611 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5612 -c "NamedGroup: x448 ( 1e )" \ 5613 -c "Verifying peer X.509 certificate... ok" \ 5614 -C "received HelloRetryRequest message" 5615 5616 requires_openssl_tls1_3 5617 requires_config_enabled MBEDTLS_SSL_CLI_C 5618 requires_config_enabled MBEDTLS_DEBUG_C 5619 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5620 requires_config_enabled PSA_WANT_ALG_ECDH 5621 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ 5622 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5623 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 5624 0 \ 5625 -c "HTTP/1.0 200 ok" \ 5626 -c "Protocol is TLSv1.3" \ 5627 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5628 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5629 -c "NamedGroup: x448 ( 1e )" \ 5630 -c "Verifying peer X.509 certificate... ok" \ 5631 -C "received HelloRetryRequest message" 5632 5633 requires_openssl_tls1_3 5634 requires_config_enabled MBEDTLS_SSL_CLI_C 5635 requires_config_enabled MBEDTLS_DEBUG_C 5636 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5637 requires_config_enabled PSA_WANT_ALG_ECDH 5638 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ 5639 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5640 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 5641 0 \ 5642 -c "HTTP/1.0 200 ok" \ 5643 -c "Protocol is TLSv1.3" \ 5644 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5645 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5646 -c "NamedGroup: x448 ( 1e )" \ 5647 -c "Verifying peer X.509 certificate... ok" \ 5648 -C "received HelloRetryRequest message" 5649 5650 requires_openssl_tls1_3 5651 requires_config_enabled MBEDTLS_SSL_CLI_C 5652 requires_config_enabled MBEDTLS_DEBUG_C 5653 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5654 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5655 requires_config_enabled PSA_WANT_ALG_ECDH 5656 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ 5657 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5658 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 5659 0 \ 5660 -c "HTTP/1.0 200 ok" \ 5661 -c "Protocol is TLSv1.3" \ 5662 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5663 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5664 -c "NamedGroup: x448 ( 1e )" \ 5665 -c "Verifying peer X.509 certificate... ok" \ 5666 -C "received HelloRetryRequest message" 5667 5668 requires_openssl_tls1_3_with_ffdh 5669 requires_config_enabled MBEDTLS_SSL_CLI_C 5670 requires_config_enabled MBEDTLS_DEBUG_C 5671 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5672 requires_config_enabled PSA_WANT_ALG_FFDH 5673 requires_config_enabled PSA_WANT_DH_RFC7919_2048 5674 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 5675 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5676 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 5677 0 \ 5678 -c "HTTP/1.0 200 ok" \ 5679 -c "Protocol is TLSv1.3" \ 5680 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5681 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5682 -c "NamedGroup: ffdhe2048 ( 100 )" \ 5683 -c "Verifying peer X.509 certificate... ok" \ 5684 -C "received HelloRetryRequest message" 5685 5686 requires_openssl_tls1_3_with_ffdh 5687 requires_config_enabled MBEDTLS_SSL_CLI_C 5688 requires_config_enabled MBEDTLS_DEBUG_C 5689 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5690 requires_config_enabled PSA_WANT_ALG_FFDH 5691 requires_config_enabled PSA_WANT_DH_RFC7919_2048 5692 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 5693 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5694 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 5695 0 \ 5696 -c "HTTP/1.0 200 ok" \ 5697 -c "Protocol is TLSv1.3" \ 5698 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5699 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5700 -c "NamedGroup: ffdhe2048 ( 100 )" \ 5701 -c "Verifying peer X.509 certificate... ok" \ 5702 -C "received HelloRetryRequest message" 5703 5704 requires_openssl_tls1_3_with_ffdh 5705 requires_config_enabled MBEDTLS_SSL_CLI_C 5706 requires_config_enabled MBEDTLS_DEBUG_C 5707 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5708 requires_config_enabled PSA_WANT_ALG_FFDH 5709 requires_config_enabled PSA_WANT_DH_RFC7919_2048 5710 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 5711 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5712 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 5713 0 \ 5714 -c "HTTP/1.0 200 ok" \ 5715 -c "Protocol is TLSv1.3" \ 5716 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5717 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5718 -c "NamedGroup: ffdhe2048 ( 100 )" \ 5719 -c "Verifying peer X.509 certificate... ok" \ 5720 -C "received HelloRetryRequest message" 5721 5722 requires_openssl_tls1_3_with_ffdh 5723 requires_config_enabled MBEDTLS_SSL_CLI_C 5724 requires_config_enabled MBEDTLS_DEBUG_C 5725 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5726 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5727 requires_config_enabled PSA_WANT_ALG_FFDH 5728 requires_config_enabled PSA_WANT_DH_RFC7919_2048 5729 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 5730 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5731 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 5732 0 \ 5733 -c "HTTP/1.0 200 ok" \ 5734 -c "Protocol is TLSv1.3" \ 5735 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 5736 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5737 -c "NamedGroup: ffdhe2048 ( 100 )" \ 5738 -c "Verifying peer X.509 certificate... ok" \ 5739 -C "received HelloRetryRequest message" 5740 5741 requires_openssl_tls1_3 5742 requires_config_enabled MBEDTLS_SSL_CLI_C 5743 requires_config_enabled MBEDTLS_DEBUG_C 5744 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5745 requires_config_enabled PSA_WANT_ALG_ECDH 5746 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 5747 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5748 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 5749 0 \ 5750 -c "HTTP/1.0 200 ok" \ 5751 -c "Protocol is TLSv1.3" \ 5752 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5753 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5754 -c "NamedGroup: secp256r1 ( 17 )" \ 5755 -c "Verifying peer X.509 certificate... ok" \ 5756 -C "received HelloRetryRequest message" 5757 5758 requires_openssl_tls1_3 5759 requires_config_enabled MBEDTLS_SSL_CLI_C 5760 requires_config_enabled MBEDTLS_DEBUG_C 5761 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5762 requires_config_enabled PSA_WANT_ALG_ECDH 5763 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 5764 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5765 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 5766 0 \ 5767 -c "HTTP/1.0 200 ok" \ 5768 -c "Protocol is TLSv1.3" \ 5769 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5770 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5771 -c "NamedGroup: secp256r1 ( 17 )" \ 5772 -c "Verifying peer X.509 certificate... ok" \ 5773 -C "received HelloRetryRequest message" 5774 5775 requires_openssl_tls1_3 5776 requires_config_enabled MBEDTLS_SSL_CLI_C 5777 requires_config_enabled MBEDTLS_DEBUG_C 5778 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5779 requires_config_enabled PSA_WANT_ALG_ECDH 5780 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 5781 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5782 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 5783 0 \ 5784 -c "HTTP/1.0 200 ok" \ 5785 -c "Protocol is TLSv1.3" \ 5786 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5787 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5788 -c "NamedGroup: secp256r1 ( 17 )" \ 5789 -c "Verifying peer X.509 certificate... ok" \ 5790 -C "received HelloRetryRequest message" 5791 5792 requires_openssl_tls1_3 5793 requires_config_enabled MBEDTLS_SSL_CLI_C 5794 requires_config_enabled MBEDTLS_DEBUG_C 5795 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5796 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5797 requires_config_enabled PSA_WANT_ALG_ECDH 5798 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 5799 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5800 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 5801 0 \ 5802 -c "HTTP/1.0 200 ok" \ 5803 -c "Protocol is TLSv1.3" \ 5804 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5805 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5806 -c "NamedGroup: secp256r1 ( 17 )" \ 5807 -c "Verifying peer X.509 certificate... ok" \ 5808 -C "received HelloRetryRequest message" 5809 5810 requires_openssl_tls1_3 5811 requires_config_enabled MBEDTLS_SSL_CLI_C 5812 requires_config_enabled MBEDTLS_DEBUG_C 5813 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5814 requires_config_enabled PSA_WANT_ALG_ECDH 5815 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 5816 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5817 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 5818 0 \ 5819 -c "HTTP/1.0 200 ok" \ 5820 -c "Protocol is TLSv1.3" \ 5821 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5822 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5823 -c "NamedGroup: secp384r1 ( 18 )" \ 5824 -c "Verifying peer X.509 certificate... ok" \ 5825 -C "received HelloRetryRequest message" 5826 5827 requires_openssl_tls1_3 5828 requires_config_enabled MBEDTLS_SSL_CLI_C 5829 requires_config_enabled MBEDTLS_DEBUG_C 5830 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5831 requires_config_enabled PSA_WANT_ALG_ECDH 5832 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 5833 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5834 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 5835 0 \ 5836 -c "HTTP/1.0 200 ok" \ 5837 -c "Protocol is TLSv1.3" \ 5838 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5839 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5840 -c "NamedGroup: secp384r1 ( 18 )" \ 5841 -c "Verifying peer X.509 certificate... ok" \ 5842 -C "received HelloRetryRequest message" 5843 5844 requires_openssl_tls1_3 5845 requires_config_enabled MBEDTLS_SSL_CLI_C 5846 requires_config_enabled MBEDTLS_DEBUG_C 5847 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5848 requires_config_enabled PSA_WANT_ALG_ECDH 5849 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 5850 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5851 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 5852 0 \ 5853 -c "HTTP/1.0 200 ok" \ 5854 -c "Protocol is TLSv1.3" \ 5855 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5856 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5857 -c "NamedGroup: secp384r1 ( 18 )" \ 5858 -c "Verifying peer X.509 certificate... ok" \ 5859 -C "received HelloRetryRequest message" 5860 5861 requires_openssl_tls1_3 5862 requires_config_enabled MBEDTLS_SSL_CLI_C 5863 requires_config_enabled MBEDTLS_DEBUG_C 5864 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5865 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5866 requires_config_enabled PSA_WANT_ALG_ECDH 5867 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 5868 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5869 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 5870 0 \ 5871 -c "HTTP/1.0 200 ok" \ 5872 -c "Protocol is TLSv1.3" \ 5873 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5874 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5875 -c "NamedGroup: secp384r1 ( 18 )" \ 5876 -c "Verifying peer X.509 certificate... ok" \ 5877 -C "received HelloRetryRequest message" 5878 5879 requires_openssl_tls1_3 5880 requires_config_enabled MBEDTLS_SSL_CLI_C 5881 requires_config_enabled MBEDTLS_DEBUG_C 5882 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5883 requires_config_enabled PSA_WANT_ALG_ECDH 5884 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 5885 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5886 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 5887 0 \ 5888 -c "HTTP/1.0 200 ok" \ 5889 -c "Protocol is TLSv1.3" \ 5890 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5891 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5892 -c "NamedGroup: secp521r1 ( 19 )" \ 5893 -c "Verifying peer X.509 certificate... ok" \ 5894 -C "received HelloRetryRequest message" 5895 5896 requires_openssl_tls1_3 5897 requires_config_enabled MBEDTLS_SSL_CLI_C 5898 requires_config_enabled MBEDTLS_DEBUG_C 5899 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5900 requires_config_enabled PSA_WANT_ALG_ECDH 5901 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 5902 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5903 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 5904 0 \ 5905 -c "HTTP/1.0 200 ok" \ 5906 -c "Protocol is TLSv1.3" \ 5907 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5908 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5909 -c "NamedGroup: secp521r1 ( 19 )" \ 5910 -c "Verifying peer X.509 certificate... ok" \ 5911 -C "received HelloRetryRequest message" 5912 5913 requires_openssl_tls1_3 5914 requires_config_enabled MBEDTLS_SSL_CLI_C 5915 requires_config_enabled MBEDTLS_DEBUG_C 5916 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5917 requires_config_enabled PSA_WANT_ALG_ECDH 5918 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 5919 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5920 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 5921 0 \ 5922 -c "HTTP/1.0 200 ok" \ 5923 -c "Protocol is TLSv1.3" \ 5924 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5925 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5926 -c "NamedGroup: secp521r1 ( 19 )" \ 5927 -c "Verifying peer X.509 certificate... ok" \ 5928 -C "received HelloRetryRequest message" 5929 5930 requires_openssl_tls1_3 5931 requires_config_enabled MBEDTLS_SSL_CLI_C 5932 requires_config_enabled MBEDTLS_DEBUG_C 5933 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5934 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 5935 requires_config_enabled PSA_WANT_ALG_ECDH 5936 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 5937 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5938 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 5939 0 \ 5940 -c "HTTP/1.0 200 ok" \ 5941 -c "Protocol is TLSv1.3" \ 5942 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5943 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 5944 -c "NamedGroup: secp521r1 ( 19 )" \ 5945 -c "Verifying peer X.509 certificate... ok" \ 5946 -C "received HelloRetryRequest message" 5947 5948 requires_openssl_tls1_3 5949 requires_config_enabled MBEDTLS_SSL_CLI_C 5950 requires_config_enabled MBEDTLS_DEBUG_C 5951 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5952 requires_config_enabled PSA_WANT_ALG_ECDH 5953 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ 5954 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5955 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 5956 0 \ 5957 -c "HTTP/1.0 200 ok" \ 5958 -c "Protocol is TLSv1.3" \ 5959 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5960 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 5961 -c "NamedGroup: x25519 ( 1d )" \ 5962 -c "Verifying peer X.509 certificate... ok" \ 5963 -C "received HelloRetryRequest message" 5964 5965 requires_openssl_tls1_3 5966 requires_config_enabled MBEDTLS_SSL_CLI_C 5967 requires_config_enabled MBEDTLS_DEBUG_C 5968 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5969 requires_config_enabled PSA_WANT_ALG_ECDH 5970 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ 5971 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5972 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 5973 0 \ 5974 -c "HTTP/1.0 200 ok" \ 5975 -c "Protocol is TLSv1.3" \ 5976 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5977 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 5978 -c "NamedGroup: x25519 ( 1d )" \ 5979 -c "Verifying peer X.509 certificate... ok" \ 5980 -C "received HelloRetryRequest message" 5981 5982 requires_openssl_tls1_3 5983 requires_config_enabled MBEDTLS_SSL_CLI_C 5984 requires_config_enabled MBEDTLS_DEBUG_C 5985 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 5986 requires_config_enabled PSA_WANT_ALG_ECDH 5987 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ 5988 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 5989 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 5990 0 \ 5991 -c "HTTP/1.0 200 ok" \ 5992 -c "Protocol is TLSv1.3" \ 5993 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 5994 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 5995 -c "NamedGroup: x25519 ( 1d )" \ 5996 -c "Verifying peer X.509 certificate... ok" \ 5997 -C "received HelloRetryRequest message" 5998 5999 requires_openssl_tls1_3 6000 requires_config_enabled MBEDTLS_SSL_CLI_C 6001 requires_config_enabled MBEDTLS_DEBUG_C 6002 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6003 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6004 requires_config_enabled PSA_WANT_ALG_ECDH 6005 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ 6006 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 6007 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 6008 0 \ 6009 -c "HTTP/1.0 200 ok" \ 6010 -c "Protocol is TLSv1.3" \ 6011 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 6012 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6013 -c "NamedGroup: x25519 ( 1d )" \ 6014 -c "Verifying peer X.509 certificate... ok" \ 6015 -C "received HelloRetryRequest message" 6016 6017 requires_openssl_tls1_3 6018 requires_config_enabled MBEDTLS_SSL_CLI_C 6019 requires_config_enabled MBEDTLS_DEBUG_C 6020 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6021 requires_config_enabled PSA_WANT_ALG_ECDH 6022 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ 6023 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 6024 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 6025 0 \ 6026 -c "HTTP/1.0 200 ok" \ 6027 -c "Protocol is TLSv1.3" \ 6028 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 6029 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6030 -c "NamedGroup: x448 ( 1e )" \ 6031 -c "Verifying peer X.509 certificate... ok" \ 6032 -C "received HelloRetryRequest message" 6033 6034 requires_openssl_tls1_3 6035 requires_config_enabled MBEDTLS_SSL_CLI_C 6036 requires_config_enabled MBEDTLS_DEBUG_C 6037 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6038 requires_config_enabled PSA_WANT_ALG_ECDH 6039 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ 6040 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 6041 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 6042 0 \ 6043 -c "HTTP/1.0 200 ok" \ 6044 -c "Protocol is TLSv1.3" \ 6045 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 6046 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6047 -c "NamedGroup: x448 ( 1e )" \ 6048 -c "Verifying peer X.509 certificate... ok" \ 6049 -C "received HelloRetryRequest message" 6050 6051 requires_openssl_tls1_3 6052 requires_config_enabled MBEDTLS_SSL_CLI_C 6053 requires_config_enabled MBEDTLS_DEBUG_C 6054 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6055 requires_config_enabled PSA_WANT_ALG_ECDH 6056 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ 6057 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 6058 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 6059 0 \ 6060 -c "HTTP/1.0 200 ok" \ 6061 -c "Protocol is TLSv1.3" \ 6062 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 6063 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6064 -c "NamedGroup: x448 ( 1e )" \ 6065 -c "Verifying peer X.509 certificate... ok" \ 6066 -C "received HelloRetryRequest message" 6067 6068 requires_openssl_tls1_3 6069 requires_config_enabled MBEDTLS_SSL_CLI_C 6070 requires_config_enabled MBEDTLS_DEBUG_C 6071 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6072 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6073 requires_config_enabled PSA_WANT_ALG_ECDH 6074 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ 6075 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 6076 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 6077 0 \ 6078 -c "HTTP/1.0 200 ok" \ 6079 -c "Protocol is TLSv1.3" \ 6080 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 6081 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6082 -c "NamedGroup: x448 ( 1e )" \ 6083 -c "Verifying peer X.509 certificate... ok" \ 6084 -C "received HelloRetryRequest message" 6085 6086 requires_openssl_tls1_3_with_ffdh 6087 requires_config_enabled MBEDTLS_SSL_CLI_C 6088 requires_config_enabled MBEDTLS_DEBUG_C 6089 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6090 requires_config_enabled PSA_WANT_ALG_FFDH 6091 requires_config_enabled PSA_WANT_DH_RFC7919_2048 6092 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 6093 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 6094 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 6095 0 \ 6096 -c "HTTP/1.0 200 ok" \ 6097 -c "Protocol is TLSv1.3" \ 6098 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 6099 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6100 -c "NamedGroup: ffdhe2048 ( 100 )" \ 6101 -c "Verifying peer X.509 certificate... ok" \ 6102 -C "received HelloRetryRequest message" 6103 6104 requires_openssl_tls1_3_with_ffdh 6105 requires_config_enabled MBEDTLS_SSL_CLI_C 6106 requires_config_enabled MBEDTLS_DEBUG_C 6107 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6108 requires_config_enabled PSA_WANT_ALG_FFDH 6109 requires_config_enabled PSA_WANT_DH_RFC7919_2048 6110 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 6111 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 6112 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 6113 0 \ 6114 -c "HTTP/1.0 200 ok" \ 6115 -c "Protocol is TLSv1.3" \ 6116 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 6117 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6118 -c "NamedGroup: ffdhe2048 ( 100 )" \ 6119 -c "Verifying peer X.509 certificate... ok" \ 6120 -C "received HelloRetryRequest message" 6121 6122 requires_openssl_tls1_3_with_ffdh 6123 requires_config_enabled MBEDTLS_SSL_CLI_C 6124 requires_config_enabled MBEDTLS_DEBUG_C 6125 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6126 requires_config_enabled PSA_WANT_ALG_FFDH 6127 requires_config_enabled PSA_WANT_DH_RFC7919_2048 6128 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 6129 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 6130 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 6131 0 \ 6132 -c "HTTP/1.0 200 ok" \ 6133 -c "Protocol is TLSv1.3" \ 6134 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 6135 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6136 -c "NamedGroup: ffdhe2048 ( 100 )" \ 6137 -c "Verifying peer X.509 certificate... ok" \ 6138 -C "received HelloRetryRequest message" 6139 6140 requires_openssl_tls1_3_with_ffdh 6141 requires_config_enabled MBEDTLS_SSL_CLI_C 6142 requires_config_enabled MBEDTLS_DEBUG_C 6143 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6144 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6145 requires_config_enabled PSA_WANT_ALG_FFDH 6146 requires_config_enabled PSA_WANT_DH_RFC7919_2048 6147 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 6148 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 6149 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 6150 0 \ 6151 -c "HTTP/1.0 200 ok" \ 6152 -c "Protocol is TLSv1.3" \ 6153 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 6154 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6155 -c "NamedGroup: ffdhe2048 ( 100 )" \ 6156 -c "Verifying peer X.509 certificate... ok" \ 6157 -C "received HelloRetryRequest message" 6158 6159 requires_gnutls_tls1_3 6160 requires_gnutls_next_no_ticket 6161 requires_config_enabled MBEDTLS_SSL_CLI_C 6162 requires_config_enabled MBEDTLS_DEBUG_C 6163 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6164 requires_config_enabled PSA_WANT_ALG_ECDH 6165 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 6166 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 6167 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 6168 0 \ 6169 -c "HTTP/1.0 200 OK" \ 6170 -c "Protocol is TLSv1.3" \ 6171 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6172 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6173 -c "NamedGroup: secp256r1 ( 17 )" \ 6174 -c "Verifying peer X.509 certificate... ok" \ 6175 -C "received HelloRetryRequest message" 6176 6177 requires_gnutls_tls1_3 6178 requires_gnutls_next_no_ticket 6179 requires_config_enabled MBEDTLS_SSL_CLI_C 6180 requires_config_enabled MBEDTLS_DEBUG_C 6181 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6182 requires_config_enabled PSA_WANT_ALG_ECDH 6183 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 6184 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 6185 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 6186 0 \ 6187 -c "HTTP/1.0 200 OK" \ 6188 -c "Protocol is TLSv1.3" \ 6189 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6190 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6191 -c "NamedGroup: secp256r1 ( 17 )" \ 6192 -c "Verifying peer X.509 certificate... ok" \ 6193 -C "received HelloRetryRequest message" 6194 6195 requires_gnutls_tls1_3 6196 requires_gnutls_next_no_ticket 6197 requires_config_enabled MBEDTLS_SSL_CLI_C 6198 requires_config_enabled MBEDTLS_DEBUG_C 6199 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6200 requires_config_enabled PSA_WANT_ALG_ECDH 6201 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 6202 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 6203 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 6204 0 \ 6205 -c "HTTP/1.0 200 OK" \ 6206 -c "Protocol is TLSv1.3" \ 6207 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6208 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6209 -c "NamedGroup: secp256r1 ( 17 )" \ 6210 -c "Verifying peer X.509 certificate... ok" \ 6211 -C "received HelloRetryRequest message" 6212 6213 requires_gnutls_tls1_3 6214 requires_gnutls_next_no_ticket 6215 requires_config_enabled MBEDTLS_SSL_CLI_C 6216 requires_config_enabled MBEDTLS_DEBUG_C 6217 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6218 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6219 requires_config_enabled PSA_WANT_ALG_ECDH 6220 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 6221 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 6222 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 6223 0 \ 6224 -c "HTTP/1.0 200 OK" \ 6225 -c "Protocol is TLSv1.3" \ 6226 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6227 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6228 -c "NamedGroup: secp256r1 ( 17 )" \ 6229 -c "Verifying peer X.509 certificate... ok" \ 6230 -C "received HelloRetryRequest message" 6231 6232 requires_gnutls_tls1_3 6233 requires_gnutls_next_no_ticket 6234 requires_config_enabled MBEDTLS_SSL_CLI_C 6235 requires_config_enabled MBEDTLS_DEBUG_C 6236 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6237 requires_config_enabled PSA_WANT_ALG_ECDH 6238 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 6239 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 6240 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 6241 0 \ 6242 -c "HTTP/1.0 200 OK" \ 6243 -c "Protocol is TLSv1.3" \ 6244 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6245 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6246 -c "NamedGroup: secp384r1 ( 18 )" \ 6247 -c "Verifying peer X.509 certificate... ok" \ 6248 -C "received HelloRetryRequest message" 6249 6250 requires_gnutls_tls1_3 6251 requires_gnutls_next_no_ticket 6252 requires_config_enabled MBEDTLS_SSL_CLI_C 6253 requires_config_enabled MBEDTLS_DEBUG_C 6254 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6255 requires_config_enabled PSA_WANT_ALG_ECDH 6256 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 6257 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 6258 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 6259 0 \ 6260 -c "HTTP/1.0 200 OK" \ 6261 -c "Protocol is TLSv1.3" \ 6262 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6263 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6264 -c "NamedGroup: secp384r1 ( 18 )" \ 6265 -c "Verifying peer X.509 certificate... ok" \ 6266 -C "received HelloRetryRequest message" 6267 6268 requires_gnutls_tls1_3 6269 requires_gnutls_next_no_ticket 6270 requires_config_enabled MBEDTLS_SSL_CLI_C 6271 requires_config_enabled MBEDTLS_DEBUG_C 6272 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6273 requires_config_enabled PSA_WANT_ALG_ECDH 6274 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 6275 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 6276 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 6277 0 \ 6278 -c "HTTP/1.0 200 OK" \ 6279 -c "Protocol is TLSv1.3" \ 6280 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6281 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6282 -c "NamedGroup: secp384r1 ( 18 )" \ 6283 -c "Verifying peer X.509 certificate... ok" \ 6284 -C "received HelloRetryRequest message" 6285 6286 requires_gnutls_tls1_3 6287 requires_gnutls_next_no_ticket 6288 requires_config_enabled MBEDTLS_SSL_CLI_C 6289 requires_config_enabled MBEDTLS_DEBUG_C 6290 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6291 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6292 requires_config_enabled PSA_WANT_ALG_ECDH 6293 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 6294 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 6295 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 6296 0 \ 6297 -c "HTTP/1.0 200 OK" \ 6298 -c "Protocol is TLSv1.3" \ 6299 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6300 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6301 -c "NamedGroup: secp384r1 ( 18 )" \ 6302 -c "Verifying peer X.509 certificate... ok" \ 6303 -C "received HelloRetryRequest message" 6304 6305 requires_gnutls_tls1_3 6306 requires_gnutls_next_no_ticket 6307 requires_config_enabled MBEDTLS_SSL_CLI_C 6308 requires_config_enabled MBEDTLS_DEBUG_C 6309 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6310 requires_config_enabled PSA_WANT_ALG_ECDH 6311 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 6312 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 6313 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 6314 0 \ 6315 -c "HTTP/1.0 200 OK" \ 6316 -c "Protocol is TLSv1.3" \ 6317 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6318 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6319 -c "NamedGroup: secp521r1 ( 19 )" \ 6320 -c "Verifying peer X.509 certificate... ok" \ 6321 -C "received HelloRetryRequest message" 6322 6323 requires_gnutls_tls1_3 6324 requires_gnutls_next_no_ticket 6325 requires_config_enabled MBEDTLS_SSL_CLI_C 6326 requires_config_enabled MBEDTLS_DEBUG_C 6327 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6328 requires_config_enabled PSA_WANT_ALG_ECDH 6329 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 6330 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 6331 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 6332 0 \ 6333 -c "HTTP/1.0 200 OK" \ 6334 -c "Protocol is TLSv1.3" \ 6335 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6336 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6337 -c "NamedGroup: secp521r1 ( 19 )" \ 6338 -c "Verifying peer X.509 certificate... ok" \ 6339 -C "received HelloRetryRequest message" 6340 6341 requires_gnutls_tls1_3 6342 requires_gnutls_next_no_ticket 6343 requires_config_enabled MBEDTLS_SSL_CLI_C 6344 requires_config_enabled MBEDTLS_DEBUG_C 6345 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6346 requires_config_enabled PSA_WANT_ALG_ECDH 6347 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 6348 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 6349 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 6350 0 \ 6351 -c "HTTP/1.0 200 OK" \ 6352 -c "Protocol is TLSv1.3" \ 6353 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6354 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6355 -c "NamedGroup: secp521r1 ( 19 )" \ 6356 -c "Verifying peer X.509 certificate... ok" \ 6357 -C "received HelloRetryRequest message" 6358 6359 requires_gnutls_tls1_3 6360 requires_gnutls_next_no_ticket 6361 requires_config_enabled MBEDTLS_SSL_CLI_C 6362 requires_config_enabled MBEDTLS_DEBUG_C 6363 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6364 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6365 requires_config_enabled PSA_WANT_ALG_ECDH 6366 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 6367 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 6368 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 6369 0 \ 6370 -c "HTTP/1.0 200 OK" \ 6371 -c "Protocol is TLSv1.3" \ 6372 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6373 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6374 -c "NamedGroup: secp521r1 ( 19 )" \ 6375 -c "Verifying peer X.509 certificate... ok" \ 6376 -C "received HelloRetryRequest message" 6377 6378 requires_gnutls_tls1_3 6379 requires_gnutls_next_no_ticket 6380 requires_config_enabled MBEDTLS_SSL_CLI_C 6381 requires_config_enabled MBEDTLS_DEBUG_C 6382 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6383 requires_config_enabled PSA_WANT_ALG_ECDH 6384 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ 6385 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 6386 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 6387 0 \ 6388 -c "HTTP/1.0 200 OK" \ 6389 -c "Protocol is TLSv1.3" \ 6390 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6391 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6392 -c "NamedGroup: x25519 ( 1d )" \ 6393 -c "Verifying peer X.509 certificate... ok" \ 6394 -C "received HelloRetryRequest message" 6395 6396 requires_gnutls_tls1_3 6397 requires_gnutls_next_no_ticket 6398 requires_config_enabled MBEDTLS_SSL_CLI_C 6399 requires_config_enabled MBEDTLS_DEBUG_C 6400 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6401 requires_config_enabled PSA_WANT_ALG_ECDH 6402 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ 6403 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 6404 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 6405 0 \ 6406 -c "HTTP/1.0 200 OK" \ 6407 -c "Protocol is TLSv1.3" \ 6408 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6409 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6410 -c "NamedGroup: x25519 ( 1d )" \ 6411 -c "Verifying peer X.509 certificate... ok" \ 6412 -C "received HelloRetryRequest message" 6413 6414 requires_gnutls_tls1_3 6415 requires_gnutls_next_no_ticket 6416 requires_config_enabled MBEDTLS_SSL_CLI_C 6417 requires_config_enabled MBEDTLS_DEBUG_C 6418 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6419 requires_config_enabled PSA_WANT_ALG_ECDH 6420 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ 6421 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 6422 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 6423 0 \ 6424 -c "HTTP/1.0 200 OK" \ 6425 -c "Protocol is TLSv1.3" \ 6426 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6427 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6428 -c "NamedGroup: x25519 ( 1d )" \ 6429 -c "Verifying peer X.509 certificate... ok" \ 6430 -C "received HelloRetryRequest message" 6431 6432 requires_gnutls_tls1_3 6433 requires_gnutls_next_no_ticket 6434 requires_config_enabled MBEDTLS_SSL_CLI_C 6435 requires_config_enabled MBEDTLS_DEBUG_C 6436 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6437 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6438 requires_config_enabled PSA_WANT_ALG_ECDH 6439 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ 6440 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 6441 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 6442 0 \ 6443 -c "HTTP/1.0 200 OK" \ 6444 -c "Protocol is TLSv1.3" \ 6445 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6446 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6447 -c "NamedGroup: x25519 ( 1d )" \ 6448 -c "Verifying peer X.509 certificate... ok" \ 6449 -C "received HelloRetryRequest message" 6450 6451 requires_gnutls_tls1_3 6452 requires_gnutls_next_no_ticket 6453 requires_config_enabled MBEDTLS_SSL_CLI_C 6454 requires_config_enabled MBEDTLS_DEBUG_C 6455 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6456 requires_config_enabled PSA_WANT_ALG_ECDH 6457 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ 6458 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 6459 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 6460 0 \ 6461 -c "HTTP/1.0 200 OK" \ 6462 -c "Protocol is TLSv1.3" \ 6463 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6464 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6465 -c "NamedGroup: x448 ( 1e )" \ 6466 -c "Verifying peer X.509 certificate... ok" \ 6467 -C "received HelloRetryRequest message" 6468 6469 requires_gnutls_tls1_3 6470 requires_gnutls_next_no_ticket 6471 requires_config_enabled MBEDTLS_SSL_CLI_C 6472 requires_config_enabled MBEDTLS_DEBUG_C 6473 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6474 requires_config_enabled PSA_WANT_ALG_ECDH 6475 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ 6476 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 6477 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 6478 0 \ 6479 -c "HTTP/1.0 200 OK" \ 6480 -c "Protocol is TLSv1.3" \ 6481 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6482 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6483 -c "NamedGroup: x448 ( 1e )" \ 6484 -c "Verifying peer X.509 certificate... ok" \ 6485 -C "received HelloRetryRequest message" 6486 6487 requires_gnutls_tls1_3 6488 requires_gnutls_next_no_ticket 6489 requires_config_enabled MBEDTLS_SSL_CLI_C 6490 requires_config_enabled MBEDTLS_DEBUG_C 6491 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6492 requires_config_enabled PSA_WANT_ALG_ECDH 6493 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ 6494 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 6495 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 6496 0 \ 6497 -c "HTTP/1.0 200 OK" \ 6498 -c "Protocol is TLSv1.3" \ 6499 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6500 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6501 -c "NamedGroup: x448 ( 1e )" \ 6502 -c "Verifying peer X.509 certificate... ok" \ 6503 -C "received HelloRetryRequest message" 6504 6505 requires_gnutls_tls1_3 6506 requires_gnutls_next_no_ticket 6507 requires_config_enabled MBEDTLS_SSL_CLI_C 6508 requires_config_enabled MBEDTLS_DEBUG_C 6509 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6510 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6511 requires_config_enabled PSA_WANT_ALG_ECDH 6512 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ 6513 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 6514 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 6515 0 \ 6516 -c "HTTP/1.0 200 OK" \ 6517 -c "Protocol is TLSv1.3" \ 6518 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6519 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6520 -c "NamedGroup: x448 ( 1e )" \ 6521 -c "Verifying peer X.509 certificate... ok" \ 6522 -C "received HelloRetryRequest message" 6523 6524 requires_gnutls_tls1_3 6525 requires_gnutls_next_no_ticket 6526 requires_config_enabled MBEDTLS_SSL_CLI_C 6527 requires_config_enabled MBEDTLS_DEBUG_C 6528 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6529 requires_config_enabled PSA_WANT_ALG_FFDH 6530 requires_config_enabled PSA_WANT_DH_RFC7919_2048 6531 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 6532 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 6533 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 6534 0 \ 6535 -c "HTTP/1.0 200 OK" \ 6536 -c "Protocol is TLSv1.3" \ 6537 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6538 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6539 -c "NamedGroup: ffdhe2048 ( 100 )" \ 6540 -c "Verifying peer X.509 certificate... ok" \ 6541 -C "received HelloRetryRequest message" 6542 6543 requires_gnutls_tls1_3 6544 requires_gnutls_next_no_ticket 6545 requires_config_enabled MBEDTLS_SSL_CLI_C 6546 requires_config_enabled MBEDTLS_DEBUG_C 6547 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6548 requires_config_enabled PSA_WANT_ALG_FFDH 6549 requires_config_enabled PSA_WANT_DH_RFC7919_2048 6550 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 6551 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 6552 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 6553 0 \ 6554 -c "HTTP/1.0 200 OK" \ 6555 -c "Protocol is TLSv1.3" \ 6556 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6557 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6558 -c "NamedGroup: ffdhe2048 ( 100 )" \ 6559 -c "Verifying peer X.509 certificate... ok" \ 6560 -C "received HelloRetryRequest message" 6561 6562 requires_gnutls_tls1_3 6563 requires_gnutls_next_no_ticket 6564 requires_config_enabled MBEDTLS_SSL_CLI_C 6565 requires_config_enabled MBEDTLS_DEBUG_C 6566 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6567 requires_config_enabled PSA_WANT_ALG_FFDH 6568 requires_config_enabled PSA_WANT_DH_RFC7919_2048 6569 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 6570 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 6571 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 6572 0 \ 6573 -c "HTTP/1.0 200 OK" \ 6574 -c "Protocol is TLSv1.3" \ 6575 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6576 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6577 -c "NamedGroup: ffdhe2048 ( 100 )" \ 6578 -c "Verifying peer X.509 certificate... ok" \ 6579 -C "received HelloRetryRequest message" 6580 6581 requires_gnutls_tls1_3 6582 requires_gnutls_next_no_ticket 6583 requires_config_enabled MBEDTLS_SSL_CLI_C 6584 requires_config_enabled MBEDTLS_DEBUG_C 6585 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6586 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6587 requires_config_enabled PSA_WANT_ALG_FFDH 6588 requires_config_enabled PSA_WANT_DH_RFC7919_2048 6589 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 6590 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 6591 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 6592 0 \ 6593 -c "HTTP/1.0 200 OK" \ 6594 -c "Protocol is TLSv1.3" \ 6595 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 6596 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6597 -c "NamedGroup: ffdhe2048 ( 100 )" \ 6598 -c "Verifying peer X.509 certificate... ok" \ 6599 -C "received HelloRetryRequest message" 6600 6601 requires_gnutls_tls1_3 6602 requires_gnutls_next_no_ticket 6603 requires_config_enabled MBEDTLS_SSL_CLI_C 6604 requires_config_enabled MBEDTLS_DEBUG_C 6605 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6606 requires_config_enabled PSA_WANT_ALG_ECDH 6607 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ 6608 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 6609 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 6610 0 \ 6611 -c "HTTP/1.0 200 OK" \ 6612 -c "Protocol is TLSv1.3" \ 6613 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6614 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6615 -c "NamedGroup: secp256r1 ( 17 )" \ 6616 -c "Verifying peer X.509 certificate... ok" \ 6617 -C "received HelloRetryRequest message" 6618 6619 requires_gnutls_tls1_3 6620 requires_gnutls_next_no_ticket 6621 requires_config_enabled MBEDTLS_SSL_CLI_C 6622 requires_config_enabled MBEDTLS_DEBUG_C 6623 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6624 requires_config_enabled PSA_WANT_ALG_ECDH 6625 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ 6626 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 6627 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 6628 0 \ 6629 -c "HTTP/1.0 200 OK" \ 6630 -c "Protocol is TLSv1.3" \ 6631 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6632 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6633 -c "NamedGroup: secp256r1 ( 17 )" \ 6634 -c "Verifying peer X.509 certificate... ok" \ 6635 -C "received HelloRetryRequest message" 6636 6637 requires_gnutls_tls1_3 6638 requires_gnutls_next_no_ticket 6639 requires_config_enabled MBEDTLS_SSL_CLI_C 6640 requires_config_enabled MBEDTLS_DEBUG_C 6641 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6642 requires_config_enabled PSA_WANT_ALG_ECDH 6643 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ 6644 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 6645 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 6646 0 \ 6647 -c "HTTP/1.0 200 OK" \ 6648 -c "Protocol is TLSv1.3" \ 6649 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6650 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6651 -c "NamedGroup: secp256r1 ( 17 )" \ 6652 -c "Verifying peer X.509 certificate... ok" \ 6653 -C "received HelloRetryRequest message" 6654 6655 requires_gnutls_tls1_3 6656 requires_gnutls_next_no_ticket 6657 requires_config_enabled MBEDTLS_SSL_CLI_C 6658 requires_config_enabled MBEDTLS_DEBUG_C 6659 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6660 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6661 requires_config_enabled PSA_WANT_ALG_ECDH 6662 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ 6663 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 6664 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 6665 0 \ 6666 -c "HTTP/1.0 200 OK" \ 6667 -c "Protocol is TLSv1.3" \ 6668 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6669 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6670 -c "NamedGroup: secp256r1 ( 17 )" \ 6671 -c "Verifying peer X.509 certificate... ok" \ 6672 -C "received HelloRetryRequest message" 6673 6674 requires_gnutls_tls1_3 6675 requires_gnutls_next_no_ticket 6676 requires_config_enabled MBEDTLS_SSL_CLI_C 6677 requires_config_enabled MBEDTLS_DEBUG_C 6678 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6679 requires_config_enabled PSA_WANT_ALG_ECDH 6680 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ 6681 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 6682 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 6683 0 \ 6684 -c "HTTP/1.0 200 OK" \ 6685 -c "Protocol is TLSv1.3" \ 6686 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6687 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6688 -c "NamedGroup: secp384r1 ( 18 )" \ 6689 -c "Verifying peer X.509 certificate... ok" \ 6690 -C "received HelloRetryRequest message" 6691 6692 requires_gnutls_tls1_3 6693 requires_gnutls_next_no_ticket 6694 requires_config_enabled MBEDTLS_SSL_CLI_C 6695 requires_config_enabled MBEDTLS_DEBUG_C 6696 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6697 requires_config_enabled PSA_WANT_ALG_ECDH 6698 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ 6699 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 6700 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 6701 0 \ 6702 -c "HTTP/1.0 200 OK" \ 6703 -c "Protocol is TLSv1.3" \ 6704 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6705 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6706 -c "NamedGroup: secp384r1 ( 18 )" \ 6707 -c "Verifying peer X.509 certificate... ok" \ 6708 -C "received HelloRetryRequest message" 6709 6710 requires_gnutls_tls1_3 6711 requires_gnutls_next_no_ticket 6712 requires_config_enabled MBEDTLS_SSL_CLI_C 6713 requires_config_enabled MBEDTLS_DEBUG_C 6714 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6715 requires_config_enabled PSA_WANT_ALG_ECDH 6716 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ 6717 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 6718 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 6719 0 \ 6720 -c "HTTP/1.0 200 OK" \ 6721 -c "Protocol is TLSv1.3" \ 6722 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6723 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6724 -c "NamedGroup: secp384r1 ( 18 )" \ 6725 -c "Verifying peer X.509 certificate... ok" \ 6726 -C "received HelloRetryRequest message" 6727 6728 requires_gnutls_tls1_3 6729 requires_gnutls_next_no_ticket 6730 requires_config_enabled MBEDTLS_SSL_CLI_C 6731 requires_config_enabled MBEDTLS_DEBUG_C 6732 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6733 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6734 requires_config_enabled PSA_WANT_ALG_ECDH 6735 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ 6736 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 6737 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 6738 0 \ 6739 -c "HTTP/1.0 200 OK" \ 6740 -c "Protocol is TLSv1.3" \ 6741 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6742 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6743 -c "NamedGroup: secp384r1 ( 18 )" \ 6744 -c "Verifying peer X.509 certificate... ok" \ 6745 -C "received HelloRetryRequest message" 6746 6747 requires_gnutls_tls1_3 6748 requires_gnutls_next_no_ticket 6749 requires_config_enabled MBEDTLS_SSL_CLI_C 6750 requires_config_enabled MBEDTLS_DEBUG_C 6751 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6752 requires_config_enabled PSA_WANT_ALG_ECDH 6753 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ 6754 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 6755 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 6756 0 \ 6757 -c "HTTP/1.0 200 OK" \ 6758 -c "Protocol is TLSv1.3" \ 6759 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6760 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6761 -c "NamedGroup: secp521r1 ( 19 )" \ 6762 -c "Verifying peer X.509 certificate... ok" \ 6763 -C "received HelloRetryRequest message" 6764 6765 requires_gnutls_tls1_3 6766 requires_gnutls_next_no_ticket 6767 requires_config_enabled MBEDTLS_SSL_CLI_C 6768 requires_config_enabled MBEDTLS_DEBUG_C 6769 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6770 requires_config_enabled PSA_WANT_ALG_ECDH 6771 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ 6772 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 6773 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 6774 0 \ 6775 -c "HTTP/1.0 200 OK" \ 6776 -c "Protocol is TLSv1.3" \ 6777 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6778 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6779 -c "NamedGroup: secp521r1 ( 19 )" \ 6780 -c "Verifying peer X.509 certificate... ok" \ 6781 -C "received HelloRetryRequest message" 6782 6783 requires_gnutls_tls1_3 6784 requires_gnutls_next_no_ticket 6785 requires_config_enabled MBEDTLS_SSL_CLI_C 6786 requires_config_enabled MBEDTLS_DEBUG_C 6787 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6788 requires_config_enabled PSA_WANT_ALG_ECDH 6789 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ 6790 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 6791 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 6792 0 \ 6793 -c "HTTP/1.0 200 OK" \ 6794 -c "Protocol is TLSv1.3" \ 6795 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6796 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6797 -c "NamedGroup: secp521r1 ( 19 )" \ 6798 -c "Verifying peer X.509 certificate... ok" \ 6799 -C "received HelloRetryRequest message" 6800 6801 requires_gnutls_tls1_3 6802 requires_gnutls_next_no_ticket 6803 requires_config_enabled MBEDTLS_SSL_CLI_C 6804 requires_config_enabled MBEDTLS_DEBUG_C 6805 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6806 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6807 requires_config_enabled PSA_WANT_ALG_ECDH 6808 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ 6809 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 6810 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 6811 0 \ 6812 -c "HTTP/1.0 200 OK" \ 6813 -c "Protocol is TLSv1.3" \ 6814 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6815 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6816 -c "NamedGroup: secp521r1 ( 19 )" \ 6817 -c "Verifying peer X.509 certificate... ok" \ 6818 -C "received HelloRetryRequest message" 6819 6820 requires_gnutls_tls1_3 6821 requires_gnutls_next_no_ticket 6822 requires_config_enabled MBEDTLS_SSL_CLI_C 6823 requires_config_enabled MBEDTLS_DEBUG_C 6824 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6825 requires_config_enabled PSA_WANT_ALG_ECDH 6826 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ 6827 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 6828 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 6829 0 \ 6830 -c "HTTP/1.0 200 OK" \ 6831 -c "Protocol is TLSv1.3" \ 6832 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6833 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6834 -c "NamedGroup: x25519 ( 1d )" \ 6835 -c "Verifying peer X.509 certificate... ok" \ 6836 -C "received HelloRetryRequest message" 6837 6838 requires_gnutls_tls1_3 6839 requires_gnutls_next_no_ticket 6840 requires_config_enabled MBEDTLS_SSL_CLI_C 6841 requires_config_enabled MBEDTLS_DEBUG_C 6842 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6843 requires_config_enabled PSA_WANT_ALG_ECDH 6844 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ 6845 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 6846 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 6847 0 \ 6848 -c "HTTP/1.0 200 OK" \ 6849 -c "Protocol is TLSv1.3" \ 6850 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6851 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6852 -c "NamedGroup: x25519 ( 1d )" \ 6853 -c "Verifying peer X.509 certificate... ok" \ 6854 -C "received HelloRetryRequest message" 6855 6856 requires_gnutls_tls1_3 6857 requires_gnutls_next_no_ticket 6858 requires_config_enabled MBEDTLS_SSL_CLI_C 6859 requires_config_enabled MBEDTLS_DEBUG_C 6860 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6861 requires_config_enabled PSA_WANT_ALG_ECDH 6862 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ 6863 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 6864 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 6865 0 \ 6866 -c "HTTP/1.0 200 OK" \ 6867 -c "Protocol is TLSv1.3" \ 6868 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6869 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6870 -c "NamedGroup: x25519 ( 1d )" \ 6871 -c "Verifying peer X.509 certificate... ok" \ 6872 -C "received HelloRetryRequest message" 6873 6874 requires_gnutls_tls1_3 6875 requires_gnutls_next_no_ticket 6876 requires_config_enabled MBEDTLS_SSL_CLI_C 6877 requires_config_enabled MBEDTLS_DEBUG_C 6878 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6879 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6880 requires_config_enabled PSA_WANT_ALG_ECDH 6881 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ 6882 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 6883 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 6884 0 \ 6885 -c "HTTP/1.0 200 OK" \ 6886 -c "Protocol is TLSv1.3" \ 6887 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6888 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6889 -c "NamedGroup: x25519 ( 1d )" \ 6890 -c "Verifying peer X.509 certificate... ok" \ 6891 -C "received HelloRetryRequest message" 6892 6893 requires_gnutls_tls1_3 6894 requires_gnutls_next_no_ticket 6895 requires_config_enabled MBEDTLS_SSL_CLI_C 6896 requires_config_enabled MBEDTLS_DEBUG_C 6897 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6898 requires_config_enabled PSA_WANT_ALG_ECDH 6899 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ 6900 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 6901 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 6902 0 \ 6903 -c "HTTP/1.0 200 OK" \ 6904 -c "Protocol is TLSv1.3" \ 6905 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6906 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6907 -c "NamedGroup: x448 ( 1e )" \ 6908 -c "Verifying peer X.509 certificate... ok" \ 6909 -C "received HelloRetryRequest message" 6910 6911 requires_gnutls_tls1_3 6912 requires_gnutls_next_no_ticket 6913 requires_config_enabled MBEDTLS_SSL_CLI_C 6914 requires_config_enabled MBEDTLS_DEBUG_C 6915 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6916 requires_config_enabled PSA_WANT_ALG_ECDH 6917 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ 6918 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 6919 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 6920 0 \ 6921 -c "HTTP/1.0 200 OK" \ 6922 -c "Protocol is TLSv1.3" \ 6923 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6924 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 6925 -c "NamedGroup: x448 ( 1e )" \ 6926 -c "Verifying peer X.509 certificate... ok" \ 6927 -C "received HelloRetryRequest message" 6928 6929 requires_gnutls_tls1_3 6930 requires_gnutls_next_no_ticket 6931 requires_config_enabled MBEDTLS_SSL_CLI_C 6932 requires_config_enabled MBEDTLS_DEBUG_C 6933 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6934 requires_config_enabled PSA_WANT_ALG_ECDH 6935 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ 6936 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 6937 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 6938 0 \ 6939 -c "HTTP/1.0 200 OK" \ 6940 -c "Protocol is TLSv1.3" \ 6941 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6942 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 6943 -c "NamedGroup: x448 ( 1e )" \ 6944 -c "Verifying peer X.509 certificate... ok" \ 6945 -C "received HelloRetryRequest message" 6946 6947 requires_gnutls_tls1_3 6948 requires_gnutls_next_no_ticket 6949 requires_config_enabled MBEDTLS_SSL_CLI_C 6950 requires_config_enabled MBEDTLS_DEBUG_C 6951 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6952 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 6953 requires_config_enabled PSA_WANT_ALG_ECDH 6954 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ 6955 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 6956 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 6957 0 \ 6958 -c "HTTP/1.0 200 OK" \ 6959 -c "Protocol is TLSv1.3" \ 6960 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6961 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 6962 -c "NamedGroup: x448 ( 1e )" \ 6963 -c "Verifying peer X.509 certificate... ok" \ 6964 -C "received HelloRetryRequest message" 6965 6966 requires_gnutls_tls1_3 6967 requires_gnutls_next_no_ticket 6968 requires_config_enabled MBEDTLS_SSL_CLI_C 6969 requires_config_enabled MBEDTLS_DEBUG_C 6970 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6971 requires_config_enabled PSA_WANT_ALG_FFDH 6972 requires_config_enabled PSA_WANT_DH_RFC7919_2048 6973 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \ 6974 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 6975 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 6976 0 \ 6977 -c "HTTP/1.0 200 OK" \ 6978 -c "Protocol is TLSv1.3" \ 6979 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6980 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 6981 -c "NamedGroup: ffdhe2048 ( 100 )" \ 6982 -c "Verifying peer X.509 certificate... ok" \ 6983 -C "received HelloRetryRequest message" 6984 6985 requires_gnutls_tls1_3 6986 requires_gnutls_next_no_ticket 6987 requires_config_enabled MBEDTLS_SSL_CLI_C 6988 requires_config_enabled MBEDTLS_DEBUG_C 6989 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6990 requires_config_enabled PSA_WANT_ALG_FFDH 6991 requires_config_enabled PSA_WANT_DH_RFC7919_2048 6992 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \ 6993 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 6994 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 6995 0 \ 6996 -c "HTTP/1.0 200 OK" \ 6997 -c "Protocol is TLSv1.3" \ 6998 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 6999 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7000 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7001 -c "Verifying peer X.509 certificate... ok" \ 7002 -C "received HelloRetryRequest message" 7003 7004 requires_gnutls_tls1_3 7005 requires_gnutls_next_no_ticket 7006 requires_config_enabled MBEDTLS_SSL_CLI_C 7007 requires_config_enabled MBEDTLS_DEBUG_C 7008 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7009 requires_config_enabled PSA_WANT_ALG_FFDH 7010 requires_config_enabled PSA_WANT_DH_RFC7919_2048 7011 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \ 7012 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 7013 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 7014 0 \ 7015 -c "HTTP/1.0 200 OK" \ 7016 -c "Protocol is TLSv1.3" \ 7017 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 7018 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7019 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7020 -c "Verifying peer X.509 certificate... ok" \ 7021 -C "received HelloRetryRequest message" 7022 7023 requires_gnutls_tls1_3 7024 requires_gnutls_next_no_ticket 7025 requires_config_enabled MBEDTLS_SSL_CLI_C 7026 requires_config_enabled MBEDTLS_DEBUG_C 7027 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7028 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7029 requires_config_enabled PSA_WANT_ALG_FFDH 7030 requires_config_enabled PSA_WANT_DH_RFC7919_2048 7031 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ 7032 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 7033 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 7034 0 \ 7035 -c "HTTP/1.0 200 OK" \ 7036 -c "Protocol is TLSv1.3" \ 7037 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 7038 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7039 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7040 -c "Verifying peer X.509 certificate... ok" \ 7041 -C "received HelloRetryRequest message" 7042 7043 requires_gnutls_tls1_3 7044 requires_gnutls_next_no_ticket 7045 requires_config_enabled MBEDTLS_SSL_CLI_C 7046 requires_config_enabled MBEDTLS_DEBUG_C 7047 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7048 requires_config_enabled PSA_WANT_ALG_ECDH 7049 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 7050 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7051 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 7052 0 \ 7053 -c "HTTP/1.0 200 OK" \ 7054 -c "Protocol is TLSv1.3" \ 7055 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7056 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7057 -c "NamedGroup: secp256r1 ( 17 )" \ 7058 -c "Verifying peer X.509 certificate... ok" \ 7059 -C "received HelloRetryRequest message" 7060 7061 requires_gnutls_tls1_3 7062 requires_gnutls_next_no_ticket 7063 requires_config_enabled MBEDTLS_SSL_CLI_C 7064 requires_config_enabled MBEDTLS_DEBUG_C 7065 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7066 requires_config_enabled PSA_WANT_ALG_ECDH 7067 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 7068 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7069 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 7070 0 \ 7071 -c "HTTP/1.0 200 OK" \ 7072 -c "Protocol is TLSv1.3" \ 7073 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7074 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7075 -c "NamedGroup: secp256r1 ( 17 )" \ 7076 -c "Verifying peer X.509 certificate... ok" \ 7077 -C "received HelloRetryRequest message" 7078 7079 requires_gnutls_tls1_3 7080 requires_gnutls_next_no_ticket 7081 requires_config_enabled MBEDTLS_SSL_CLI_C 7082 requires_config_enabled MBEDTLS_DEBUG_C 7083 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7084 requires_config_enabled PSA_WANT_ALG_ECDH 7085 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 7086 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7087 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 7088 0 \ 7089 -c "HTTP/1.0 200 OK" \ 7090 -c "Protocol is TLSv1.3" \ 7091 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7092 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7093 -c "NamedGroup: secp256r1 ( 17 )" \ 7094 -c "Verifying peer X.509 certificate... ok" \ 7095 -C "received HelloRetryRequest message" 7096 7097 requires_gnutls_tls1_3 7098 requires_gnutls_next_no_ticket 7099 requires_config_enabled MBEDTLS_SSL_CLI_C 7100 requires_config_enabled MBEDTLS_DEBUG_C 7101 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7102 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7103 requires_config_enabled PSA_WANT_ALG_ECDH 7104 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 7105 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7106 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 7107 0 \ 7108 -c "HTTP/1.0 200 OK" \ 7109 -c "Protocol is TLSv1.3" \ 7110 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7111 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7112 -c "NamedGroup: secp256r1 ( 17 )" \ 7113 -c "Verifying peer X.509 certificate... ok" \ 7114 -C "received HelloRetryRequest message" 7115 7116 requires_gnutls_tls1_3 7117 requires_gnutls_next_no_ticket 7118 requires_config_enabled MBEDTLS_SSL_CLI_C 7119 requires_config_enabled MBEDTLS_DEBUG_C 7120 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7121 requires_config_enabled PSA_WANT_ALG_ECDH 7122 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 7123 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 7124 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 7125 0 \ 7126 -c "HTTP/1.0 200 OK" \ 7127 -c "Protocol is TLSv1.3" \ 7128 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7129 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7130 -c "NamedGroup: secp384r1 ( 18 )" \ 7131 -c "Verifying peer X.509 certificate... ok" \ 7132 -C "received HelloRetryRequest message" 7133 7134 requires_gnutls_tls1_3 7135 requires_gnutls_next_no_ticket 7136 requires_config_enabled MBEDTLS_SSL_CLI_C 7137 requires_config_enabled MBEDTLS_DEBUG_C 7138 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7139 requires_config_enabled PSA_WANT_ALG_ECDH 7140 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 7141 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 7142 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 7143 0 \ 7144 -c "HTTP/1.0 200 OK" \ 7145 -c "Protocol is TLSv1.3" \ 7146 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7147 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7148 -c "NamedGroup: secp384r1 ( 18 )" \ 7149 -c "Verifying peer X.509 certificate... ok" \ 7150 -C "received HelloRetryRequest message" 7151 7152 requires_gnutls_tls1_3 7153 requires_gnutls_next_no_ticket 7154 requires_config_enabled MBEDTLS_SSL_CLI_C 7155 requires_config_enabled MBEDTLS_DEBUG_C 7156 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7157 requires_config_enabled PSA_WANT_ALG_ECDH 7158 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 7159 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 7160 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 7161 0 \ 7162 -c "HTTP/1.0 200 OK" \ 7163 -c "Protocol is TLSv1.3" \ 7164 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7165 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7166 -c "NamedGroup: secp384r1 ( 18 )" \ 7167 -c "Verifying peer X.509 certificate... ok" \ 7168 -C "received HelloRetryRequest message" 7169 7170 requires_gnutls_tls1_3 7171 requires_gnutls_next_no_ticket 7172 requires_config_enabled MBEDTLS_SSL_CLI_C 7173 requires_config_enabled MBEDTLS_DEBUG_C 7174 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7175 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7176 requires_config_enabled PSA_WANT_ALG_ECDH 7177 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 7178 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 7179 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 7180 0 \ 7181 -c "HTTP/1.0 200 OK" \ 7182 -c "Protocol is TLSv1.3" \ 7183 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7184 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7185 -c "NamedGroup: secp384r1 ( 18 )" \ 7186 -c "Verifying peer X.509 certificate... ok" \ 7187 -C "received HelloRetryRequest message" 7188 7189 requires_gnutls_tls1_3 7190 requires_gnutls_next_no_ticket 7191 requires_config_enabled MBEDTLS_SSL_CLI_C 7192 requires_config_enabled MBEDTLS_DEBUG_C 7193 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7194 requires_config_enabled PSA_WANT_ALG_ECDH 7195 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 7196 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 7197 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 7198 0 \ 7199 -c "HTTP/1.0 200 OK" \ 7200 -c "Protocol is TLSv1.3" \ 7201 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7202 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7203 -c "NamedGroup: secp521r1 ( 19 )" \ 7204 -c "Verifying peer X.509 certificate... ok" \ 7205 -C "received HelloRetryRequest message" 7206 7207 requires_gnutls_tls1_3 7208 requires_gnutls_next_no_ticket 7209 requires_config_enabled MBEDTLS_SSL_CLI_C 7210 requires_config_enabled MBEDTLS_DEBUG_C 7211 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7212 requires_config_enabled PSA_WANT_ALG_ECDH 7213 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 7214 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 7215 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 7216 0 \ 7217 -c "HTTP/1.0 200 OK" \ 7218 -c "Protocol is TLSv1.3" \ 7219 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7220 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7221 -c "NamedGroup: secp521r1 ( 19 )" \ 7222 -c "Verifying peer X.509 certificate... ok" \ 7223 -C "received HelloRetryRequest message" 7224 7225 requires_gnutls_tls1_3 7226 requires_gnutls_next_no_ticket 7227 requires_config_enabled MBEDTLS_SSL_CLI_C 7228 requires_config_enabled MBEDTLS_DEBUG_C 7229 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7230 requires_config_enabled PSA_WANT_ALG_ECDH 7231 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 7232 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 7233 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 7234 0 \ 7235 -c "HTTP/1.0 200 OK" \ 7236 -c "Protocol is TLSv1.3" \ 7237 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7238 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7239 -c "NamedGroup: secp521r1 ( 19 )" \ 7240 -c "Verifying peer X.509 certificate... ok" \ 7241 -C "received HelloRetryRequest message" 7242 7243 requires_gnutls_tls1_3 7244 requires_gnutls_next_no_ticket 7245 requires_config_enabled MBEDTLS_SSL_CLI_C 7246 requires_config_enabled MBEDTLS_DEBUG_C 7247 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7248 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7249 requires_config_enabled PSA_WANT_ALG_ECDH 7250 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 7251 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 7252 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 7253 0 \ 7254 -c "HTTP/1.0 200 OK" \ 7255 -c "Protocol is TLSv1.3" \ 7256 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7257 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7258 -c "NamedGroup: secp521r1 ( 19 )" \ 7259 -c "Verifying peer X.509 certificate... ok" \ 7260 -C "received HelloRetryRequest message" 7261 7262 requires_gnutls_tls1_3 7263 requires_gnutls_next_no_ticket 7264 requires_config_enabled MBEDTLS_SSL_CLI_C 7265 requires_config_enabled MBEDTLS_DEBUG_C 7266 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7267 requires_config_enabled PSA_WANT_ALG_ECDH 7268 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ 7269 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 7270 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 7271 0 \ 7272 -c "HTTP/1.0 200 OK" \ 7273 -c "Protocol is TLSv1.3" \ 7274 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7275 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7276 -c "NamedGroup: x25519 ( 1d )" \ 7277 -c "Verifying peer X.509 certificate... ok" \ 7278 -C "received HelloRetryRequest message" 7279 7280 requires_gnutls_tls1_3 7281 requires_gnutls_next_no_ticket 7282 requires_config_enabled MBEDTLS_SSL_CLI_C 7283 requires_config_enabled MBEDTLS_DEBUG_C 7284 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7285 requires_config_enabled PSA_WANT_ALG_ECDH 7286 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ 7287 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 7288 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 7289 0 \ 7290 -c "HTTP/1.0 200 OK" \ 7291 -c "Protocol is TLSv1.3" \ 7292 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7293 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7294 -c "NamedGroup: x25519 ( 1d )" \ 7295 -c "Verifying peer X.509 certificate... ok" \ 7296 -C "received HelloRetryRequest message" 7297 7298 requires_gnutls_tls1_3 7299 requires_gnutls_next_no_ticket 7300 requires_config_enabled MBEDTLS_SSL_CLI_C 7301 requires_config_enabled MBEDTLS_DEBUG_C 7302 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7303 requires_config_enabled PSA_WANT_ALG_ECDH 7304 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ 7305 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 7306 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 7307 0 \ 7308 -c "HTTP/1.0 200 OK" \ 7309 -c "Protocol is TLSv1.3" \ 7310 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7311 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7312 -c "NamedGroup: x25519 ( 1d )" \ 7313 -c "Verifying peer X.509 certificate... ok" \ 7314 -C "received HelloRetryRequest message" 7315 7316 requires_gnutls_tls1_3 7317 requires_gnutls_next_no_ticket 7318 requires_config_enabled MBEDTLS_SSL_CLI_C 7319 requires_config_enabled MBEDTLS_DEBUG_C 7320 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7321 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7322 requires_config_enabled PSA_WANT_ALG_ECDH 7323 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ 7324 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 7325 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 7326 0 \ 7327 -c "HTTP/1.0 200 OK" \ 7328 -c "Protocol is TLSv1.3" \ 7329 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7330 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7331 -c "NamedGroup: x25519 ( 1d )" \ 7332 -c "Verifying peer X.509 certificate... ok" \ 7333 -C "received HelloRetryRequest message" 7334 7335 requires_gnutls_tls1_3 7336 requires_gnutls_next_no_ticket 7337 requires_config_enabled MBEDTLS_SSL_CLI_C 7338 requires_config_enabled MBEDTLS_DEBUG_C 7339 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7340 requires_config_enabled PSA_WANT_ALG_ECDH 7341 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ 7342 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 7343 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 7344 0 \ 7345 -c "HTTP/1.0 200 OK" \ 7346 -c "Protocol is TLSv1.3" \ 7347 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7348 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7349 -c "NamedGroup: x448 ( 1e )" \ 7350 -c "Verifying peer X.509 certificate... ok" \ 7351 -C "received HelloRetryRequest message" 7352 7353 requires_gnutls_tls1_3 7354 requires_gnutls_next_no_ticket 7355 requires_config_enabled MBEDTLS_SSL_CLI_C 7356 requires_config_enabled MBEDTLS_DEBUG_C 7357 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7358 requires_config_enabled PSA_WANT_ALG_ECDH 7359 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ 7360 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 7361 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 7362 0 \ 7363 -c "HTTP/1.0 200 OK" \ 7364 -c "Protocol is TLSv1.3" \ 7365 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7366 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7367 -c "NamedGroup: x448 ( 1e )" \ 7368 -c "Verifying peer X.509 certificate... ok" \ 7369 -C "received HelloRetryRequest message" 7370 7371 requires_gnutls_tls1_3 7372 requires_gnutls_next_no_ticket 7373 requires_config_enabled MBEDTLS_SSL_CLI_C 7374 requires_config_enabled MBEDTLS_DEBUG_C 7375 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7376 requires_config_enabled PSA_WANT_ALG_ECDH 7377 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ 7378 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 7379 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 7380 0 \ 7381 -c "HTTP/1.0 200 OK" \ 7382 -c "Protocol is TLSv1.3" \ 7383 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7384 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7385 -c "NamedGroup: x448 ( 1e )" \ 7386 -c "Verifying peer X.509 certificate... ok" \ 7387 -C "received HelloRetryRequest message" 7388 7389 requires_gnutls_tls1_3 7390 requires_gnutls_next_no_ticket 7391 requires_config_enabled MBEDTLS_SSL_CLI_C 7392 requires_config_enabled MBEDTLS_DEBUG_C 7393 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7394 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7395 requires_config_enabled PSA_WANT_ALG_ECDH 7396 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ 7397 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 7398 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 7399 0 \ 7400 -c "HTTP/1.0 200 OK" \ 7401 -c "Protocol is TLSv1.3" \ 7402 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7403 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7404 -c "NamedGroup: x448 ( 1e )" \ 7405 -c "Verifying peer X.509 certificate... ok" \ 7406 -C "received HelloRetryRequest message" 7407 7408 requires_gnutls_tls1_3 7409 requires_gnutls_next_no_ticket 7410 requires_config_enabled MBEDTLS_SSL_CLI_C 7411 requires_config_enabled MBEDTLS_DEBUG_C 7412 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7413 requires_config_enabled PSA_WANT_ALG_FFDH 7414 requires_config_enabled PSA_WANT_DH_RFC7919_2048 7415 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 7416 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 7417 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 7418 0 \ 7419 -c "HTTP/1.0 200 OK" \ 7420 -c "Protocol is TLSv1.3" \ 7421 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7422 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7423 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7424 -c "Verifying peer X.509 certificate... ok" \ 7425 -C "received HelloRetryRequest message" 7426 7427 requires_gnutls_tls1_3 7428 requires_gnutls_next_no_ticket 7429 requires_config_enabled MBEDTLS_SSL_CLI_C 7430 requires_config_enabled MBEDTLS_DEBUG_C 7431 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7432 requires_config_enabled PSA_WANT_ALG_FFDH 7433 requires_config_enabled PSA_WANT_DH_RFC7919_2048 7434 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 7435 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 7436 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 7437 0 \ 7438 -c "HTTP/1.0 200 OK" \ 7439 -c "Protocol is TLSv1.3" \ 7440 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7441 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7442 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7443 -c "Verifying peer X.509 certificate... ok" \ 7444 -C "received HelloRetryRequest message" 7445 7446 requires_gnutls_tls1_3 7447 requires_gnutls_next_no_ticket 7448 requires_config_enabled MBEDTLS_SSL_CLI_C 7449 requires_config_enabled MBEDTLS_DEBUG_C 7450 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7451 requires_config_enabled PSA_WANT_ALG_FFDH 7452 requires_config_enabled PSA_WANT_DH_RFC7919_2048 7453 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 7454 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 7455 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 7456 0 \ 7457 -c "HTTP/1.0 200 OK" \ 7458 -c "Protocol is TLSv1.3" \ 7459 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7460 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7461 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7462 -c "Verifying peer X.509 certificate... ok" \ 7463 -C "received HelloRetryRequest message" 7464 7465 requires_gnutls_tls1_3 7466 requires_gnutls_next_no_ticket 7467 requires_config_enabled MBEDTLS_SSL_CLI_C 7468 requires_config_enabled MBEDTLS_DEBUG_C 7469 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7470 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7471 requires_config_enabled PSA_WANT_ALG_FFDH 7472 requires_config_enabled PSA_WANT_DH_RFC7919_2048 7473 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 7474 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 7475 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 7476 0 \ 7477 -c "HTTP/1.0 200 OK" \ 7478 -c "Protocol is TLSv1.3" \ 7479 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 7480 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7481 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7482 -c "Verifying peer X.509 certificate... ok" \ 7483 -C "received HelloRetryRequest message" 7484 7485 requires_gnutls_tls1_3 7486 requires_gnutls_next_no_ticket 7487 requires_config_enabled MBEDTLS_SSL_CLI_C 7488 requires_config_enabled MBEDTLS_DEBUG_C 7489 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7490 requires_config_enabled PSA_WANT_ALG_ECDH 7491 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 7492 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7493 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 7494 0 \ 7495 -c "HTTP/1.0 200 OK" \ 7496 -c "Protocol is TLSv1.3" \ 7497 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7498 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7499 -c "NamedGroup: secp256r1 ( 17 )" \ 7500 -c "Verifying peer X.509 certificate... ok" \ 7501 -C "received HelloRetryRequest message" 7502 7503 requires_gnutls_tls1_3 7504 requires_gnutls_next_no_ticket 7505 requires_config_enabled MBEDTLS_SSL_CLI_C 7506 requires_config_enabled MBEDTLS_DEBUG_C 7507 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7508 requires_config_enabled PSA_WANT_ALG_ECDH 7509 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 7510 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7511 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 7512 0 \ 7513 -c "HTTP/1.0 200 OK" \ 7514 -c "Protocol is TLSv1.3" \ 7515 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7516 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7517 -c "NamedGroup: secp256r1 ( 17 )" \ 7518 -c "Verifying peer X.509 certificate... ok" \ 7519 -C "received HelloRetryRequest message" 7520 7521 requires_gnutls_tls1_3 7522 requires_gnutls_next_no_ticket 7523 requires_config_enabled MBEDTLS_SSL_CLI_C 7524 requires_config_enabled MBEDTLS_DEBUG_C 7525 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7526 requires_config_enabled PSA_WANT_ALG_ECDH 7527 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 7528 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7529 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 7530 0 \ 7531 -c "HTTP/1.0 200 OK" \ 7532 -c "Protocol is TLSv1.3" \ 7533 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7534 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7535 -c "NamedGroup: secp256r1 ( 17 )" \ 7536 -c "Verifying peer X.509 certificate... ok" \ 7537 -C "received HelloRetryRequest message" 7538 7539 requires_gnutls_tls1_3 7540 requires_gnutls_next_no_ticket 7541 requires_config_enabled MBEDTLS_SSL_CLI_C 7542 requires_config_enabled MBEDTLS_DEBUG_C 7543 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7544 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7545 requires_config_enabled PSA_WANT_ALG_ECDH 7546 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 7547 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7548 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 7549 0 \ 7550 -c "HTTP/1.0 200 OK" \ 7551 -c "Protocol is TLSv1.3" \ 7552 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7553 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7554 -c "NamedGroup: secp256r1 ( 17 )" \ 7555 -c "Verifying peer X.509 certificate... ok" \ 7556 -C "received HelloRetryRequest message" 7557 7558 requires_gnutls_tls1_3 7559 requires_gnutls_next_no_ticket 7560 requires_config_enabled MBEDTLS_SSL_CLI_C 7561 requires_config_enabled MBEDTLS_DEBUG_C 7562 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7563 requires_config_enabled PSA_WANT_ALG_ECDH 7564 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 7565 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 7566 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 7567 0 \ 7568 -c "HTTP/1.0 200 OK" \ 7569 -c "Protocol is TLSv1.3" \ 7570 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7571 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7572 -c "NamedGroup: secp384r1 ( 18 )" \ 7573 -c "Verifying peer X.509 certificate... ok" \ 7574 -C "received HelloRetryRequest message" 7575 7576 requires_gnutls_tls1_3 7577 requires_gnutls_next_no_ticket 7578 requires_config_enabled MBEDTLS_SSL_CLI_C 7579 requires_config_enabled MBEDTLS_DEBUG_C 7580 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7581 requires_config_enabled PSA_WANT_ALG_ECDH 7582 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 7583 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 7584 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 7585 0 \ 7586 -c "HTTP/1.0 200 OK" \ 7587 -c "Protocol is TLSv1.3" \ 7588 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7589 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7590 -c "NamedGroup: secp384r1 ( 18 )" \ 7591 -c "Verifying peer X.509 certificate... ok" \ 7592 -C "received HelloRetryRequest message" 7593 7594 requires_gnutls_tls1_3 7595 requires_gnutls_next_no_ticket 7596 requires_config_enabled MBEDTLS_SSL_CLI_C 7597 requires_config_enabled MBEDTLS_DEBUG_C 7598 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7599 requires_config_enabled PSA_WANT_ALG_ECDH 7600 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 7601 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 7602 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 7603 0 \ 7604 -c "HTTP/1.0 200 OK" \ 7605 -c "Protocol is TLSv1.3" \ 7606 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7607 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7608 -c "NamedGroup: secp384r1 ( 18 )" \ 7609 -c "Verifying peer X.509 certificate... ok" \ 7610 -C "received HelloRetryRequest message" 7611 7612 requires_gnutls_tls1_3 7613 requires_gnutls_next_no_ticket 7614 requires_config_enabled MBEDTLS_SSL_CLI_C 7615 requires_config_enabled MBEDTLS_DEBUG_C 7616 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7617 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7618 requires_config_enabled PSA_WANT_ALG_ECDH 7619 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 7620 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 7621 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 7622 0 \ 7623 -c "HTTP/1.0 200 OK" \ 7624 -c "Protocol is TLSv1.3" \ 7625 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7626 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7627 -c "NamedGroup: secp384r1 ( 18 )" \ 7628 -c "Verifying peer X.509 certificate... ok" \ 7629 -C "received HelloRetryRequest message" 7630 7631 requires_gnutls_tls1_3 7632 requires_gnutls_next_no_ticket 7633 requires_config_enabled MBEDTLS_SSL_CLI_C 7634 requires_config_enabled MBEDTLS_DEBUG_C 7635 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7636 requires_config_enabled PSA_WANT_ALG_ECDH 7637 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 7638 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 7639 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 7640 0 \ 7641 -c "HTTP/1.0 200 OK" \ 7642 -c "Protocol is TLSv1.3" \ 7643 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7644 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7645 -c "NamedGroup: secp521r1 ( 19 )" \ 7646 -c "Verifying peer X.509 certificate... ok" \ 7647 -C "received HelloRetryRequest message" 7648 7649 requires_gnutls_tls1_3 7650 requires_gnutls_next_no_ticket 7651 requires_config_enabled MBEDTLS_SSL_CLI_C 7652 requires_config_enabled MBEDTLS_DEBUG_C 7653 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7654 requires_config_enabled PSA_WANT_ALG_ECDH 7655 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 7656 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 7657 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 7658 0 \ 7659 -c "HTTP/1.0 200 OK" \ 7660 -c "Protocol is TLSv1.3" \ 7661 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7662 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7663 -c "NamedGroup: secp521r1 ( 19 )" \ 7664 -c "Verifying peer X.509 certificate... ok" \ 7665 -C "received HelloRetryRequest message" 7666 7667 requires_gnutls_tls1_3 7668 requires_gnutls_next_no_ticket 7669 requires_config_enabled MBEDTLS_SSL_CLI_C 7670 requires_config_enabled MBEDTLS_DEBUG_C 7671 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7672 requires_config_enabled PSA_WANT_ALG_ECDH 7673 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 7674 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 7675 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 7676 0 \ 7677 -c "HTTP/1.0 200 OK" \ 7678 -c "Protocol is TLSv1.3" \ 7679 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7680 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7681 -c "NamedGroup: secp521r1 ( 19 )" \ 7682 -c "Verifying peer X.509 certificate... ok" \ 7683 -C "received HelloRetryRequest message" 7684 7685 requires_gnutls_tls1_3 7686 requires_gnutls_next_no_ticket 7687 requires_config_enabled MBEDTLS_SSL_CLI_C 7688 requires_config_enabled MBEDTLS_DEBUG_C 7689 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7690 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7691 requires_config_enabled PSA_WANT_ALG_ECDH 7692 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 7693 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 7694 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 7695 0 \ 7696 -c "HTTP/1.0 200 OK" \ 7697 -c "Protocol is TLSv1.3" \ 7698 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7699 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7700 -c "NamedGroup: secp521r1 ( 19 )" \ 7701 -c "Verifying peer X.509 certificate... ok" \ 7702 -C "received HelloRetryRequest message" 7703 7704 requires_gnutls_tls1_3 7705 requires_gnutls_next_no_ticket 7706 requires_config_enabled MBEDTLS_SSL_CLI_C 7707 requires_config_enabled MBEDTLS_DEBUG_C 7708 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7709 requires_config_enabled PSA_WANT_ALG_ECDH 7710 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ 7711 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 7712 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 7713 0 \ 7714 -c "HTTP/1.0 200 OK" \ 7715 -c "Protocol is TLSv1.3" \ 7716 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7717 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7718 -c "NamedGroup: x25519 ( 1d )" \ 7719 -c "Verifying peer X.509 certificate... ok" \ 7720 -C "received HelloRetryRequest message" 7721 7722 requires_gnutls_tls1_3 7723 requires_gnutls_next_no_ticket 7724 requires_config_enabled MBEDTLS_SSL_CLI_C 7725 requires_config_enabled MBEDTLS_DEBUG_C 7726 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7727 requires_config_enabled PSA_WANT_ALG_ECDH 7728 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ 7729 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 7730 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 7731 0 \ 7732 -c "HTTP/1.0 200 OK" \ 7733 -c "Protocol is TLSv1.3" \ 7734 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7735 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7736 -c "NamedGroup: x25519 ( 1d )" \ 7737 -c "Verifying peer X.509 certificate... ok" \ 7738 -C "received HelloRetryRequest message" 7739 7740 requires_gnutls_tls1_3 7741 requires_gnutls_next_no_ticket 7742 requires_config_enabled MBEDTLS_SSL_CLI_C 7743 requires_config_enabled MBEDTLS_DEBUG_C 7744 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7745 requires_config_enabled PSA_WANT_ALG_ECDH 7746 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ 7747 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 7748 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 7749 0 \ 7750 -c "HTTP/1.0 200 OK" \ 7751 -c "Protocol is TLSv1.3" \ 7752 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7753 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7754 -c "NamedGroup: x25519 ( 1d )" \ 7755 -c "Verifying peer X.509 certificate... ok" \ 7756 -C "received HelloRetryRequest message" 7757 7758 requires_gnutls_tls1_3 7759 requires_gnutls_next_no_ticket 7760 requires_config_enabled MBEDTLS_SSL_CLI_C 7761 requires_config_enabled MBEDTLS_DEBUG_C 7762 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7763 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7764 requires_config_enabled PSA_WANT_ALG_ECDH 7765 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ 7766 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 7767 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 7768 0 \ 7769 -c "HTTP/1.0 200 OK" \ 7770 -c "Protocol is TLSv1.3" \ 7771 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7772 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7773 -c "NamedGroup: x25519 ( 1d )" \ 7774 -c "Verifying peer X.509 certificate... ok" \ 7775 -C "received HelloRetryRequest message" 7776 7777 requires_gnutls_tls1_3 7778 requires_gnutls_next_no_ticket 7779 requires_config_enabled MBEDTLS_SSL_CLI_C 7780 requires_config_enabled MBEDTLS_DEBUG_C 7781 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7782 requires_config_enabled PSA_WANT_ALG_ECDH 7783 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ 7784 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 7785 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 7786 0 \ 7787 -c "HTTP/1.0 200 OK" \ 7788 -c "Protocol is TLSv1.3" \ 7789 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7790 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7791 -c "NamedGroup: x448 ( 1e )" \ 7792 -c "Verifying peer X.509 certificate... ok" \ 7793 -C "received HelloRetryRequest message" 7794 7795 requires_gnutls_tls1_3 7796 requires_gnutls_next_no_ticket 7797 requires_config_enabled MBEDTLS_SSL_CLI_C 7798 requires_config_enabled MBEDTLS_DEBUG_C 7799 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7800 requires_config_enabled PSA_WANT_ALG_ECDH 7801 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ 7802 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 7803 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 7804 0 \ 7805 -c "HTTP/1.0 200 OK" \ 7806 -c "Protocol is TLSv1.3" \ 7807 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7808 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7809 -c "NamedGroup: x448 ( 1e )" \ 7810 -c "Verifying peer X.509 certificate... ok" \ 7811 -C "received HelloRetryRequest message" 7812 7813 requires_gnutls_tls1_3 7814 requires_gnutls_next_no_ticket 7815 requires_config_enabled MBEDTLS_SSL_CLI_C 7816 requires_config_enabled MBEDTLS_DEBUG_C 7817 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7818 requires_config_enabled PSA_WANT_ALG_ECDH 7819 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ 7820 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 7821 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 7822 0 \ 7823 -c "HTTP/1.0 200 OK" \ 7824 -c "Protocol is TLSv1.3" \ 7825 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7826 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7827 -c "NamedGroup: x448 ( 1e )" \ 7828 -c "Verifying peer X.509 certificate... ok" \ 7829 -C "received HelloRetryRequest message" 7830 7831 requires_gnutls_tls1_3 7832 requires_gnutls_next_no_ticket 7833 requires_config_enabled MBEDTLS_SSL_CLI_C 7834 requires_config_enabled MBEDTLS_DEBUG_C 7835 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7836 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7837 requires_config_enabled PSA_WANT_ALG_ECDH 7838 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ 7839 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 7840 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 7841 0 \ 7842 -c "HTTP/1.0 200 OK" \ 7843 -c "Protocol is TLSv1.3" \ 7844 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7845 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7846 -c "NamedGroup: x448 ( 1e )" \ 7847 -c "Verifying peer X.509 certificate... ok" \ 7848 -C "received HelloRetryRequest message" 7849 7850 requires_gnutls_tls1_3 7851 requires_gnutls_next_no_ticket 7852 requires_config_enabled MBEDTLS_SSL_CLI_C 7853 requires_config_enabled MBEDTLS_DEBUG_C 7854 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7855 requires_config_enabled PSA_WANT_ALG_FFDH 7856 requires_config_enabled PSA_WANT_DH_RFC7919_2048 7857 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 7858 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 7859 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 7860 0 \ 7861 -c "HTTP/1.0 200 OK" \ 7862 -c "Protocol is TLSv1.3" \ 7863 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7864 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7865 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7866 -c "Verifying peer X.509 certificate... ok" \ 7867 -C "received HelloRetryRequest message" 7868 7869 requires_gnutls_tls1_3 7870 requires_gnutls_next_no_ticket 7871 requires_config_enabled MBEDTLS_SSL_CLI_C 7872 requires_config_enabled MBEDTLS_DEBUG_C 7873 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7874 requires_config_enabled PSA_WANT_ALG_FFDH 7875 requires_config_enabled PSA_WANT_DH_RFC7919_2048 7876 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 7877 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 7878 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 7879 0 \ 7880 -c "HTTP/1.0 200 OK" \ 7881 -c "Protocol is TLSv1.3" \ 7882 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7883 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7884 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7885 -c "Verifying peer X.509 certificate... ok" \ 7886 -C "received HelloRetryRequest message" 7887 7888 requires_gnutls_tls1_3 7889 requires_gnutls_next_no_ticket 7890 requires_config_enabled MBEDTLS_SSL_CLI_C 7891 requires_config_enabled MBEDTLS_DEBUG_C 7892 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7893 requires_config_enabled PSA_WANT_ALG_FFDH 7894 requires_config_enabled PSA_WANT_DH_RFC7919_2048 7895 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 7896 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 7897 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 7898 0 \ 7899 -c "HTTP/1.0 200 OK" \ 7900 -c "Protocol is TLSv1.3" \ 7901 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7902 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7903 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7904 -c "Verifying peer X.509 certificate... ok" \ 7905 -C "received HelloRetryRequest message" 7906 7907 requires_gnutls_tls1_3 7908 requires_gnutls_next_no_ticket 7909 requires_config_enabled MBEDTLS_SSL_CLI_C 7910 requires_config_enabled MBEDTLS_DEBUG_C 7911 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7912 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7913 requires_config_enabled PSA_WANT_ALG_FFDH 7914 requires_config_enabled PSA_WANT_DH_RFC7919_2048 7915 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 7916 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 7917 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 7918 0 \ 7919 -c "HTTP/1.0 200 OK" \ 7920 -c "Protocol is TLSv1.3" \ 7921 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 7922 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7923 -c "NamedGroup: ffdhe2048 ( 100 )" \ 7924 -c "Verifying peer X.509 certificate... ok" \ 7925 -C "received HelloRetryRequest message" 7926 7927 requires_gnutls_tls1_3 7928 requires_gnutls_next_no_ticket 7929 requires_config_enabled MBEDTLS_SSL_CLI_C 7930 requires_config_enabled MBEDTLS_DEBUG_C 7931 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7932 requires_config_enabled PSA_WANT_ALG_ECDH 7933 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 7934 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7935 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 7936 0 \ 7937 -c "HTTP/1.0 200 OK" \ 7938 -c "Protocol is TLSv1.3" \ 7939 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 7940 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 7941 -c "NamedGroup: secp256r1 ( 17 )" \ 7942 -c "Verifying peer X.509 certificate... ok" \ 7943 -C "received HelloRetryRequest message" 7944 7945 requires_gnutls_tls1_3 7946 requires_gnutls_next_no_ticket 7947 requires_config_enabled MBEDTLS_SSL_CLI_C 7948 requires_config_enabled MBEDTLS_DEBUG_C 7949 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7950 requires_config_enabled PSA_WANT_ALG_ECDH 7951 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 7952 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7953 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 7954 0 \ 7955 -c "HTTP/1.0 200 OK" \ 7956 -c "Protocol is TLSv1.3" \ 7957 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 7958 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 7959 -c "NamedGroup: secp256r1 ( 17 )" \ 7960 -c "Verifying peer X.509 certificate... ok" \ 7961 -C "received HelloRetryRequest message" 7962 7963 requires_gnutls_tls1_3 7964 requires_gnutls_next_no_ticket 7965 requires_config_enabled MBEDTLS_SSL_CLI_C 7966 requires_config_enabled MBEDTLS_DEBUG_C 7967 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7968 requires_config_enabled PSA_WANT_ALG_ECDH 7969 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 7970 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7971 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 7972 0 \ 7973 -c "HTTP/1.0 200 OK" \ 7974 -c "Protocol is TLSv1.3" \ 7975 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 7976 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 7977 -c "NamedGroup: secp256r1 ( 17 )" \ 7978 -c "Verifying peer X.509 certificate... ok" \ 7979 -C "received HelloRetryRequest message" 7980 7981 requires_gnutls_tls1_3 7982 requires_gnutls_next_no_ticket 7983 requires_config_enabled MBEDTLS_SSL_CLI_C 7984 requires_config_enabled MBEDTLS_DEBUG_C 7985 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7986 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 7987 requires_config_enabled PSA_WANT_ALG_ECDH 7988 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 7989 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 7990 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 7991 0 \ 7992 -c "HTTP/1.0 200 OK" \ 7993 -c "Protocol is TLSv1.3" \ 7994 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 7995 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 7996 -c "NamedGroup: secp256r1 ( 17 )" \ 7997 -c "Verifying peer X.509 certificate... ok" \ 7998 -C "received HelloRetryRequest message" 7999 8000 requires_gnutls_tls1_3 8001 requires_gnutls_next_no_ticket 8002 requires_config_enabled MBEDTLS_SSL_CLI_C 8003 requires_config_enabled MBEDTLS_DEBUG_C 8004 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8005 requires_config_enabled PSA_WANT_ALG_ECDH 8006 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 8007 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 8008 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 8009 0 \ 8010 -c "HTTP/1.0 200 OK" \ 8011 -c "Protocol is TLSv1.3" \ 8012 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8013 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8014 -c "NamedGroup: secp384r1 ( 18 )" \ 8015 -c "Verifying peer X.509 certificate... ok" \ 8016 -C "received HelloRetryRequest message" 8017 8018 requires_gnutls_tls1_3 8019 requires_gnutls_next_no_ticket 8020 requires_config_enabled MBEDTLS_SSL_CLI_C 8021 requires_config_enabled MBEDTLS_DEBUG_C 8022 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8023 requires_config_enabled PSA_WANT_ALG_ECDH 8024 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 8025 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 8026 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 8027 0 \ 8028 -c "HTTP/1.0 200 OK" \ 8029 -c "Protocol is TLSv1.3" \ 8030 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8031 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8032 -c "NamedGroup: secp384r1 ( 18 )" \ 8033 -c "Verifying peer X.509 certificate... ok" \ 8034 -C "received HelloRetryRequest message" 8035 8036 requires_gnutls_tls1_3 8037 requires_gnutls_next_no_ticket 8038 requires_config_enabled MBEDTLS_SSL_CLI_C 8039 requires_config_enabled MBEDTLS_DEBUG_C 8040 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8041 requires_config_enabled PSA_WANT_ALG_ECDH 8042 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 8043 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 8044 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 8045 0 \ 8046 -c "HTTP/1.0 200 OK" \ 8047 -c "Protocol is TLSv1.3" \ 8048 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8049 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8050 -c "NamedGroup: secp384r1 ( 18 )" \ 8051 -c "Verifying peer X.509 certificate... ok" \ 8052 -C "received HelloRetryRequest message" 8053 8054 requires_gnutls_tls1_3 8055 requires_gnutls_next_no_ticket 8056 requires_config_enabled MBEDTLS_SSL_CLI_C 8057 requires_config_enabled MBEDTLS_DEBUG_C 8058 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8059 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8060 requires_config_enabled PSA_WANT_ALG_ECDH 8061 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 8062 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 8063 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 8064 0 \ 8065 -c "HTTP/1.0 200 OK" \ 8066 -c "Protocol is TLSv1.3" \ 8067 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8068 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8069 -c "NamedGroup: secp384r1 ( 18 )" \ 8070 -c "Verifying peer X.509 certificate... ok" \ 8071 -C "received HelloRetryRequest message" 8072 8073 requires_gnutls_tls1_3 8074 requires_gnutls_next_no_ticket 8075 requires_config_enabled MBEDTLS_SSL_CLI_C 8076 requires_config_enabled MBEDTLS_DEBUG_C 8077 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8078 requires_config_enabled PSA_WANT_ALG_ECDH 8079 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 8080 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 8081 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 8082 0 \ 8083 -c "HTTP/1.0 200 OK" \ 8084 -c "Protocol is TLSv1.3" \ 8085 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8086 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8087 -c "NamedGroup: secp521r1 ( 19 )" \ 8088 -c "Verifying peer X.509 certificate... ok" \ 8089 -C "received HelloRetryRequest message" 8090 8091 requires_gnutls_tls1_3 8092 requires_gnutls_next_no_ticket 8093 requires_config_enabled MBEDTLS_SSL_CLI_C 8094 requires_config_enabled MBEDTLS_DEBUG_C 8095 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8096 requires_config_enabled PSA_WANT_ALG_ECDH 8097 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 8098 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 8099 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 8100 0 \ 8101 -c "HTTP/1.0 200 OK" \ 8102 -c "Protocol is TLSv1.3" \ 8103 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8104 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8105 -c "NamedGroup: secp521r1 ( 19 )" \ 8106 -c "Verifying peer X.509 certificate... ok" \ 8107 -C "received HelloRetryRequest message" 8108 8109 requires_gnutls_tls1_3 8110 requires_gnutls_next_no_ticket 8111 requires_config_enabled MBEDTLS_SSL_CLI_C 8112 requires_config_enabled MBEDTLS_DEBUG_C 8113 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8114 requires_config_enabled PSA_WANT_ALG_ECDH 8115 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 8116 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 8117 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 8118 0 \ 8119 -c "HTTP/1.0 200 OK" \ 8120 -c "Protocol is TLSv1.3" \ 8121 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8122 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8123 -c "NamedGroup: secp521r1 ( 19 )" \ 8124 -c "Verifying peer X.509 certificate... ok" \ 8125 -C "received HelloRetryRequest message" 8126 8127 requires_gnutls_tls1_3 8128 requires_gnutls_next_no_ticket 8129 requires_config_enabled MBEDTLS_SSL_CLI_C 8130 requires_config_enabled MBEDTLS_DEBUG_C 8131 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8132 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8133 requires_config_enabled PSA_WANT_ALG_ECDH 8134 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 8135 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 8136 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 8137 0 \ 8138 -c "HTTP/1.0 200 OK" \ 8139 -c "Protocol is TLSv1.3" \ 8140 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8141 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8142 -c "NamedGroup: secp521r1 ( 19 )" \ 8143 -c "Verifying peer X.509 certificate... ok" \ 8144 -C "received HelloRetryRequest message" 8145 8146 requires_gnutls_tls1_3 8147 requires_gnutls_next_no_ticket 8148 requires_config_enabled MBEDTLS_SSL_CLI_C 8149 requires_config_enabled MBEDTLS_DEBUG_C 8150 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8151 requires_config_enabled PSA_WANT_ALG_ECDH 8152 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ 8153 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 8154 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 8155 0 \ 8156 -c "HTTP/1.0 200 OK" \ 8157 -c "Protocol is TLSv1.3" \ 8158 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8159 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8160 -c "NamedGroup: x25519 ( 1d )" \ 8161 -c "Verifying peer X.509 certificate... ok" \ 8162 -C "received HelloRetryRequest message" 8163 8164 requires_gnutls_tls1_3 8165 requires_gnutls_next_no_ticket 8166 requires_config_enabled MBEDTLS_SSL_CLI_C 8167 requires_config_enabled MBEDTLS_DEBUG_C 8168 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8169 requires_config_enabled PSA_WANT_ALG_ECDH 8170 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ 8171 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 8172 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 8173 0 \ 8174 -c "HTTP/1.0 200 OK" \ 8175 -c "Protocol is TLSv1.3" \ 8176 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8177 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8178 -c "NamedGroup: x25519 ( 1d )" \ 8179 -c "Verifying peer X.509 certificate... ok" \ 8180 -C "received HelloRetryRequest message" 8181 8182 requires_gnutls_tls1_3 8183 requires_gnutls_next_no_ticket 8184 requires_config_enabled MBEDTLS_SSL_CLI_C 8185 requires_config_enabled MBEDTLS_DEBUG_C 8186 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8187 requires_config_enabled PSA_WANT_ALG_ECDH 8188 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ 8189 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 8190 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 8191 0 \ 8192 -c "HTTP/1.0 200 OK" \ 8193 -c "Protocol is TLSv1.3" \ 8194 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8195 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8196 -c "NamedGroup: x25519 ( 1d )" \ 8197 -c "Verifying peer X.509 certificate... ok" \ 8198 -C "received HelloRetryRequest message" 8199 8200 requires_gnutls_tls1_3 8201 requires_gnutls_next_no_ticket 8202 requires_config_enabled MBEDTLS_SSL_CLI_C 8203 requires_config_enabled MBEDTLS_DEBUG_C 8204 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8205 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8206 requires_config_enabled PSA_WANT_ALG_ECDH 8207 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ 8208 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 8209 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 8210 0 \ 8211 -c "HTTP/1.0 200 OK" \ 8212 -c "Protocol is TLSv1.3" \ 8213 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8214 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8215 -c "NamedGroup: x25519 ( 1d )" \ 8216 -c "Verifying peer X.509 certificate... ok" \ 8217 -C "received HelloRetryRequest message" 8218 8219 requires_gnutls_tls1_3 8220 requires_gnutls_next_no_ticket 8221 requires_config_enabled MBEDTLS_SSL_CLI_C 8222 requires_config_enabled MBEDTLS_DEBUG_C 8223 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8224 requires_config_enabled PSA_WANT_ALG_ECDH 8225 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ 8226 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 8227 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 8228 0 \ 8229 -c "HTTP/1.0 200 OK" \ 8230 -c "Protocol is TLSv1.3" \ 8231 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8232 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8233 -c "NamedGroup: x448 ( 1e )" \ 8234 -c "Verifying peer X.509 certificate... ok" \ 8235 -C "received HelloRetryRequest message" 8236 8237 requires_gnutls_tls1_3 8238 requires_gnutls_next_no_ticket 8239 requires_config_enabled MBEDTLS_SSL_CLI_C 8240 requires_config_enabled MBEDTLS_DEBUG_C 8241 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8242 requires_config_enabled PSA_WANT_ALG_ECDH 8243 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ 8244 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 8245 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 8246 0 \ 8247 -c "HTTP/1.0 200 OK" \ 8248 -c "Protocol is TLSv1.3" \ 8249 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8250 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8251 -c "NamedGroup: x448 ( 1e )" \ 8252 -c "Verifying peer X.509 certificate... ok" \ 8253 -C "received HelloRetryRequest message" 8254 8255 requires_gnutls_tls1_3 8256 requires_gnutls_next_no_ticket 8257 requires_config_enabled MBEDTLS_SSL_CLI_C 8258 requires_config_enabled MBEDTLS_DEBUG_C 8259 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8260 requires_config_enabled PSA_WANT_ALG_ECDH 8261 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ 8262 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 8263 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 8264 0 \ 8265 -c "HTTP/1.0 200 OK" \ 8266 -c "Protocol is TLSv1.3" \ 8267 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8268 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8269 -c "NamedGroup: x448 ( 1e )" \ 8270 -c "Verifying peer X.509 certificate... ok" \ 8271 -C "received HelloRetryRequest message" 8272 8273 requires_gnutls_tls1_3 8274 requires_gnutls_next_no_ticket 8275 requires_config_enabled MBEDTLS_SSL_CLI_C 8276 requires_config_enabled MBEDTLS_DEBUG_C 8277 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8278 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8279 requires_config_enabled PSA_WANT_ALG_ECDH 8280 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ 8281 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 8282 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 8283 0 \ 8284 -c "HTTP/1.0 200 OK" \ 8285 -c "Protocol is TLSv1.3" \ 8286 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8287 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8288 -c "NamedGroup: x448 ( 1e )" \ 8289 -c "Verifying peer X.509 certificate... ok" \ 8290 -C "received HelloRetryRequest message" 8291 8292 requires_gnutls_tls1_3 8293 requires_gnutls_next_no_ticket 8294 requires_config_enabled MBEDTLS_SSL_CLI_C 8295 requires_config_enabled MBEDTLS_DEBUG_C 8296 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8297 requires_config_enabled PSA_WANT_ALG_FFDH 8298 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8299 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 8300 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 8301 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 8302 0 \ 8303 -c "HTTP/1.0 200 OK" \ 8304 -c "Protocol is TLSv1.3" \ 8305 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8306 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8307 -c "NamedGroup: ffdhe2048 ( 100 )" \ 8308 -c "Verifying peer X.509 certificate... ok" \ 8309 -C "received HelloRetryRequest message" 8310 8311 requires_gnutls_tls1_3 8312 requires_gnutls_next_no_ticket 8313 requires_config_enabled MBEDTLS_SSL_CLI_C 8314 requires_config_enabled MBEDTLS_DEBUG_C 8315 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8316 requires_config_enabled PSA_WANT_ALG_FFDH 8317 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8318 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 8319 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 8320 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 8321 0 \ 8322 -c "HTTP/1.0 200 OK" \ 8323 -c "Protocol is TLSv1.3" \ 8324 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8325 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8326 -c "NamedGroup: ffdhe2048 ( 100 )" \ 8327 -c "Verifying peer X.509 certificate... ok" \ 8328 -C "received HelloRetryRequest message" 8329 8330 requires_gnutls_tls1_3 8331 requires_gnutls_next_no_ticket 8332 requires_config_enabled MBEDTLS_SSL_CLI_C 8333 requires_config_enabled MBEDTLS_DEBUG_C 8334 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8335 requires_config_enabled PSA_WANT_ALG_FFDH 8336 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8337 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 8338 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 8339 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 8340 0 \ 8341 -c "HTTP/1.0 200 OK" \ 8342 -c "Protocol is TLSv1.3" \ 8343 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8344 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8345 -c "NamedGroup: ffdhe2048 ( 100 )" \ 8346 -c "Verifying peer X.509 certificate... ok" \ 8347 -C "received HelloRetryRequest message" 8348 8349 requires_gnutls_tls1_3 8350 requires_gnutls_next_no_ticket 8351 requires_config_enabled MBEDTLS_SSL_CLI_C 8352 requires_config_enabled MBEDTLS_DEBUG_C 8353 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8354 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8355 requires_config_enabled PSA_WANT_ALG_FFDH 8356 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8357 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 8358 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 8359 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 8360 0 \ 8361 -c "HTTP/1.0 200 OK" \ 8362 -c "Protocol is TLSv1.3" \ 8363 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 8364 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8365 -c "NamedGroup: ffdhe2048 ( 100 )" \ 8366 -c "Verifying peer X.509 certificate... ok" \ 8367 -C "received HelloRetryRequest message" 8368 8369 requires_config_enabled MBEDTLS_SSL_SRV_C 8370 requires_config_enabled MBEDTLS_DEBUG_C 8371 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8372 requires_config_enabled PSA_WANT_ALG_ECDH 8373 requires_config_enabled MBEDTLS_SSL_CLI_C 8374 requires_config_enabled MBEDTLS_DEBUG_C 8375 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8376 requires_config_enabled PSA_WANT_ALG_ECDH 8377 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 8378 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8379 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 8380 0 \ 8381 -s "Protocol is TLSv1.3" \ 8382 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8383 -s "received signature algorithm: 0x403" \ 8384 -s "got named group: secp256r1(0017)" \ 8385 -s "Certificate verification was skipped" \ 8386 -c "Protocol is TLSv1.3" \ 8387 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8388 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8389 -c "NamedGroup: secp256r1 ( 17 )" \ 8390 -c "Verifying peer X.509 certificate... ok" \ 8391 -C "received HelloRetryRequest message" 8392 8393 requires_config_enabled MBEDTLS_SSL_SRV_C 8394 requires_config_enabled MBEDTLS_DEBUG_C 8395 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8396 requires_config_enabled PSA_WANT_ALG_ECDH 8397 requires_config_enabled MBEDTLS_SSL_CLI_C 8398 requires_config_enabled MBEDTLS_DEBUG_C 8399 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8400 requires_config_enabled PSA_WANT_ALG_ECDH 8401 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 8402 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8403 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 8404 0 \ 8405 -s "Protocol is TLSv1.3" \ 8406 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8407 -s "received signature algorithm: 0x503" \ 8408 -s "got named group: secp256r1(0017)" \ 8409 -s "Certificate verification was skipped" \ 8410 -c "Protocol is TLSv1.3" \ 8411 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8412 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8413 -c "NamedGroup: secp256r1 ( 17 )" \ 8414 -c "Verifying peer X.509 certificate... ok" \ 8415 -C "received HelloRetryRequest message" 8416 8417 requires_config_enabled MBEDTLS_SSL_SRV_C 8418 requires_config_enabled MBEDTLS_DEBUG_C 8419 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8420 requires_config_enabled PSA_WANT_ALG_ECDH 8421 requires_config_enabled MBEDTLS_SSL_CLI_C 8422 requires_config_enabled MBEDTLS_DEBUG_C 8423 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8424 requires_config_enabled PSA_WANT_ALG_ECDH 8425 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 8426 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8427 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 8428 0 \ 8429 -s "Protocol is TLSv1.3" \ 8430 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8431 -s "received signature algorithm: 0x603" \ 8432 -s "got named group: secp256r1(0017)" \ 8433 -s "Certificate verification was skipped" \ 8434 -c "Protocol is TLSv1.3" \ 8435 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8436 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8437 -c "NamedGroup: secp256r1 ( 17 )" \ 8438 -c "Verifying peer X.509 certificate... ok" \ 8439 -C "received HelloRetryRequest message" 8440 8441 requires_config_enabled MBEDTLS_SSL_SRV_C 8442 requires_config_enabled MBEDTLS_DEBUG_C 8443 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8444 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8445 requires_config_enabled PSA_WANT_ALG_ECDH 8446 requires_config_enabled MBEDTLS_SSL_CLI_C 8447 requires_config_enabled MBEDTLS_DEBUG_C 8448 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8449 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8450 requires_config_enabled PSA_WANT_ALG_ECDH 8451 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 8452 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8453 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 8454 0 \ 8455 -s "Protocol is TLSv1.3" \ 8456 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8457 -s "received signature algorithm: 0x804" \ 8458 -s "got named group: secp256r1(0017)" \ 8459 -s "Certificate verification was skipped" \ 8460 -c "Protocol is TLSv1.3" \ 8461 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8462 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8463 -c "NamedGroup: secp256r1 ( 17 )" \ 8464 -c "Verifying peer X.509 certificate... ok" \ 8465 -C "received HelloRetryRequest message" 8466 8467 requires_config_enabled MBEDTLS_SSL_SRV_C 8468 requires_config_enabled MBEDTLS_DEBUG_C 8469 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8470 requires_config_enabled PSA_WANT_ALG_ECDH 8471 requires_config_enabled MBEDTLS_SSL_CLI_C 8472 requires_config_enabled MBEDTLS_DEBUG_C 8473 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8474 requires_config_enabled PSA_WANT_ALG_ECDH 8475 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 8476 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8477 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 8478 0 \ 8479 -s "Protocol is TLSv1.3" \ 8480 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8481 -s "received signature algorithm: 0x403" \ 8482 -s "got named group: secp384r1(0018)" \ 8483 -s "Certificate verification was skipped" \ 8484 -c "Protocol is TLSv1.3" \ 8485 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8486 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8487 -c "NamedGroup: secp384r1 ( 18 )" \ 8488 -c "Verifying peer X.509 certificate... ok" \ 8489 -C "received HelloRetryRequest message" 8490 8491 requires_config_enabled MBEDTLS_SSL_SRV_C 8492 requires_config_enabled MBEDTLS_DEBUG_C 8493 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8494 requires_config_enabled PSA_WANT_ALG_ECDH 8495 requires_config_enabled MBEDTLS_SSL_CLI_C 8496 requires_config_enabled MBEDTLS_DEBUG_C 8497 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8498 requires_config_enabled PSA_WANT_ALG_ECDH 8499 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 8500 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8501 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 8502 0 \ 8503 -s "Protocol is TLSv1.3" \ 8504 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8505 -s "received signature algorithm: 0x503" \ 8506 -s "got named group: secp384r1(0018)" \ 8507 -s "Certificate verification was skipped" \ 8508 -c "Protocol is TLSv1.3" \ 8509 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8510 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8511 -c "NamedGroup: secp384r1 ( 18 )" \ 8512 -c "Verifying peer X.509 certificate... ok" \ 8513 -C "received HelloRetryRequest message" 8514 8515 requires_config_enabled MBEDTLS_SSL_SRV_C 8516 requires_config_enabled MBEDTLS_DEBUG_C 8517 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8518 requires_config_enabled PSA_WANT_ALG_ECDH 8519 requires_config_enabled MBEDTLS_SSL_CLI_C 8520 requires_config_enabled MBEDTLS_DEBUG_C 8521 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8522 requires_config_enabled PSA_WANT_ALG_ECDH 8523 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 8524 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8525 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 8526 0 \ 8527 -s "Protocol is TLSv1.3" \ 8528 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8529 -s "received signature algorithm: 0x603" \ 8530 -s "got named group: secp384r1(0018)" \ 8531 -s "Certificate verification was skipped" \ 8532 -c "Protocol is TLSv1.3" \ 8533 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8534 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8535 -c "NamedGroup: secp384r1 ( 18 )" \ 8536 -c "Verifying peer X.509 certificate... ok" \ 8537 -C "received HelloRetryRequest message" 8538 8539 requires_config_enabled MBEDTLS_SSL_SRV_C 8540 requires_config_enabled MBEDTLS_DEBUG_C 8541 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8542 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8543 requires_config_enabled PSA_WANT_ALG_ECDH 8544 requires_config_enabled MBEDTLS_SSL_CLI_C 8545 requires_config_enabled MBEDTLS_DEBUG_C 8546 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8547 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8548 requires_config_enabled PSA_WANT_ALG_ECDH 8549 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 8550 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8551 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 8552 0 \ 8553 -s "Protocol is TLSv1.3" \ 8554 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8555 -s "received signature algorithm: 0x804" \ 8556 -s "got named group: secp384r1(0018)" \ 8557 -s "Certificate verification was skipped" \ 8558 -c "Protocol is TLSv1.3" \ 8559 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8560 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8561 -c "NamedGroup: secp384r1 ( 18 )" \ 8562 -c "Verifying peer X.509 certificate... ok" \ 8563 -C "received HelloRetryRequest message" 8564 8565 requires_config_enabled MBEDTLS_SSL_SRV_C 8566 requires_config_enabled MBEDTLS_DEBUG_C 8567 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8568 requires_config_enabled PSA_WANT_ALG_ECDH 8569 requires_config_enabled MBEDTLS_SSL_CLI_C 8570 requires_config_enabled MBEDTLS_DEBUG_C 8571 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8572 requires_config_enabled PSA_WANT_ALG_ECDH 8573 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 8574 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8575 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 8576 0 \ 8577 -s "Protocol is TLSv1.3" \ 8578 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8579 -s "received signature algorithm: 0x403" \ 8580 -s "got named group: secp521r1(0019)" \ 8581 -s "Certificate verification was skipped" \ 8582 -c "Protocol is TLSv1.3" \ 8583 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8584 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8585 -c "NamedGroup: secp521r1 ( 19 )" \ 8586 -c "Verifying peer X.509 certificate... ok" \ 8587 -C "received HelloRetryRequest message" 8588 8589 requires_config_enabled MBEDTLS_SSL_SRV_C 8590 requires_config_enabled MBEDTLS_DEBUG_C 8591 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8592 requires_config_enabled PSA_WANT_ALG_ECDH 8593 requires_config_enabled MBEDTLS_SSL_CLI_C 8594 requires_config_enabled MBEDTLS_DEBUG_C 8595 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8596 requires_config_enabled PSA_WANT_ALG_ECDH 8597 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 8598 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8599 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 8600 0 \ 8601 -s "Protocol is TLSv1.3" \ 8602 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8603 -s "received signature algorithm: 0x503" \ 8604 -s "got named group: secp521r1(0019)" \ 8605 -s "Certificate verification was skipped" \ 8606 -c "Protocol is TLSv1.3" \ 8607 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8608 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8609 -c "NamedGroup: secp521r1 ( 19 )" \ 8610 -c "Verifying peer X.509 certificate... ok" \ 8611 -C "received HelloRetryRequest message" 8612 8613 requires_config_enabled MBEDTLS_SSL_SRV_C 8614 requires_config_enabled MBEDTLS_DEBUG_C 8615 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8616 requires_config_enabled PSA_WANT_ALG_ECDH 8617 requires_config_enabled MBEDTLS_SSL_CLI_C 8618 requires_config_enabled MBEDTLS_DEBUG_C 8619 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8620 requires_config_enabled PSA_WANT_ALG_ECDH 8621 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 8622 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8623 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 8624 0 \ 8625 -s "Protocol is TLSv1.3" \ 8626 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8627 -s "received signature algorithm: 0x603" \ 8628 -s "got named group: secp521r1(0019)" \ 8629 -s "Certificate verification was skipped" \ 8630 -c "Protocol is TLSv1.3" \ 8631 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8632 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8633 -c "NamedGroup: secp521r1 ( 19 )" \ 8634 -c "Verifying peer X.509 certificate... ok" \ 8635 -C "received HelloRetryRequest message" 8636 8637 requires_config_enabled MBEDTLS_SSL_SRV_C 8638 requires_config_enabled MBEDTLS_DEBUG_C 8639 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8640 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8641 requires_config_enabled PSA_WANT_ALG_ECDH 8642 requires_config_enabled MBEDTLS_SSL_CLI_C 8643 requires_config_enabled MBEDTLS_DEBUG_C 8644 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8645 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8646 requires_config_enabled PSA_WANT_ALG_ECDH 8647 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 8648 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8649 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 8650 0 \ 8651 -s "Protocol is TLSv1.3" \ 8652 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8653 -s "received signature algorithm: 0x804" \ 8654 -s "got named group: secp521r1(0019)" \ 8655 -s "Certificate verification was skipped" \ 8656 -c "Protocol is TLSv1.3" \ 8657 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8658 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8659 -c "NamedGroup: secp521r1 ( 19 )" \ 8660 -c "Verifying peer X.509 certificate... ok" \ 8661 -C "received HelloRetryRequest message" 8662 8663 requires_config_enabled MBEDTLS_SSL_SRV_C 8664 requires_config_enabled MBEDTLS_DEBUG_C 8665 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8666 requires_config_enabled PSA_WANT_ALG_ECDH 8667 requires_config_enabled MBEDTLS_SSL_CLI_C 8668 requires_config_enabled MBEDTLS_DEBUG_C 8669 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8670 requires_config_enabled PSA_WANT_ALG_ECDH 8671 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ 8672 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8673 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 8674 0 \ 8675 -s "Protocol is TLSv1.3" \ 8676 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8677 -s "received signature algorithm: 0x403" \ 8678 -s "got named group: x25519(001d)" \ 8679 -s "Certificate verification was skipped" \ 8680 -c "Protocol is TLSv1.3" \ 8681 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8682 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8683 -c "NamedGroup: x25519 ( 1d )" \ 8684 -c "Verifying peer X.509 certificate... ok" \ 8685 -C "received HelloRetryRequest message" 8686 8687 requires_config_enabled MBEDTLS_SSL_SRV_C 8688 requires_config_enabled MBEDTLS_DEBUG_C 8689 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8690 requires_config_enabled PSA_WANT_ALG_ECDH 8691 requires_config_enabled MBEDTLS_SSL_CLI_C 8692 requires_config_enabled MBEDTLS_DEBUG_C 8693 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8694 requires_config_enabled PSA_WANT_ALG_ECDH 8695 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ 8696 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8697 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 8698 0 \ 8699 -s "Protocol is TLSv1.3" \ 8700 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8701 -s "received signature algorithm: 0x503" \ 8702 -s "got named group: x25519(001d)" \ 8703 -s "Certificate verification was skipped" \ 8704 -c "Protocol is TLSv1.3" \ 8705 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8706 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8707 -c "NamedGroup: x25519 ( 1d )" \ 8708 -c "Verifying peer X.509 certificate... ok" \ 8709 -C "received HelloRetryRequest message" 8710 8711 requires_config_enabled MBEDTLS_SSL_SRV_C 8712 requires_config_enabled MBEDTLS_DEBUG_C 8713 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8714 requires_config_enabled PSA_WANT_ALG_ECDH 8715 requires_config_enabled MBEDTLS_SSL_CLI_C 8716 requires_config_enabled MBEDTLS_DEBUG_C 8717 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8718 requires_config_enabled PSA_WANT_ALG_ECDH 8719 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ 8720 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8721 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 8722 0 \ 8723 -s "Protocol is TLSv1.3" \ 8724 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8725 -s "received signature algorithm: 0x603" \ 8726 -s "got named group: x25519(001d)" \ 8727 -s "Certificate verification was skipped" \ 8728 -c "Protocol is TLSv1.3" \ 8729 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8730 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8731 -c "NamedGroup: x25519 ( 1d )" \ 8732 -c "Verifying peer X.509 certificate... ok" \ 8733 -C "received HelloRetryRequest message" 8734 8735 requires_config_enabled MBEDTLS_SSL_SRV_C 8736 requires_config_enabled MBEDTLS_DEBUG_C 8737 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8738 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8739 requires_config_enabled PSA_WANT_ALG_ECDH 8740 requires_config_enabled MBEDTLS_SSL_CLI_C 8741 requires_config_enabled MBEDTLS_DEBUG_C 8742 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8743 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8744 requires_config_enabled PSA_WANT_ALG_ECDH 8745 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \ 8746 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8747 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 8748 0 \ 8749 -s "Protocol is TLSv1.3" \ 8750 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8751 -s "received signature algorithm: 0x804" \ 8752 -s "got named group: x25519(001d)" \ 8753 -s "Certificate verification was skipped" \ 8754 -c "Protocol is TLSv1.3" \ 8755 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8756 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8757 -c "NamedGroup: x25519 ( 1d )" \ 8758 -c "Verifying peer X.509 certificate... ok" \ 8759 -C "received HelloRetryRequest message" 8760 8761 requires_config_enabled MBEDTLS_SSL_SRV_C 8762 requires_config_enabled MBEDTLS_DEBUG_C 8763 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8764 requires_config_enabled PSA_WANT_ALG_ECDH 8765 requires_config_enabled MBEDTLS_SSL_CLI_C 8766 requires_config_enabled MBEDTLS_DEBUG_C 8767 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8768 requires_config_enabled PSA_WANT_ALG_ECDH 8769 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \ 8770 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8771 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 8772 0 \ 8773 -s "Protocol is TLSv1.3" \ 8774 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8775 -s "received signature algorithm: 0x403" \ 8776 -s "got named group: x448(001e)" \ 8777 -s "Certificate verification was skipped" \ 8778 -c "Protocol is TLSv1.3" \ 8779 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8780 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8781 -c "NamedGroup: x448 ( 1e )" \ 8782 -c "Verifying peer X.509 certificate... ok" \ 8783 -C "received HelloRetryRequest message" 8784 8785 requires_config_enabled MBEDTLS_SSL_SRV_C 8786 requires_config_enabled MBEDTLS_DEBUG_C 8787 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8788 requires_config_enabled PSA_WANT_ALG_ECDH 8789 requires_config_enabled MBEDTLS_SSL_CLI_C 8790 requires_config_enabled MBEDTLS_DEBUG_C 8791 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8792 requires_config_enabled PSA_WANT_ALG_ECDH 8793 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \ 8794 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8795 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 8796 0 \ 8797 -s "Protocol is TLSv1.3" \ 8798 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8799 -s "received signature algorithm: 0x503" \ 8800 -s "got named group: x448(001e)" \ 8801 -s "Certificate verification was skipped" \ 8802 -c "Protocol is TLSv1.3" \ 8803 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8804 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8805 -c "NamedGroup: x448 ( 1e )" \ 8806 -c "Verifying peer X.509 certificate... ok" \ 8807 -C "received HelloRetryRequest message" 8808 8809 requires_config_enabled MBEDTLS_SSL_SRV_C 8810 requires_config_enabled MBEDTLS_DEBUG_C 8811 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8812 requires_config_enabled PSA_WANT_ALG_ECDH 8813 requires_config_enabled MBEDTLS_SSL_CLI_C 8814 requires_config_enabled MBEDTLS_DEBUG_C 8815 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8816 requires_config_enabled PSA_WANT_ALG_ECDH 8817 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \ 8818 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8819 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 8820 0 \ 8821 -s "Protocol is TLSv1.3" \ 8822 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8823 -s "received signature algorithm: 0x603" \ 8824 -s "got named group: x448(001e)" \ 8825 -s "Certificate verification was skipped" \ 8826 -c "Protocol is TLSv1.3" \ 8827 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8828 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8829 -c "NamedGroup: x448 ( 1e )" \ 8830 -c "Verifying peer X.509 certificate... ok" \ 8831 -C "received HelloRetryRequest message" 8832 8833 requires_config_enabled MBEDTLS_SSL_SRV_C 8834 requires_config_enabled MBEDTLS_DEBUG_C 8835 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8836 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8837 requires_config_enabled PSA_WANT_ALG_ECDH 8838 requires_config_enabled MBEDTLS_SSL_CLI_C 8839 requires_config_enabled MBEDTLS_DEBUG_C 8840 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8841 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8842 requires_config_enabled PSA_WANT_ALG_ECDH 8843 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \ 8844 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8845 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 8846 0 \ 8847 -s "Protocol is TLSv1.3" \ 8848 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8849 -s "received signature algorithm: 0x804" \ 8850 -s "got named group: x448(001e)" \ 8851 -s "Certificate verification was skipped" \ 8852 -c "Protocol is TLSv1.3" \ 8853 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8854 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8855 -c "NamedGroup: x448 ( 1e )" \ 8856 -c "Verifying peer X.509 certificate... ok" \ 8857 -C "received HelloRetryRequest message" 8858 8859 requires_config_enabled MBEDTLS_SSL_SRV_C 8860 requires_config_enabled MBEDTLS_DEBUG_C 8861 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8862 requires_config_enabled PSA_WANT_ALG_FFDH 8863 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8864 requires_config_enabled MBEDTLS_SSL_CLI_C 8865 requires_config_enabled MBEDTLS_DEBUG_C 8866 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8867 requires_config_enabled PSA_WANT_ALG_FFDH 8868 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8869 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 8870 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8871 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 8872 0 \ 8873 -s "Protocol is TLSv1.3" \ 8874 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8875 -s "received signature algorithm: 0x403" \ 8876 -s "got named group: ffdhe2048(0100)" \ 8877 -s "Certificate verification was skipped" \ 8878 -c "Protocol is TLSv1.3" \ 8879 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8880 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8881 -c "NamedGroup: ffdhe2048 ( 100 )" \ 8882 -c "Verifying peer X.509 certificate... ok" \ 8883 -C "received HelloRetryRequest message" 8884 8885 requires_config_enabled MBEDTLS_SSL_SRV_C 8886 requires_config_enabled MBEDTLS_DEBUG_C 8887 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8888 requires_config_enabled PSA_WANT_ALG_FFDH 8889 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8890 requires_config_enabled MBEDTLS_SSL_CLI_C 8891 requires_config_enabled MBEDTLS_DEBUG_C 8892 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8893 requires_config_enabled PSA_WANT_ALG_FFDH 8894 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8895 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 8896 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8897 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 8898 0 \ 8899 -s "Protocol is TLSv1.3" \ 8900 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8901 -s "received signature algorithm: 0x503" \ 8902 -s "got named group: ffdhe2048(0100)" \ 8903 -s "Certificate verification was skipped" \ 8904 -c "Protocol is TLSv1.3" \ 8905 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8906 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 8907 -c "NamedGroup: ffdhe2048 ( 100 )" \ 8908 -c "Verifying peer X.509 certificate... ok" \ 8909 -C "received HelloRetryRequest message" 8910 8911 requires_config_enabled MBEDTLS_SSL_SRV_C 8912 requires_config_enabled MBEDTLS_DEBUG_C 8913 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8914 requires_config_enabled PSA_WANT_ALG_FFDH 8915 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8916 requires_config_enabled MBEDTLS_SSL_CLI_C 8917 requires_config_enabled MBEDTLS_DEBUG_C 8918 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8919 requires_config_enabled PSA_WANT_ALG_FFDH 8920 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8921 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 8922 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8923 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 8924 0 \ 8925 -s "Protocol is TLSv1.3" \ 8926 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8927 -s "received signature algorithm: 0x603" \ 8928 -s "got named group: ffdhe2048(0100)" \ 8929 -s "Certificate verification was skipped" \ 8930 -c "Protocol is TLSv1.3" \ 8931 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8932 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 8933 -c "NamedGroup: ffdhe2048 ( 100 )" \ 8934 -c "Verifying peer X.509 certificate... ok" \ 8935 -C "received HelloRetryRequest message" 8936 8937 requires_config_enabled MBEDTLS_SSL_SRV_C 8938 requires_config_enabled MBEDTLS_DEBUG_C 8939 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8940 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8941 requires_config_enabled PSA_WANT_ALG_FFDH 8942 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8943 requires_config_enabled MBEDTLS_SSL_CLI_C 8944 requires_config_enabled MBEDTLS_DEBUG_C 8945 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8946 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 8947 requires_config_enabled PSA_WANT_ALG_FFDH 8948 requires_config_enabled PSA_WANT_DH_RFC7919_2048 8949 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 8950 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8951 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 8952 0 \ 8953 -s "Protocol is TLSv1.3" \ 8954 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 8955 -s "received signature algorithm: 0x804" \ 8956 -s "got named group: ffdhe2048(0100)" \ 8957 -s "Certificate verification was skipped" \ 8958 -c "Protocol is TLSv1.3" \ 8959 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8960 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 8961 -c "NamedGroup: ffdhe2048 ( 100 )" \ 8962 -c "Verifying peer X.509 certificate... ok" \ 8963 -C "received HelloRetryRequest message" 8964 8965 requires_config_enabled MBEDTLS_SSL_SRV_C 8966 requires_config_enabled MBEDTLS_DEBUG_C 8967 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8968 requires_config_enabled PSA_WANT_ALG_ECDH 8969 requires_config_enabled MBEDTLS_SSL_CLI_C 8970 requires_config_enabled MBEDTLS_DEBUG_C 8971 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8972 requires_config_enabled PSA_WANT_ALG_ECDH 8973 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \ 8974 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8975 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 8976 0 \ 8977 -s "Protocol is TLSv1.3" \ 8978 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 8979 -s "received signature algorithm: 0x403" \ 8980 -s "got named group: secp256r1(0017)" \ 8981 -s "Certificate verification was skipped" \ 8982 -c "Protocol is TLSv1.3" \ 8983 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 8984 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 8985 -c "NamedGroup: secp256r1 ( 17 )" \ 8986 -c "Verifying peer X.509 certificate... ok" \ 8987 -C "received HelloRetryRequest message" 8988 8989 requires_config_enabled MBEDTLS_SSL_SRV_C 8990 requires_config_enabled MBEDTLS_DEBUG_C 8991 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8992 requires_config_enabled PSA_WANT_ALG_ECDH 8993 requires_config_enabled MBEDTLS_SSL_CLI_C 8994 requires_config_enabled MBEDTLS_DEBUG_C 8995 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8996 requires_config_enabled PSA_WANT_ALG_ECDH 8997 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \ 8998 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 8999 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 9000 0 \ 9001 -s "Protocol is TLSv1.3" \ 9002 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9003 -s "received signature algorithm: 0x503" \ 9004 -s "got named group: secp256r1(0017)" \ 9005 -s "Certificate verification was skipped" \ 9006 -c "Protocol is TLSv1.3" \ 9007 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9008 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9009 -c "NamedGroup: secp256r1 ( 17 )" \ 9010 -c "Verifying peer X.509 certificate... ok" \ 9011 -C "received HelloRetryRequest message" 9012 9013 requires_config_enabled MBEDTLS_SSL_SRV_C 9014 requires_config_enabled MBEDTLS_DEBUG_C 9015 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9016 requires_config_enabled PSA_WANT_ALG_ECDH 9017 requires_config_enabled MBEDTLS_SSL_CLI_C 9018 requires_config_enabled MBEDTLS_DEBUG_C 9019 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9020 requires_config_enabled PSA_WANT_ALG_ECDH 9021 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \ 9022 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9023 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 9024 0 \ 9025 -s "Protocol is TLSv1.3" \ 9026 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9027 -s "received signature algorithm: 0x603" \ 9028 -s "got named group: secp256r1(0017)" \ 9029 -s "Certificate verification was skipped" \ 9030 -c "Protocol is TLSv1.3" \ 9031 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9032 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 9033 -c "NamedGroup: secp256r1 ( 17 )" \ 9034 -c "Verifying peer X.509 certificate... ok" \ 9035 -C "received HelloRetryRequest message" 9036 9037 requires_config_enabled MBEDTLS_SSL_SRV_C 9038 requires_config_enabled MBEDTLS_DEBUG_C 9039 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9040 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9041 requires_config_enabled PSA_WANT_ALG_ECDH 9042 requires_config_enabled MBEDTLS_SSL_CLI_C 9043 requires_config_enabled MBEDTLS_DEBUG_C 9044 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9045 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9046 requires_config_enabled PSA_WANT_ALG_ECDH 9047 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \ 9048 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9049 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 9050 0 \ 9051 -s "Protocol is TLSv1.3" \ 9052 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9053 -s "received signature algorithm: 0x804" \ 9054 -s "got named group: secp256r1(0017)" \ 9055 -s "Certificate verification was skipped" \ 9056 -c "Protocol is TLSv1.3" \ 9057 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9058 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 9059 -c "NamedGroup: secp256r1 ( 17 )" \ 9060 -c "Verifying peer X.509 certificate... ok" \ 9061 -C "received HelloRetryRequest message" 9062 9063 requires_config_enabled MBEDTLS_SSL_SRV_C 9064 requires_config_enabled MBEDTLS_DEBUG_C 9065 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9066 requires_config_enabled PSA_WANT_ALG_ECDH 9067 requires_config_enabled MBEDTLS_SSL_CLI_C 9068 requires_config_enabled MBEDTLS_DEBUG_C 9069 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9070 requires_config_enabled PSA_WANT_ALG_ECDH 9071 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \ 9072 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9073 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 9074 0 \ 9075 -s "Protocol is TLSv1.3" \ 9076 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9077 -s "received signature algorithm: 0x403" \ 9078 -s "got named group: secp384r1(0018)" \ 9079 -s "Certificate verification was skipped" \ 9080 -c "Protocol is TLSv1.3" \ 9081 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9082 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 9083 -c "NamedGroup: secp384r1 ( 18 )" \ 9084 -c "Verifying peer X.509 certificate... ok" \ 9085 -C "received HelloRetryRequest message" 9086 9087 requires_config_enabled MBEDTLS_SSL_SRV_C 9088 requires_config_enabled MBEDTLS_DEBUG_C 9089 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9090 requires_config_enabled PSA_WANT_ALG_ECDH 9091 requires_config_enabled MBEDTLS_SSL_CLI_C 9092 requires_config_enabled MBEDTLS_DEBUG_C 9093 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9094 requires_config_enabled PSA_WANT_ALG_ECDH 9095 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \ 9096 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9097 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 9098 0 \ 9099 -s "Protocol is TLSv1.3" \ 9100 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9101 -s "received signature algorithm: 0x503" \ 9102 -s "got named group: secp384r1(0018)" \ 9103 -s "Certificate verification was skipped" \ 9104 -c "Protocol is TLSv1.3" \ 9105 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9106 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9107 -c "NamedGroup: secp384r1 ( 18 )" \ 9108 -c "Verifying peer X.509 certificate... ok" \ 9109 -C "received HelloRetryRequest message" 9110 9111 requires_config_enabled MBEDTLS_SSL_SRV_C 9112 requires_config_enabled MBEDTLS_DEBUG_C 9113 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9114 requires_config_enabled PSA_WANT_ALG_ECDH 9115 requires_config_enabled MBEDTLS_SSL_CLI_C 9116 requires_config_enabled MBEDTLS_DEBUG_C 9117 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9118 requires_config_enabled PSA_WANT_ALG_ECDH 9119 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \ 9120 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9121 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 9122 0 \ 9123 -s "Protocol is TLSv1.3" \ 9124 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9125 -s "received signature algorithm: 0x603" \ 9126 -s "got named group: secp384r1(0018)" \ 9127 -s "Certificate verification was skipped" \ 9128 -c "Protocol is TLSv1.3" \ 9129 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9130 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 9131 -c "NamedGroup: secp384r1 ( 18 )" \ 9132 -c "Verifying peer X.509 certificate... ok" \ 9133 -C "received HelloRetryRequest message" 9134 9135 requires_config_enabled MBEDTLS_SSL_SRV_C 9136 requires_config_enabled MBEDTLS_DEBUG_C 9137 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9138 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9139 requires_config_enabled PSA_WANT_ALG_ECDH 9140 requires_config_enabled MBEDTLS_SSL_CLI_C 9141 requires_config_enabled MBEDTLS_DEBUG_C 9142 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9143 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9144 requires_config_enabled PSA_WANT_ALG_ECDH 9145 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \ 9146 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9147 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 9148 0 \ 9149 -s "Protocol is TLSv1.3" \ 9150 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9151 -s "received signature algorithm: 0x804" \ 9152 -s "got named group: secp384r1(0018)" \ 9153 -s "Certificate verification was skipped" \ 9154 -c "Protocol is TLSv1.3" \ 9155 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9156 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 9157 -c "NamedGroup: secp384r1 ( 18 )" \ 9158 -c "Verifying peer X.509 certificate... ok" \ 9159 -C "received HelloRetryRequest message" 9160 9161 requires_config_enabled MBEDTLS_SSL_SRV_C 9162 requires_config_enabled MBEDTLS_DEBUG_C 9163 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9164 requires_config_enabled PSA_WANT_ALG_ECDH 9165 requires_config_enabled MBEDTLS_SSL_CLI_C 9166 requires_config_enabled MBEDTLS_DEBUG_C 9167 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9168 requires_config_enabled PSA_WANT_ALG_ECDH 9169 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \ 9170 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9171 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 9172 0 \ 9173 -s "Protocol is TLSv1.3" \ 9174 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9175 -s "received signature algorithm: 0x403" \ 9176 -s "got named group: secp521r1(0019)" \ 9177 -s "Certificate verification was skipped" \ 9178 -c "Protocol is TLSv1.3" \ 9179 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9180 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 9181 -c "NamedGroup: secp521r1 ( 19 )" \ 9182 -c "Verifying peer X.509 certificate... ok" \ 9183 -C "received HelloRetryRequest message" 9184 9185 requires_config_enabled MBEDTLS_SSL_SRV_C 9186 requires_config_enabled MBEDTLS_DEBUG_C 9187 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9188 requires_config_enabled PSA_WANT_ALG_ECDH 9189 requires_config_enabled MBEDTLS_SSL_CLI_C 9190 requires_config_enabled MBEDTLS_DEBUG_C 9191 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9192 requires_config_enabled PSA_WANT_ALG_ECDH 9193 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \ 9194 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9195 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 9196 0 \ 9197 -s "Protocol is TLSv1.3" \ 9198 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9199 -s "received signature algorithm: 0x503" \ 9200 -s "got named group: secp521r1(0019)" \ 9201 -s "Certificate verification was skipped" \ 9202 -c "Protocol is TLSv1.3" \ 9203 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9204 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9205 -c "NamedGroup: secp521r1 ( 19 )" \ 9206 -c "Verifying peer X.509 certificate... ok" \ 9207 -C "received HelloRetryRequest message" 9208 9209 requires_config_enabled MBEDTLS_SSL_SRV_C 9210 requires_config_enabled MBEDTLS_DEBUG_C 9211 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9212 requires_config_enabled PSA_WANT_ALG_ECDH 9213 requires_config_enabled MBEDTLS_SSL_CLI_C 9214 requires_config_enabled MBEDTLS_DEBUG_C 9215 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9216 requires_config_enabled PSA_WANT_ALG_ECDH 9217 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \ 9218 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9219 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 9220 0 \ 9221 -s "Protocol is TLSv1.3" \ 9222 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9223 -s "received signature algorithm: 0x603" \ 9224 -s "got named group: secp521r1(0019)" \ 9225 -s "Certificate verification was skipped" \ 9226 -c "Protocol is TLSv1.3" \ 9227 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9228 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 9229 -c "NamedGroup: secp521r1 ( 19 )" \ 9230 -c "Verifying peer X.509 certificate... ok" \ 9231 -C "received HelloRetryRequest message" 9232 9233 requires_config_enabled MBEDTLS_SSL_SRV_C 9234 requires_config_enabled MBEDTLS_DEBUG_C 9235 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9236 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9237 requires_config_enabled PSA_WANT_ALG_ECDH 9238 requires_config_enabled MBEDTLS_SSL_CLI_C 9239 requires_config_enabled MBEDTLS_DEBUG_C 9240 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9241 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9242 requires_config_enabled PSA_WANT_ALG_ECDH 9243 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \ 9244 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9245 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 9246 0 \ 9247 -s "Protocol is TLSv1.3" \ 9248 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9249 -s "received signature algorithm: 0x804" \ 9250 -s "got named group: secp521r1(0019)" \ 9251 -s "Certificate verification was skipped" \ 9252 -c "Protocol is TLSv1.3" \ 9253 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9254 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 9255 -c "NamedGroup: secp521r1 ( 19 )" \ 9256 -c "Verifying peer X.509 certificate... ok" \ 9257 -C "received HelloRetryRequest message" 9258 9259 requires_config_enabled MBEDTLS_SSL_SRV_C 9260 requires_config_enabled MBEDTLS_DEBUG_C 9261 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9262 requires_config_enabled PSA_WANT_ALG_ECDH 9263 requires_config_enabled MBEDTLS_SSL_CLI_C 9264 requires_config_enabled MBEDTLS_DEBUG_C 9265 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9266 requires_config_enabled PSA_WANT_ALG_ECDH 9267 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \ 9268 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9269 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 9270 0 \ 9271 -s "Protocol is TLSv1.3" \ 9272 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9273 -s "received signature algorithm: 0x403" \ 9274 -s "got named group: x25519(001d)" \ 9275 -s "Certificate verification was skipped" \ 9276 -c "Protocol is TLSv1.3" \ 9277 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9278 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 9279 -c "NamedGroup: x25519 ( 1d )" \ 9280 -c "Verifying peer X.509 certificate... ok" \ 9281 -C "received HelloRetryRequest message" 9282 9283 requires_config_enabled MBEDTLS_SSL_SRV_C 9284 requires_config_enabled MBEDTLS_DEBUG_C 9285 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9286 requires_config_enabled PSA_WANT_ALG_ECDH 9287 requires_config_enabled MBEDTLS_SSL_CLI_C 9288 requires_config_enabled MBEDTLS_DEBUG_C 9289 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9290 requires_config_enabled PSA_WANT_ALG_ECDH 9291 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \ 9292 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9293 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 9294 0 \ 9295 -s "Protocol is TLSv1.3" \ 9296 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9297 -s "received signature algorithm: 0x503" \ 9298 -s "got named group: x25519(001d)" \ 9299 -s "Certificate verification was skipped" \ 9300 -c "Protocol is TLSv1.3" \ 9301 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9302 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9303 -c "NamedGroup: x25519 ( 1d )" \ 9304 -c "Verifying peer X.509 certificate... ok" \ 9305 -C "received HelloRetryRequest message" 9306 9307 requires_config_enabled MBEDTLS_SSL_SRV_C 9308 requires_config_enabled MBEDTLS_DEBUG_C 9309 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9310 requires_config_enabled PSA_WANT_ALG_ECDH 9311 requires_config_enabled MBEDTLS_SSL_CLI_C 9312 requires_config_enabled MBEDTLS_DEBUG_C 9313 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9314 requires_config_enabled PSA_WANT_ALG_ECDH 9315 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \ 9316 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9317 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 9318 0 \ 9319 -s "Protocol is TLSv1.3" \ 9320 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9321 -s "received signature algorithm: 0x603" \ 9322 -s "got named group: x25519(001d)" \ 9323 -s "Certificate verification was skipped" \ 9324 -c "Protocol is TLSv1.3" \ 9325 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9326 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 9327 -c "NamedGroup: x25519 ( 1d )" \ 9328 -c "Verifying peer X.509 certificate... ok" \ 9329 -C "received HelloRetryRequest message" 9330 9331 requires_config_enabled MBEDTLS_SSL_SRV_C 9332 requires_config_enabled MBEDTLS_DEBUG_C 9333 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9334 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9335 requires_config_enabled PSA_WANT_ALG_ECDH 9336 requires_config_enabled MBEDTLS_SSL_CLI_C 9337 requires_config_enabled MBEDTLS_DEBUG_C 9338 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9339 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9340 requires_config_enabled PSA_WANT_ALG_ECDH 9341 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \ 9342 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9343 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 9344 0 \ 9345 -s "Protocol is TLSv1.3" \ 9346 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9347 -s "received signature algorithm: 0x804" \ 9348 -s "got named group: x25519(001d)" \ 9349 -s "Certificate verification was skipped" \ 9350 -c "Protocol is TLSv1.3" \ 9351 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9352 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 9353 -c "NamedGroup: x25519 ( 1d )" \ 9354 -c "Verifying peer X.509 certificate... ok" \ 9355 -C "received HelloRetryRequest message" 9356 9357 requires_config_enabled MBEDTLS_SSL_SRV_C 9358 requires_config_enabled MBEDTLS_DEBUG_C 9359 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9360 requires_config_enabled PSA_WANT_ALG_ECDH 9361 requires_config_enabled MBEDTLS_SSL_CLI_C 9362 requires_config_enabled MBEDTLS_DEBUG_C 9363 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9364 requires_config_enabled PSA_WANT_ALG_ECDH 9365 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \ 9366 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9367 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 9368 0 \ 9369 -s "Protocol is TLSv1.3" \ 9370 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9371 -s "received signature algorithm: 0x403" \ 9372 -s "got named group: x448(001e)" \ 9373 -s "Certificate verification was skipped" \ 9374 -c "Protocol is TLSv1.3" \ 9375 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9376 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 9377 -c "NamedGroup: x448 ( 1e )" \ 9378 -c "Verifying peer X.509 certificate... ok" \ 9379 -C "received HelloRetryRequest message" 9380 9381 requires_config_enabled MBEDTLS_SSL_SRV_C 9382 requires_config_enabled MBEDTLS_DEBUG_C 9383 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9384 requires_config_enabled PSA_WANT_ALG_ECDH 9385 requires_config_enabled MBEDTLS_SSL_CLI_C 9386 requires_config_enabled MBEDTLS_DEBUG_C 9387 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9388 requires_config_enabled PSA_WANT_ALG_ECDH 9389 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \ 9390 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9391 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 9392 0 \ 9393 -s "Protocol is TLSv1.3" \ 9394 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9395 -s "received signature algorithm: 0x503" \ 9396 -s "got named group: x448(001e)" \ 9397 -s "Certificate verification was skipped" \ 9398 -c "Protocol is TLSv1.3" \ 9399 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9400 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9401 -c "NamedGroup: x448 ( 1e )" \ 9402 -c "Verifying peer X.509 certificate... ok" \ 9403 -C "received HelloRetryRequest message" 9404 9405 requires_config_enabled MBEDTLS_SSL_SRV_C 9406 requires_config_enabled MBEDTLS_DEBUG_C 9407 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9408 requires_config_enabled PSA_WANT_ALG_ECDH 9409 requires_config_enabled MBEDTLS_SSL_CLI_C 9410 requires_config_enabled MBEDTLS_DEBUG_C 9411 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9412 requires_config_enabled PSA_WANT_ALG_ECDH 9413 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \ 9414 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9415 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 9416 0 \ 9417 -s "Protocol is TLSv1.3" \ 9418 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9419 -s "received signature algorithm: 0x603" \ 9420 -s "got named group: x448(001e)" \ 9421 -s "Certificate verification was skipped" \ 9422 -c "Protocol is TLSv1.3" \ 9423 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9424 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 9425 -c "NamedGroup: x448 ( 1e )" \ 9426 -c "Verifying peer X.509 certificate... ok" \ 9427 -C "received HelloRetryRequest message" 9428 9429 requires_config_enabled MBEDTLS_SSL_SRV_C 9430 requires_config_enabled MBEDTLS_DEBUG_C 9431 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9432 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9433 requires_config_enabled PSA_WANT_ALG_ECDH 9434 requires_config_enabled MBEDTLS_SSL_CLI_C 9435 requires_config_enabled MBEDTLS_DEBUG_C 9436 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9437 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9438 requires_config_enabled PSA_WANT_ALG_ECDH 9439 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \ 9440 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9441 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 9442 0 \ 9443 -s "Protocol is TLSv1.3" \ 9444 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9445 -s "received signature algorithm: 0x804" \ 9446 -s "got named group: x448(001e)" \ 9447 -s "Certificate verification was skipped" \ 9448 -c "Protocol is TLSv1.3" \ 9449 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9450 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 9451 -c "NamedGroup: x448 ( 1e )" \ 9452 -c "Verifying peer X.509 certificate... ok" \ 9453 -C "received HelloRetryRequest message" 9454 9455 requires_config_enabled MBEDTLS_SSL_SRV_C 9456 requires_config_enabled MBEDTLS_DEBUG_C 9457 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9458 requires_config_enabled PSA_WANT_ALG_FFDH 9459 requires_config_enabled PSA_WANT_DH_RFC7919_2048 9460 requires_config_enabled MBEDTLS_SSL_CLI_C 9461 requires_config_enabled MBEDTLS_DEBUG_C 9462 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9463 requires_config_enabled PSA_WANT_ALG_FFDH 9464 requires_config_enabled PSA_WANT_DH_RFC7919_2048 9465 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \ 9466 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9467 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 9468 0 \ 9469 -s "Protocol is TLSv1.3" \ 9470 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9471 -s "received signature algorithm: 0x403" \ 9472 -s "got named group: ffdhe2048(0100)" \ 9473 -s "Certificate verification was skipped" \ 9474 -c "Protocol is TLSv1.3" \ 9475 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9476 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 9477 -c "NamedGroup: ffdhe2048 ( 100 )" \ 9478 -c "Verifying peer X.509 certificate... ok" \ 9479 -C "received HelloRetryRequest message" 9480 9481 requires_config_enabled MBEDTLS_SSL_SRV_C 9482 requires_config_enabled MBEDTLS_DEBUG_C 9483 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9484 requires_config_enabled PSA_WANT_ALG_FFDH 9485 requires_config_enabled PSA_WANT_DH_RFC7919_2048 9486 requires_config_enabled MBEDTLS_SSL_CLI_C 9487 requires_config_enabled MBEDTLS_DEBUG_C 9488 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9489 requires_config_enabled PSA_WANT_ALG_FFDH 9490 requires_config_enabled PSA_WANT_DH_RFC7919_2048 9491 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \ 9492 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9493 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 9494 0 \ 9495 -s "Protocol is TLSv1.3" \ 9496 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9497 -s "received signature algorithm: 0x503" \ 9498 -s "got named group: ffdhe2048(0100)" \ 9499 -s "Certificate verification was skipped" \ 9500 -c "Protocol is TLSv1.3" \ 9501 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9502 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9503 -c "NamedGroup: ffdhe2048 ( 100 )" \ 9504 -c "Verifying peer X.509 certificate... ok" \ 9505 -C "received HelloRetryRequest message" 9506 9507 requires_config_enabled MBEDTLS_SSL_SRV_C 9508 requires_config_enabled MBEDTLS_DEBUG_C 9509 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9510 requires_config_enabled PSA_WANT_ALG_FFDH 9511 requires_config_enabled PSA_WANT_DH_RFC7919_2048 9512 requires_config_enabled MBEDTLS_SSL_CLI_C 9513 requires_config_enabled MBEDTLS_DEBUG_C 9514 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9515 requires_config_enabled PSA_WANT_ALG_FFDH 9516 requires_config_enabled PSA_WANT_DH_RFC7919_2048 9517 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \ 9518 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9519 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 9520 0 \ 9521 -s "Protocol is TLSv1.3" \ 9522 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9523 -s "received signature algorithm: 0x603" \ 9524 -s "got named group: ffdhe2048(0100)" \ 9525 -s "Certificate verification was skipped" \ 9526 -c "Protocol is TLSv1.3" \ 9527 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9528 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 9529 -c "NamedGroup: ffdhe2048 ( 100 )" \ 9530 -c "Verifying peer X.509 certificate... ok" \ 9531 -C "received HelloRetryRequest message" 9532 9533 requires_config_enabled MBEDTLS_SSL_SRV_C 9534 requires_config_enabled MBEDTLS_DEBUG_C 9535 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9536 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9537 requires_config_enabled PSA_WANT_ALG_FFDH 9538 requires_config_enabled PSA_WANT_DH_RFC7919_2048 9539 requires_config_enabled MBEDTLS_SSL_CLI_C 9540 requires_config_enabled MBEDTLS_DEBUG_C 9541 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9542 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9543 requires_config_enabled PSA_WANT_ALG_FFDH 9544 requires_config_enabled PSA_WANT_DH_RFC7919_2048 9545 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ 9546 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9547 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 9548 0 \ 9549 -s "Protocol is TLSv1.3" \ 9550 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \ 9551 -s "received signature algorithm: 0x804" \ 9552 -s "got named group: ffdhe2048(0100)" \ 9553 -s "Certificate verification was skipped" \ 9554 -c "Protocol is TLSv1.3" \ 9555 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \ 9556 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 9557 -c "NamedGroup: ffdhe2048 ( 100 )" \ 9558 -c "Verifying peer X.509 certificate... ok" \ 9559 -C "received HelloRetryRequest message" 9560 9561 requires_config_enabled MBEDTLS_SSL_SRV_C 9562 requires_config_enabled MBEDTLS_DEBUG_C 9563 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9564 requires_config_enabled PSA_WANT_ALG_ECDH 9565 requires_config_enabled MBEDTLS_SSL_CLI_C 9566 requires_config_enabled MBEDTLS_DEBUG_C 9567 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9568 requires_config_enabled PSA_WANT_ALG_ECDH 9569 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 9570 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9571 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 9572 0 \ 9573 -s "Protocol is TLSv1.3" \ 9574 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9575 -s "received signature algorithm: 0x403" \ 9576 -s "got named group: secp256r1(0017)" \ 9577 -s "Certificate verification was skipped" \ 9578 -c "Protocol is TLSv1.3" \ 9579 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9580 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 9581 -c "NamedGroup: secp256r1 ( 17 )" \ 9582 -c "Verifying peer X.509 certificate... ok" \ 9583 -C "received HelloRetryRequest message" 9584 9585 requires_config_enabled MBEDTLS_SSL_SRV_C 9586 requires_config_enabled MBEDTLS_DEBUG_C 9587 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9588 requires_config_enabled PSA_WANT_ALG_ECDH 9589 requires_config_enabled MBEDTLS_SSL_CLI_C 9590 requires_config_enabled MBEDTLS_DEBUG_C 9591 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9592 requires_config_enabled PSA_WANT_ALG_ECDH 9593 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 9594 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9595 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 9596 0 \ 9597 -s "Protocol is TLSv1.3" \ 9598 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9599 -s "received signature algorithm: 0x503" \ 9600 -s "got named group: secp256r1(0017)" \ 9601 -s "Certificate verification was skipped" \ 9602 -c "Protocol is TLSv1.3" \ 9603 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9604 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9605 -c "NamedGroup: secp256r1 ( 17 )" \ 9606 -c "Verifying peer X.509 certificate... ok" \ 9607 -C "received HelloRetryRequest message" 9608 9609 requires_config_enabled MBEDTLS_SSL_SRV_C 9610 requires_config_enabled MBEDTLS_DEBUG_C 9611 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9612 requires_config_enabled PSA_WANT_ALG_ECDH 9613 requires_config_enabled MBEDTLS_SSL_CLI_C 9614 requires_config_enabled MBEDTLS_DEBUG_C 9615 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9616 requires_config_enabled PSA_WANT_ALG_ECDH 9617 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 9618 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9619 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 9620 0 \ 9621 -s "Protocol is TLSv1.3" \ 9622 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9623 -s "received signature algorithm: 0x603" \ 9624 -s "got named group: secp256r1(0017)" \ 9625 -s "Certificate verification was skipped" \ 9626 -c "Protocol is TLSv1.3" \ 9627 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9628 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 9629 -c "NamedGroup: secp256r1 ( 17 )" \ 9630 -c "Verifying peer X.509 certificate... ok" \ 9631 -C "received HelloRetryRequest message" 9632 9633 requires_config_enabled MBEDTLS_SSL_SRV_C 9634 requires_config_enabled MBEDTLS_DEBUG_C 9635 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9636 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9637 requires_config_enabled PSA_WANT_ALG_ECDH 9638 requires_config_enabled MBEDTLS_SSL_CLI_C 9639 requires_config_enabled MBEDTLS_DEBUG_C 9640 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9641 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9642 requires_config_enabled PSA_WANT_ALG_ECDH 9643 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 9644 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9645 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 9646 0 \ 9647 -s "Protocol is TLSv1.3" \ 9648 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9649 -s "received signature algorithm: 0x804" \ 9650 -s "got named group: secp256r1(0017)" \ 9651 -s "Certificate verification was skipped" \ 9652 -c "Protocol is TLSv1.3" \ 9653 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9654 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 9655 -c "NamedGroup: secp256r1 ( 17 )" \ 9656 -c "Verifying peer X.509 certificate... ok" \ 9657 -C "received HelloRetryRequest message" 9658 9659 requires_config_enabled MBEDTLS_SSL_SRV_C 9660 requires_config_enabled MBEDTLS_DEBUG_C 9661 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9662 requires_config_enabled PSA_WANT_ALG_ECDH 9663 requires_config_enabled MBEDTLS_SSL_CLI_C 9664 requires_config_enabled MBEDTLS_DEBUG_C 9665 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9666 requires_config_enabled PSA_WANT_ALG_ECDH 9667 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 9668 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9669 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 9670 0 \ 9671 -s "Protocol is TLSv1.3" \ 9672 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9673 -s "received signature algorithm: 0x403" \ 9674 -s "got named group: secp384r1(0018)" \ 9675 -s "Certificate verification was skipped" \ 9676 -c "Protocol is TLSv1.3" \ 9677 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9678 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 9679 -c "NamedGroup: secp384r1 ( 18 )" \ 9680 -c "Verifying peer X.509 certificate... ok" \ 9681 -C "received HelloRetryRequest message" 9682 9683 requires_config_enabled MBEDTLS_SSL_SRV_C 9684 requires_config_enabled MBEDTLS_DEBUG_C 9685 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9686 requires_config_enabled PSA_WANT_ALG_ECDH 9687 requires_config_enabled MBEDTLS_SSL_CLI_C 9688 requires_config_enabled MBEDTLS_DEBUG_C 9689 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9690 requires_config_enabled PSA_WANT_ALG_ECDH 9691 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 9692 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9693 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 9694 0 \ 9695 -s "Protocol is TLSv1.3" \ 9696 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9697 -s "received signature algorithm: 0x503" \ 9698 -s "got named group: secp384r1(0018)" \ 9699 -s "Certificate verification was skipped" \ 9700 -c "Protocol is TLSv1.3" \ 9701 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9702 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9703 -c "NamedGroup: secp384r1 ( 18 )" \ 9704 -c "Verifying peer X.509 certificate... ok" \ 9705 -C "received HelloRetryRequest message" 9706 9707 requires_config_enabled MBEDTLS_SSL_SRV_C 9708 requires_config_enabled MBEDTLS_DEBUG_C 9709 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9710 requires_config_enabled PSA_WANT_ALG_ECDH 9711 requires_config_enabled MBEDTLS_SSL_CLI_C 9712 requires_config_enabled MBEDTLS_DEBUG_C 9713 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9714 requires_config_enabled PSA_WANT_ALG_ECDH 9715 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 9716 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9717 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 9718 0 \ 9719 -s "Protocol is TLSv1.3" \ 9720 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9721 -s "received signature algorithm: 0x603" \ 9722 -s "got named group: secp384r1(0018)" \ 9723 -s "Certificate verification was skipped" \ 9724 -c "Protocol is TLSv1.3" \ 9725 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9726 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 9727 -c "NamedGroup: secp384r1 ( 18 )" \ 9728 -c "Verifying peer X.509 certificate... ok" \ 9729 -C "received HelloRetryRequest message" 9730 9731 requires_config_enabled MBEDTLS_SSL_SRV_C 9732 requires_config_enabled MBEDTLS_DEBUG_C 9733 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9734 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9735 requires_config_enabled PSA_WANT_ALG_ECDH 9736 requires_config_enabled MBEDTLS_SSL_CLI_C 9737 requires_config_enabled MBEDTLS_DEBUG_C 9738 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9739 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9740 requires_config_enabled PSA_WANT_ALG_ECDH 9741 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 9742 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9743 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 9744 0 \ 9745 -s "Protocol is TLSv1.3" \ 9746 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9747 -s "received signature algorithm: 0x804" \ 9748 -s "got named group: secp384r1(0018)" \ 9749 -s "Certificate verification was skipped" \ 9750 -c "Protocol is TLSv1.3" \ 9751 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9752 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 9753 -c "NamedGroup: secp384r1 ( 18 )" \ 9754 -c "Verifying peer X.509 certificate... ok" \ 9755 -C "received HelloRetryRequest message" 9756 9757 requires_config_enabled MBEDTLS_SSL_SRV_C 9758 requires_config_enabled MBEDTLS_DEBUG_C 9759 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9760 requires_config_enabled PSA_WANT_ALG_ECDH 9761 requires_config_enabled MBEDTLS_SSL_CLI_C 9762 requires_config_enabled MBEDTLS_DEBUG_C 9763 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9764 requires_config_enabled PSA_WANT_ALG_ECDH 9765 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 9766 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9767 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 9768 0 \ 9769 -s "Protocol is TLSv1.3" \ 9770 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9771 -s "received signature algorithm: 0x403" \ 9772 -s "got named group: secp521r1(0019)" \ 9773 -s "Certificate verification was skipped" \ 9774 -c "Protocol is TLSv1.3" \ 9775 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9776 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 9777 -c "NamedGroup: secp521r1 ( 19 )" \ 9778 -c "Verifying peer X.509 certificate... ok" \ 9779 -C "received HelloRetryRequest message" 9780 9781 requires_config_enabled MBEDTLS_SSL_SRV_C 9782 requires_config_enabled MBEDTLS_DEBUG_C 9783 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9784 requires_config_enabled PSA_WANT_ALG_ECDH 9785 requires_config_enabled MBEDTLS_SSL_CLI_C 9786 requires_config_enabled MBEDTLS_DEBUG_C 9787 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9788 requires_config_enabled PSA_WANT_ALG_ECDH 9789 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 9790 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9791 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 9792 0 \ 9793 -s "Protocol is TLSv1.3" \ 9794 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9795 -s "received signature algorithm: 0x503" \ 9796 -s "got named group: secp521r1(0019)" \ 9797 -s "Certificate verification was skipped" \ 9798 -c "Protocol is TLSv1.3" \ 9799 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9800 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9801 -c "NamedGroup: secp521r1 ( 19 )" \ 9802 -c "Verifying peer X.509 certificate... ok" \ 9803 -C "received HelloRetryRequest message" 9804 9805 requires_config_enabled MBEDTLS_SSL_SRV_C 9806 requires_config_enabled MBEDTLS_DEBUG_C 9807 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9808 requires_config_enabled PSA_WANT_ALG_ECDH 9809 requires_config_enabled MBEDTLS_SSL_CLI_C 9810 requires_config_enabled MBEDTLS_DEBUG_C 9811 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9812 requires_config_enabled PSA_WANT_ALG_ECDH 9813 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 9814 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9815 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 9816 0 \ 9817 -s "Protocol is TLSv1.3" \ 9818 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9819 -s "received signature algorithm: 0x603" \ 9820 -s "got named group: secp521r1(0019)" \ 9821 -s "Certificate verification was skipped" \ 9822 -c "Protocol is TLSv1.3" \ 9823 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9824 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 9825 -c "NamedGroup: secp521r1 ( 19 )" \ 9826 -c "Verifying peer X.509 certificate... ok" \ 9827 -C "received HelloRetryRequest message" 9828 9829 requires_config_enabled MBEDTLS_SSL_SRV_C 9830 requires_config_enabled MBEDTLS_DEBUG_C 9831 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9832 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9833 requires_config_enabled PSA_WANT_ALG_ECDH 9834 requires_config_enabled MBEDTLS_SSL_CLI_C 9835 requires_config_enabled MBEDTLS_DEBUG_C 9836 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9837 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9838 requires_config_enabled PSA_WANT_ALG_ECDH 9839 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 9840 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9841 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 9842 0 \ 9843 -s "Protocol is TLSv1.3" \ 9844 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9845 -s "received signature algorithm: 0x804" \ 9846 -s "got named group: secp521r1(0019)" \ 9847 -s "Certificate verification was skipped" \ 9848 -c "Protocol is TLSv1.3" \ 9849 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9850 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 9851 -c "NamedGroup: secp521r1 ( 19 )" \ 9852 -c "Verifying peer X.509 certificate... ok" \ 9853 -C "received HelloRetryRequest message" 9854 9855 requires_config_enabled MBEDTLS_SSL_SRV_C 9856 requires_config_enabled MBEDTLS_DEBUG_C 9857 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9858 requires_config_enabled PSA_WANT_ALG_ECDH 9859 requires_config_enabled MBEDTLS_SSL_CLI_C 9860 requires_config_enabled MBEDTLS_DEBUG_C 9861 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9862 requires_config_enabled PSA_WANT_ALG_ECDH 9863 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \ 9864 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9865 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 9866 0 \ 9867 -s "Protocol is TLSv1.3" \ 9868 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9869 -s "received signature algorithm: 0x403" \ 9870 -s "got named group: x25519(001d)" \ 9871 -s "Certificate verification was skipped" \ 9872 -c "Protocol is TLSv1.3" \ 9873 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9874 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 9875 -c "NamedGroup: x25519 ( 1d )" \ 9876 -c "Verifying peer X.509 certificate... ok" \ 9877 -C "received HelloRetryRequest message" 9878 9879 requires_config_enabled MBEDTLS_SSL_SRV_C 9880 requires_config_enabled MBEDTLS_DEBUG_C 9881 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9882 requires_config_enabled PSA_WANT_ALG_ECDH 9883 requires_config_enabled MBEDTLS_SSL_CLI_C 9884 requires_config_enabled MBEDTLS_DEBUG_C 9885 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9886 requires_config_enabled PSA_WANT_ALG_ECDH 9887 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \ 9888 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9889 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 9890 0 \ 9891 -s "Protocol is TLSv1.3" \ 9892 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9893 -s "received signature algorithm: 0x503" \ 9894 -s "got named group: x25519(001d)" \ 9895 -s "Certificate verification was skipped" \ 9896 -c "Protocol is TLSv1.3" \ 9897 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9898 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9899 -c "NamedGroup: x25519 ( 1d )" \ 9900 -c "Verifying peer X.509 certificate... ok" \ 9901 -C "received HelloRetryRequest message" 9902 9903 requires_config_enabled MBEDTLS_SSL_SRV_C 9904 requires_config_enabled MBEDTLS_DEBUG_C 9905 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9906 requires_config_enabled PSA_WANT_ALG_ECDH 9907 requires_config_enabled MBEDTLS_SSL_CLI_C 9908 requires_config_enabled MBEDTLS_DEBUG_C 9909 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9910 requires_config_enabled PSA_WANT_ALG_ECDH 9911 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \ 9912 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9913 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 9914 0 \ 9915 -s "Protocol is TLSv1.3" \ 9916 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9917 -s "received signature algorithm: 0x603" \ 9918 -s "got named group: x25519(001d)" \ 9919 -s "Certificate verification was skipped" \ 9920 -c "Protocol is TLSv1.3" \ 9921 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9922 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 9923 -c "NamedGroup: x25519 ( 1d )" \ 9924 -c "Verifying peer X.509 certificate... ok" \ 9925 -C "received HelloRetryRequest message" 9926 9927 requires_config_enabled MBEDTLS_SSL_SRV_C 9928 requires_config_enabled MBEDTLS_DEBUG_C 9929 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9930 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9931 requires_config_enabled PSA_WANT_ALG_ECDH 9932 requires_config_enabled MBEDTLS_SSL_CLI_C 9933 requires_config_enabled MBEDTLS_DEBUG_C 9934 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9935 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 9936 requires_config_enabled PSA_WANT_ALG_ECDH 9937 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \ 9938 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9939 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 9940 0 \ 9941 -s "Protocol is TLSv1.3" \ 9942 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9943 -s "received signature algorithm: 0x804" \ 9944 -s "got named group: x25519(001d)" \ 9945 -s "Certificate verification was skipped" \ 9946 -c "Protocol is TLSv1.3" \ 9947 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9948 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 9949 -c "NamedGroup: x25519 ( 1d )" \ 9950 -c "Verifying peer X.509 certificate... ok" \ 9951 -C "received HelloRetryRequest message" 9952 9953 requires_config_enabled MBEDTLS_SSL_SRV_C 9954 requires_config_enabled MBEDTLS_DEBUG_C 9955 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9956 requires_config_enabled PSA_WANT_ALG_ECDH 9957 requires_config_enabled MBEDTLS_SSL_CLI_C 9958 requires_config_enabled MBEDTLS_DEBUG_C 9959 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9960 requires_config_enabled PSA_WANT_ALG_ECDH 9961 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \ 9962 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9963 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 9964 0 \ 9965 -s "Protocol is TLSv1.3" \ 9966 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9967 -s "received signature algorithm: 0x403" \ 9968 -s "got named group: x448(001e)" \ 9969 -s "Certificate verification was skipped" \ 9970 -c "Protocol is TLSv1.3" \ 9971 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9972 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 9973 -c "NamedGroup: x448 ( 1e )" \ 9974 -c "Verifying peer X.509 certificate... ok" \ 9975 -C "received HelloRetryRequest message" 9976 9977 requires_config_enabled MBEDTLS_SSL_SRV_C 9978 requires_config_enabled MBEDTLS_DEBUG_C 9979 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9980 requires_config_enabled PSA_WANT_ALG_ECDH 9981 requires_config_enabled MBEDTLS_SSL_CLI_C 9982 requires_config_enabled MBEDTLS_DEBUG_C 9983 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 9984 requires_config_enabled PSA_WANT_ALG_ECDH 9985 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \ 9986 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 9987 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 9988 0 \ 9989 -s "Protocol is TLSv1.3" \ 9990 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 9991 -s "received signature algorithm: 0x503" \ 9992 -s "got named group: x448(001e)" \ 9993 -s "Certificate verification was skipped" \ 9994 -c "Protocol is TLSv1.3" \ 9995 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 9996 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 9997 -c "NamedGroup: x448 ( 1e )" \ 9998 -c "Verifying peer X.509 certificate... ok" \ 9999 -C "received HelloRetryRequest message" 10000 10001 requires_config_enabled MBEDTLS_SSL_SRV_C 10002 requires_config_enabled MBEDTLS_DEBUG_C 10003 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10004 requires_config_enabled PSA_WANT_ALG_ECDH 10005 requires_config_enabled MBEDTLS_SSL_CLI_C 10006 requires_config_enabled MBEDTLS_DEBUG_C 10007 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10008 requires_config_enabled PSA_WANT_ALG_ECDH 10009 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \ 10010 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10011 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 10012 0 \ 10013 -s "Protocol is TLSv1.3" \ 10014 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 10015 -s "received signature algorithm: 0x603" \ 10016 -s "got named group: x448(001e)" \ 10017 -s "Certificate verification was skipped" \ 10018 -c "Protocol is TLSv1.3" \ 10019 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 10020 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 10021 -c "NamedGroup: x448 ( 1e )" \ 10022 -c "Verifying peer X.509 certificate... ok" \ 10023 -C "received HelloRetryRequest message" 10024 10025 requires_config_enabled MBEDTLS_SSL_SRV_C 10026 requires_config_enabled MBEDTLS_DEBUG_C 10027 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10028 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10029 requires_config_enabled PSA_WANT_ALG_ECDH 10030 requires_config_enabled MBEDTLS_SSL_CLI_C 10031 requires_config_enabled MBEDTLS_DEBUG_C 10032 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10033 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10034 requires_config_enabled PSA_WANT_ALG_ECDH 10035 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \ 10036 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10037 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 10038 0 \ 10039 -s "Protocol is TLSv1.3" \ 10040 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 10041 -s "received signature algorithm: 0x804" \ 10042 -s "got named group: x448(001e)" \ 10043 -s "Certificate verification was skipped" \ 10044 -c "Protocol is TLSv1.3" \ 10045 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 10046 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 10047 -c "NamedGroup: x448 ( 1e )" \ 10048 -c "Verifying peer X.509 certificate... ok" \ 10049 -C "received HelloRetryRequest message" 10050 10051 requires_config_enabled MBEDTLS_SSL_SRV_C 10052 requires_config_enabled MBEDTLS_DEBUG_C 10053 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10054 requires_config_enabled PSA_WANT_ALG_FFDH 10055 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10056 requires_config_enabled MBEDTLS_SSL_CLI_C 10057 requires_config_enabled MBEDTLS_DEBUG_C 10058 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10059 requires_config_enabled PSA_WANT_ALG_FFDH 10060 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10061 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 10062 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10063 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 10064 0 \ 10065 -s "Protocol is TLSv1.3" \ 10066 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 10067 -s "received signature algorithm: 0x403" \ 10068 -s "got named group: ffdhe2048(0100)" \ 10069 -s "Certificate verification was skipped" \ 10070 -c "Protocol is TLSv1.3" \ 10071 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 10072 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 10073 -c "NamedGroup: ffdhe2048 ( 100 )" \ 10074 -c "Verifying peer X.509 certificate... ok" \ 10075 -C "received HelloRetryRequest message" 10076 10077 requires_config_enabled MBEDTLS_SSL_SRV_C 10078 requires_config_enabled MBEDTLS_DEBUG_C 10079 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10080 requires_config_enabled PSA_WANT_ALG_FFDH 10081 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10082 requires_config_enabled MBEDTLS_SSL_CLI_C 10083 requires_config_enabled MBEDTLS_DEBUG_C 10084 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10085 requires_config_enabled PSA_WANT_ALG_FFDH 10086 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10087 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 10088 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10089 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 10090 0 \ 10091 -s "Protocol is TLSv1.3" \ 10092 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 10093 -s "received signature algorithm: 0x503" \ 10094 -s "got named group: ffdhe2048(0100)" \ 10095 -s "Certificate verification was skipped" \ 10096 -c "Protocol is TLSv1.3" \ 10097 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 10098 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 10099 -c "NamedGroup: ffdhe2048 ( 100 )" \ 10100 -c "Verifying peer X.509 certificate... ok" \ 10101 -C "received HelloRetryRequest message" 10102 10103 requires_config_enabled MBEDTLS_SSL_SRV_C 10104 requires_config_enabled MBEDTLS_DEBUG_C 10105 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10106 requires_config_enabled PSA_WANT_ALG_FFDH 10107 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10108 requires_config_enabled MBEDTLS_SSL_CLI_C 10109 requires_config_enabled MBEDTLS_DEBUG_C 10110 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10111 requires_config_enabled PSA_WANT_ALG_FFDH 10112 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10113 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 10114 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10115 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 10116 0 \ 10117 -s "Protocol is TLSv1.3" \ 10118 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 10119 -s "received signature algorithm: 0x603" \ 10120 -s "got named group: ffdhe2048(0100)" \ 10121 -s "Certificate verification was skipped" \ 10122 -c "Protocol is TLSv1.3" \ 10123 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 10124 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 10125 -c "NamedGroup: ffdhe2048 ( 100 )" \ 10126 -c "Verifying peer X.509 certificate... ok" \ 10127 -C "received HelloRetryRequest message" 10128 10129 requires_config_enabled MBEDTLS_SSL_SRV_C 10130 requires_config_enabled MBEDTLS_DEBUG_C 10131 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10132 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10133 requires_config_enabled PSA_WANT_ALG_FFDH 10134 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10135 requires_config_enabled MBEDTLS_SSL_CLI_C 10136 requires_config_enabled MBEDTLS_DEBUG_C 10137 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10138 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10139 requires_config_enabled PSA_WANT_ALG_FFDH 10140 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10141 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 10142 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10143 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 10144 0 \ 10145 -s "Protocol is TLSv1.3" \ 10146 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \ 10147 -s "received signature algorithm: 0x804" \ 10148 -s "got named group: ffdhe2048(0100)" \ 10149 -s "Certificate verification was skipped" \ 10150 -c "Protocol is TLSv1.3" \ 10151 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 10152 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 10153 -c "NamedGroup: ffdhe2048 ( 100 )" \ 10154 -c "Verifying peer X.509 certificate... ok" \ 10155 -C "received HelloRetryRequest message" 10156 10157 requires_config_enabled MBEDTLS_SSL_SRV_C 10158 requires_config_enabled MBEDTLS_DEBUG_C 10159 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10160 requires_config_enabled PSA_WANT_ALG_ECDH 10161 requires_config_enabled MBEDTLS_SSL_CLI_C 10162 requires_config_enabled MBEDTLS_DEBUG_C 10163 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10164 requires_config_enabled PSA_WANT_ALG_ECDH 10165 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 10166 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10167 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 10168 0 \ 10169 -s "Protocol is TLSv1.3" \ 10170 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10171 -s "received signature algorithm: 0x403" \ 10172 -s "got named group: secp256r1(0017)" \ 10173 -s "Certificate verification was skipped" \ 10174 -c "Protocol is TLSv1.3" \ 10175 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10176 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 10177 -c "NamedGroup: secp256r1 ( 17 )" \ 10178 -c "Verifying peer X.509 certificate... ok" \ 10179 -C "received HelloRetryRequest message" 10180 10181 requires_config_enabled MBEDTLS_SSL_SRV_C 10182 requires_config_enabled MBEDTLS_DEBUG_C 10183 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10184 requires_config_enabled PSA_WANT_ALG_ECDH 10185 requires_config_enabled MBEDTLS_SSL_CLI_C 10186 requires_config_enabled MBEDTLS_DEBUG_C 10187 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10188 requires_config_enabled PSA_WANT_ALG_ECDH 10189 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 10190 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10191 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 10192 0 \ 10193 -s "Protocol is TLSv1.3" \ 10194 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10195 -s "received signature algorithm: 0x503" \ 10196 -s "got named group: secp256r1(0017)" \ 10197 -s "Certificate verification was skipped" \ 10198 -c "Protocol is TLSv1.3" \ 10199 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10200 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 10201 -c "NamedGroup: secp256r1 ( 17 )" \ 10202 -c "Verifying peer X.509 certificate... ok" \ 10203 -C "received HelloRetryRequest message" 10204 10205 requires_config_enabled MBEDTLS_SSL_SRV_C 10206 requires_config_enabled MBEDTLS_DEBUG_C 10207 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10208 requires_config_enabled PSA_WANT_ALG_ECDH 10209 requires_config_enabled MBEDTLS_SSL_CLI_C 10210 requires_config_enabled MBEDTLS_DEBUG_C 10211 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10212 requires_config_enabled PSA_WANT_ALG_ECDH 10213 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 10214 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10215 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 10216 0 \ 10217 -s "Protocol is TLSv1.3" \ 10218 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10219 -s "received signature algorithm: 0x603" \ 10220 -s "got named group: secp256r1(0017)" \ 10221 -s "Certificate verification was skipped" \ 10222 -c "Protocol is TLSv1.3" \ 10223 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10224 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 10225 -c "NamedGroup: secp256r1 ( 17 )" \ 10226 -c "Verifying peer X.509 certificate... ok" \ 10227 -C "received HelloRetryRequest message" 10228 10229 requires_config_enabled MBEDTLS_SSL_SRV_C 10230 requires_config_enabled MBEDTLS_DEBUG_C 10231 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10232 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10233 requires_config_enabled PSA_WANT_ALG_ECDH 10234 requires_config_enabled MBEDTLS_SSL_CLI_C 10235 requires_config_enabled MBEDTLS_DEBUG_C 10236 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10237 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10238 requires_config_enabled PSA_WANT_ALG_ECDH 10239 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 10240 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10241 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 10242 0 \ 10243 -s "Protocol is TLSv1.3" \ 10244 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10245 -s "received signature algorithm: 0x804" \ 10246 -s "got named group: secp256r1(0017)" \ 10247 -s "Certificate verification was skipped" \ 10248 -c "Protocol is TLSv1.3" \ 10249 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10250 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 10251 -c "NamedGroup: secp256r1 ( 17 )" \ 10252 -c "Verifying peer X.509 certificate... ok" \ 10253 -C "received HelloRetryRequest message" 10254 10255 requires_config_enabled MBEDTLS_SSL_SRV_C 10256 requires_config_enabled MBEDTLS_DEBUG_C 10257 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10258 requires_config_enabled PSA_WANT_ALG_ECDH 10259 requires_config_enabled MBEDTLS_SSL_CLI_C 10260 requires_config_enabled MBEDTLS_DEBUG_C 10261 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10262 requires_config_enabled PSA_WANT_ALG_ECDH 10263 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 10264 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10265 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 10266 0 \ 10267 -s "Protocol is TLSv1.3" \ 10268 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10269 -s "received signature algorithm: 0x403" \ 10270 -s "got named group: secp384r1(0018)" \ 10271 -s "Certificate verification was skipped" \ 10272 -c "Protocol is TLSv1.3" \ 10273 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10274 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 10275 -c "NamedGroup: secp384r1 ( 18 )" \ 10276 -c "Verifying peer X.509 certificate... ok" \ 10277 -C "received HelloRetryRequest message" 10278 10279 requires_config_enabled MBEDTLS_SSL_SRV_C 10280 requires_config_enabled MBEDTLS_DEBUG_C 10281 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10282 requires_config_enabled PSA_WANT_ALG_ECDH 10283 requires_config_enabled MBEDTLS_SSL_CLI_C 10284 requires_config_enabled MBEDTLS_DEBUG_C 10285 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10286 requires_config_enabled PSA_WANT_ALG_ECDH 10287 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 10288 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10289 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 10290 0 \ 10291 -s "Protocol is TLSv1.3" \ 10292 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10293 -s "received signature algorithm: 0x503" \ 10294 -s "got named group: secp384r1(0018)" \ 10295 -s "Certificate verification was skipped" \ 10296 -c "Protocol is TLSv1.3" \ 10297 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10298 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 10299 -c "NamedGroup: secp384r1 ( 18 )" \ 10300 -c "Verifying peer X.509 certificate... ok" \ 10301 -C "received HelloRetryRequest message" 10302 10303 requires_config_enabled MBEDTLS_SSL_SRV_C 10304 requires_config_enabled MBEDTLS_DEBUG_C 10305 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10306 requires_config_enabled PSA_WANT_ALG_ECDH 10307 requires_config_enabled MBEDTLS_SSL_CLI_C 10308 requires_config_enabled MBEDTLS_DEBUG_C 10309 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10310 requires_config_enabled PSA_WANT_ALG_ECDH 10311 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 10312 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10313 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 10314 0 \ 10315 -s "Protocol is TLSv1.3" \ 10316 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10317 -s "received signature algorithm: 0x603" \ 10318 -s "got named group: secp384r1(0018)" \ 10319 -s "Certificate verification was skipped" \ 10320 -c "Protocol is TLSv1.3" \ 10321 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10322 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 10323 -c "NamedGroup: secp384r1 ( 18 )" \ 10324 -c "Verifying peer X.509 certificate... ok" \ 10325 -C "received HelloRetryRequest message" 10326 10327 requires_config_enabled MBEDTLS_SSL_SRV_C 10328 requires_config_enabled MBEDTLS_DEBUG_C 10329 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10330 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10331 requires_config_enabled PSA_WANT_ALG_ECDH 10332 requires_config_enabled MBEDTLS_SSL_CLI_C 10333 requires_config_enabled MBEDTLS_DEBUG_C 10334 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10335 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10336 requires_config_enabled PSA_WANT_ALG_ECDH 10337 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 10338 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10339 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 10340 0 \ 10341 -s "Protocol is TLSv1.3" \ 10342 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10343 -s "received signature algorithm: 0x804" \ 10344 -s "got named group: secp384r1(0018)" \ 10345 -s "Certificate verification was skipped" \ 10346 -c "Protocol is TLSv1.3" \ 10347 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10348 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 10349 -c "NamedGroup: secp384r1 ( 18 )" \ 10350 -c "Verifying peer X.509 certificate... ok" \ 10351 -C "received HelloRetryRequest message" 10352 10353 requires_config_enabled MBEDTLS_SSL_SRV_C 10354 requires_config_enabled MBEDTLS_DEBUG_C 10355 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10356 requires_config_enabled PSA_WANT_ALG_ECDH 10357 requires_config_enabled MBEDTLS_SSL_CLI_C 10358 requires_config_enabled MBEDTLS_DEBUG_C 10359 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10360 requires_config_enabled PSA_WANT_ALG_ECDH 10361 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 10362 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10363 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 10364 0 \ 10365 -s "Protocol is TLSv1.3" \ 10366 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10367 -s "received signature algorithm: 0x403" \ 10368 -s "got named group: secp521r1(0019)" \ 10369 -s "Certificate verification was skipped" \ 10370 -c "Protocol is TLSv1.3" \ 10371 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10372 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 10373 -c "NamedGroup: secp521r1 ( 19 )" \ 10374 -c "Verifying peer X.509 certificate... ok" \ 10375 -C "received HelloRetryRequest message" 10376 10377 requires_config_enabled MBEDTLS_SSL_SRV_C 10378 requires_config_enabled MBEDTLS_DEBUG_C 10379 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10380 requires_config_enabled PSA_WANT_ALG_ECDH 10381 requires_config_enabled MBEDTLS_SSL_CLI_C 10382 requires_config_enabled MBEDTLS_DEBUG_C 10383 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10384 requires_config_enabled PSA_WANT_ALG_ECDH 10385 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 10386 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10387 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 10388 0 \ 10389 -s "Protocol is TLSv1.3" \ 10390 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10391 -s "received signature algorithm: 0x503" \ 10392 -s "got named group: secp521r1(0019)" \ 10393 -s "Certificate verification was skipped" \ 10394 -c "Protocol is TLSv1.3" \ 10395 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10396 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 10397 -c "NamedGroup: secp521r1 ( 19 )" \ 10398 -c "Verifying peer X.509 certificate... ok" \ 10399 -C "received HelloRetryRequest message" 10400 10401 requires_config_enabled MBEDTLS_SSL_SRV_C 10402 requires_config_enabled MBEDTLS_DEBUG_C 10403 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10404 requires_config_enabled PSA_WANT_ALG_ECDH 10405 requires_config_enabled MBEDTLS_SSL_CLI_C 10406 requires_config_enabled MBEDTLS_DEBUG_C 10407 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10408 requires_config_enabled PSA_WANT_ALG_ECDH 10409 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 10410 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10411 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 10412 0 \ 10413 -s "Protocol is TLSv1.3" \ 10414 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10415 -s "received signature algorithm: 0x603" \ 10416 -s "got named group: secp521r1(0019)" \ 10417 -s "Certificate verification was skipped" \ 10418 -c "Protocol is TLSv1.3" \ 10419 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10420 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 10421 -c "NamedGroup: secp521r1 ( 19 )" \ 10422 -c "Verifying peer X.509 certificate... ok" \ 10423 -C "received HelloRetryRequest message" 10424 10425 requires_config_enabled MBEDTLS_SSL_SRV_C 10426 requires_config_enabled MBEDTLS_DEBUG_C 10427 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10428 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10429 requires_config_enabled PSA_WANT_ALG_ECDH 10430 requires_config_enabled MBEDTLS_SSL_CLI_C 10431 requires_config_enabled MBEDTLS_DEBUG_C 10432 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10433 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10434 requires_config_enabled PSA_WANT_ALG_ECDH 10435 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 10436 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10437 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 10438 0 \ 10439 -s "Protocol is TLSv1.3" \ 10440 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10441 -s "received signature algorithm: 0x804" \ 10442 -s "got named group: secp521r1(0019)" \ 10443 -s "Certificate verification was skipped" \ 10444 -c "Protocol is TLSv1.3" \ 10445 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10446 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 10447 -c "NamedGroup: secp521r1 ( 19 )" \ 10448 -c "Verifying peer X.509 certificate... ok" \ 10449 -C "received HelloRetryRequest message" 10450 10451 requires_config_enabled MBEDTLS_SSL_SRV_C 10452 requires_config_enabled MBEDTLS_DEBUG_C 10453 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10454 requires_config_enabled PSA_WANT_ALG_ECDH 10455 requires_config_enabled MBEDTLS_SSL_CLI_C 10456 requires_config_enabled MBEDTLS_DEBUG_C 10457 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10458 requires_config_enabled PSA_WANT_ALG_ECDH 10459 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \ 10460 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10461 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 10462 0 \ 10463 -s "Protocol is TLSv1.3" \ 10464 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10465 -s "received signature algorithm: 0x403" \ 10466 -s "got named group: x25519(001d)" \ 10467 -s "Certificate verification was skipped" \ 10468 -c "Protocol is TLSv1.3" \ 10469 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10470 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 10471 -c "NamedGroup: x25519 ( 1d )" \ 10472 -c "Verifying peer X.509 certificate... ok" \ 10473 -C "received HelloRetryRequest message" 10474 10475 requires_config_enabled MBEDTLS_SSL_SRV_C 10476 requires_config_enabled MBEDTLS_DEBUG_C 10477 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10478 requires_config_enabled PSA_WANT_ALG_ECDH 10479 requires_config_enabled MBEDTLS_SSL_CLI_C 10480 requires_config_enabled MBEDTLS_DEBUG_C 10481 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10482 requires_config_enabled PSA_WANT_ALG_ECDH 10483 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \ 10484 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10485 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 10486 0 \ 10487 -s "Protocol is TLSv1.3" \ 10488 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10489 -s "received signature algorithm: 0x503" \ 10490 -s "got named group: x25519(001d)" \ 10491 -s "Certificate verification was skipped" \ 10492 -c "Protocol is TLSv1.3" \ 10493 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10494 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 10495 -c "NamedGroup: x25519 ( 1d )" \ 10496 -c "Verifying peer X.509 certificate... ok" \ 10497 -C "received HelloRetryRequest message" 10498 10499 requires_config_enabled MBEDTLS_SSL_SRV_C 10500 requires_config_enabled MBEDTLS_DEBUG_C 10501 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10502 requires_config_enabled PSA_WANT_ALG_ECDH 10503 requires_config_enabled MBEDTLS_SSL_CLI_C 10504 requires_config_enabled MBEDTLS_DEBUG_C 10505 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10506 requires_config_enabled PSA_WANT_ALG_ECDH 10507 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \ 10508 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10509 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 10510 0 \ 10511 -s "Protocol is TLSv1.3" \ 10512 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10513 -s "received signature algorithm: 0x603" \ 10514 -s "got named group: x25519(001d)" \ 10515 -s "Certificate verification was skipped" \ 10516 -c "Protocol is TLSv1.3" \ 10517 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10518 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 10519 -c "NamedGroup: x25519 ( 1d )" \ 10520 -c "Verifying peer X.509 certificate... ok" \ 10521 -C "received HelloRetryRequest message" 10522 10523 requires_config_enabled MBEDTLS_SSL_SRV_C 10524 requires_config_enabled MBEDTLS_DEBUG_C 10525 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10526 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10527 requires_config_enabled PSA_WANT_ALG_ECDH 10528 requires_config_enabled MBEDTLS_SSL_CLI_C 10529 requires_config_enabled MBEDTLS_DEBUG_C 10530 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10531 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10532 requires_config_enabled PSA_WANT_ALG_ECDH 10533 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \ 10534 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10535 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 10536 0 \ 10537 -s "Protocol is TLSv1.3" \ 10538 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10539 -s "received signature algorithm: 0x804" \ 10540 -s "got named group: x25519(001d)" \ 10541 -s "Certificate verification was skipped" \ 10542 -c "Protocol is TLSv1.3" \ 10543 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10544 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 10545 -c "NamedGroup: x25519 ( 1d )" \ 10546 -c "Verifying peer X.509 certificate... ok" \ 10547 -C "received HelloRetryRequest message" 10548 10549 requires_config_enabled MBEDTLS_SSL_SRV_C 10550 requires_config_enabled MBEDTLS_DEBUG_C 10551 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10552 requires_config_enabled PSA_WANT_ALG_ECDH 10553 requires_config_enabled MBEDTLS_SSL_CLI_C 10554 requires_config_enabled MBEDTLS_DEBUG_C 10555 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10556 requires_config_enabled PSA_WANT_ALG_ECDH 10557 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \ 10558 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10559 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 10560 0 \ 10561 -s "Protocol is TLSv1.3" \ 10562 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10563 -s "received signature algorithm: 0x403" \ 10564 -s "got named group: x448(001e)" \ 10565 -s "Certificate verification was skipped" \ 10566 -c "Protocol is TLSv1.3" \ 10567 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10568 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 10569 -c "NamedGroup: x448 ( 1e )" \ 10570 -c "Verifying peer X.509 certificate... ok" \ 10571 -C "received HelloRetryRequest message" 10572 10573 requires_config_enabled MBEDTLS_SSL_SRV_C 10574 requires_config_enabled MBEDTLS_DEBUG_C 10575 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10576 requires_config_enabled PSA_WANT_ALG_ECDH 10577 requires_config_enabled MBEDTLS_SSL_CLI_C 10578 requires_config_enabled MBEDTLS_DEBUG_C 10579 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10580 requires_config_enabled PSA_WANT_ALG_ECDH 10581 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \ 10582 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10583 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 10584 0 \ 10585 -s "Protocol is TLSv1.3" \ 10586 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10587 -s "received signature algorithm: 0x503" \ 10588 -s "got named group: x448(001e)" \ 10589 -s "Certificate verification was skipped" \ 10590 -c "Protocol is TLSv1.3" \ 10591 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10592 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 10593 -c "NamedGroup: x448 ( 1e )" \ 10594 -c "Verifying peer X.509 certificate... ok" \ 10595 -C "received HelloRetryRequest message" 10596 10597 requires_config_enabled MBEDTLS_SSL_SRV_C 10598 requires_config_enabled MBEDTLS_DEBUG_C 10599 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10600 requires_config_enabled PSA_WANT_ALG_ECDH 10601 requires_config_enabled MBEDTLS_SSL_CLI_C 10602 requires_config_enabled MBEDTLS_DEBUG_C 10603 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10604 requires_config_enabled PSA_WANT_ALG_ECDH 10605 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \ 10606 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10607 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 10608 0 \ 10609 -s "Protocol is TLSv1.3" \ 10610 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10611 -s "received signature algorithm: 0x603" \ 10612 -s "got named group: x448(001e)" \ 10613 -s "Certificate verification was skipped" \ 10614 -c "Protocol is TLSv1.3" \ 10615 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10616 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 10617 -c "NamedGroup: x448 ( 1e )" \ 10618 -c "Verifying peer X.509 certificate... ok" \ 10619 -C "received HelloRetryRequest message" 10620 10621 requires_config_enabled MBEDTLS_SSL_SRV_C 10622 requires_config_enabled MBEDTLS_DEBUG_C 10623 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10624 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10625 requires_config_enabled PSA_WANT_ALG_ECDH 10626 requires_config_enabled MBEDTLS_SSL_CLI_C 10627 requires_config_enabled MBEDTLS_DEBUG_C 10628 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10629 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10630 requires_config_enabled PSA_WANT_ALG_ECDH 10631 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \ 10632 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10633 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 10634 0 \ 10635 -s "Protocol is TLSv1.3" \ 10636 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10637 -s "received signature algorithm: 0x804" \ 10638 -s "got named group: x448(001e)" \ 10639 -s "Certificate verification was skipped" \ 10640 -c "Protocol is TLSv1.3" \ 10641 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10642 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 10643 -c "NamedGroup: x448 ( 1e )" \ 10644 -c "Verifying peer X.509 certificate... ok" \ 10645 -C "received HelloRetryRequest message" 10646 10647 requires_config_enabled MBEDTLS_SSL_SRV_C 10648 requires_config_enabled MBEDTLS_DEBUG_C 10649 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10650 requires_config_enabled PSA_WANT_ALG_FFDH 10651 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10652 requires_config_enabled MBEDTLS_SSL_CLI_C 10653 requires_config_enabled MBEDTLS_DEBUG_C 10654 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10655 requires_config_enabled PSA_WANT_ALG_FFDH 10656 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10657 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 10658 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10659 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 10660 0 \ 10661 -s "Protocol is TLSv1.3" \ 10662 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10663 -s "received signature algorithm: 0x403" \ 10664 -s "got named group: ffdhe2048(0100)" \ 10665 -s "Certificate verification was skipped" \ 10666 -c "Protocol is TLSv1.3" \ 10667 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10668 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 10669 -c "NamedGroup: ffdhe2048 ( 100 )" \ 10670 -c "Verifying peer X.509 certificate... ok" \ 10671 -C "received HelloRetryRequest message" 10672 10673 requires_config_enabled MBEDTLS_SSL_SRV_C 10674 requires_config_enabled MBEDTLS_DEBUG_C 10675 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10676 requires_config_enabled PSA_WANT_ALG_FFDH 10677 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10678 requires_config_enabled MBEDTLS_SSL_CLI_C 10679 requires_config_enabled MBEDTLS_DEBUG_C 10680 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10681 requires_config_enabled PSA_WANT_ALG_FFDH 10682 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10683 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 10684 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10685 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 10686 0 \ 10687 -s "Protocol is TLSv1.3" \ 10688 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10689 -s "received signature algorithm: 0x503" \ 10690 -s "got named group: ffdhe2048(0100)" \ 10691 -s "Certificate verification was skipped" \ 10692 -c "Protocol is TLSv1.3" \ 10693 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10694 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 10695 -c "NamedGroup: ffdhe2048 ( 100 )" \ 10696 -c "Verifying peer X.509 certificate... ok" \ 10697 -C "received HelloRetryRequest message" 10698 10699 requires_config_enabled MBEDTLS_SSL_SRV_C 10700 requires_config_enabled MBEDTLS_DEBUG_C 10701 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10702 requires_config_enabled PSA_WANT_ALG_FFDH 10703 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10704 requires_config_enabled MBEDTLS_SSL_CLI_C 10705 requires_config_enabled MBEDTLS_DEBUG_C 10706 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10707 requires_config_enabled PSA_WANT_ALG_FFDH 10708 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10709 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 10710 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10711 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 10712 0 \ 10713 -s "Protocol is TLSv1.3" \ 10714 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10715 -s "received signature algorithm: 0x603" \ 10716 -s "got named group: ffdhe2048(0100)" \ 10717 -s "Certificate verification was skipped" \ 10718 -c "Protocol is TLSv1.3" \ 10719 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10720 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 10721 -c "NamedGroup: ffdhe2048 ( 100 )" \ 10722 -c "Verifying peer X.509 certificate... ok" \ 10723 -C "received HelloRetryRequest message" 10724 10725 requires_config_enabled MBEDTLS_SSL_SRV_C 10726 requires_config_enabled MBEDTLS_DEBUG_C 10727 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10728 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10729 requires_config_enabled PSA_WANT_ALG_FFDH 10730 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10731 requires_config_enabled MBEDTLS_SSL_CLI_C 10732 requires_config_enabled MBEDTLS_DEBUG_C 10733 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10734 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10735 requires_config_enabled PSA_WANT_ALG_FFDH 10736 requires_config_enabled PSA_WANT_DH_RFC7919_2048 10737 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 10738 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10739 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 10740 0 \ 10741 -s "Protocol is TLSv1.3" \ 10742 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \ 10743 -s "received signature algorithm: 0x804" \ 10744 -s "got named group: ffdhe2048(0100)" \ 10745 -s "Certificate verification was skipped" \ 10746 -c "Protocol is TLSv1.3" \ 10747 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \ 10748 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 10749 -c "NamedGroup: ffdhe2048 ( 100 )" \ 10750 -c "Verifying peer X.509 certificate... ok" \ 10751 -C "received HelloRetryRequest message" 10752 10753 requires_config_enabled MBEDTLS_SSL_SRV_C 10754 requires_config_enabled MBEDTLS_DEBUG_C 10755 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10756 requires_config_enabled PSA_WANT_ALG_ECDH 10757 requires_config_enabled MBEDTLS_SSL_CLI_C 10758 requires_config_enabled MBEDTLS_DEBUG_C 10759 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10760 requires_config_enabled PSA_WANT_ALG_ECDH 10761 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \ 10762 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10763 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \ 10764 0 \ 10765 -s "Protocol is TLSv1.3" \ 10766 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 10767 -s "received signature algorithm: 0x403" \ 10768 -s "got named group: secp256r1(0017)" \ 10769 -s "Certificate verification was skipped" \ 10770 -c "Protocol is TLSv1.3" \ 10771 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 10772 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 10773 -c "NamedGroup: secp256r1 ( 17 )" \ 10774 -c "Verifying peer X.509 certificate... ok" \ 10775 -C "received HelloRetryRequest message" 10776 10777 requires_config_enabled MBEDTLS_SSL_SRV_C 10778 requires_config_enabled MBEDTLS_DEBUG_C 10779 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10780 requires_config_enabled PSA_WANT_ALG_ECDH 10781 requires_config_enabled MBEDTLS_SSL_CLI_C 10782 requires_config_enabled MBEDTLS_DEBUG_C 10783 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10784 requires_config_enabled PSA_WANT_ALG_ECDH 10785 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \ 10786 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10787 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \ 10788 0 \ 10789 -s "Protocol is TLSv1.3" \ 10790 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 10791 -s "received signature algorithm: 0x503" \ 10792 -s "got named group: secp256r1(0017)" \ 10793 -s "Certificate verification was skipped" \ 10794 -c "Protocol is TLSv1.3" \ 10795 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 10796 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 10797 -c "NamedGroup: secp256r1 ( 17 )" \ 10798 -c "Verifying peer X.509 certificate... ok" \ 10799 -C "received HelloRetryRequest message" 10800 10801 requires_config_enabled MBEDTLS_SSL_SRV_C 10802 requires_config_enabled MBEDTLS_DEBUG_C 10803 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10804 requires_config_enabled PSA_WANT_ALG_ECDH 10805 requires_config_enabled MBEDTLS_SSL_CLI_C 10806 requires_config_enabled MBEDTLS_DEBUG_C 10807 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10808 requires_config_enabled PSA_WANT_ALG_ECDH 10809 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \ 10810 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10811 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \ 10812 0 \ 10813 -s "Protocol is TLSv1.3" \ 10814 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 10815 -s "received signature algorithm: 0x603" \ 10816 -s "got named group: secp256r1(0017)" \ 10817 -s "Certificate verification was skipped" \ 10818 -c "Protocol is TLSv1.3" \ 10819 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 10820 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 10821 -c "NamedGroup: secp256r1 ( 17 )" \ 10822 -c "Verifying peer X.509 certificate... ok" \ 10823 -C "received HelloRetryRequest message" 10824 10825 requires_config_enabled MBEDTLS_SSL_SRV_C 10826 requires_config_enabled MBEDTLS_DEBUG_C 10827 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10828 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10829 requires_config_enabled PSA_WANT_ALG_ECDH 10830 requires_config_enabled MBEDTLS_SSL_CLI_C 10831 requires_config_enabled MBEDTLS_DEBUG_C 10832 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10833 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10834 requires_config_enabled PSA_WANT_ALG_ECDH 10835 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \ 10836 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10837 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \ 10838 0 \ 10839 -s "Protocol is TLSv1.3" \ 10840 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 10841 -s "received signature algorithm: 0x804" \ 10842 -s "got named group: secp256r1(0017)" \ 10843 -s "Certificate verification was skipped" \ 10844 -c "Protocol is TLSv1.3" \ 10845 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 10846 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 10847 -c "NamedGroup: secp256r1 ( 17 )" \ 10848 -c "Verifying peer X.509 certificate... ok" \ 10849 -C "received HelloRetryRequest message" 10850 10851 requires_config_enabled MBEDTLS_SSL_SRV_C 10852 requires_config_enabled MBEDTLS_DEBUG_C 10853 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10854 requires_config_enabled PSA_WANT_ALG_ECDH 10855 requires_config_enabled MBEDTLS_SSL_CLI_C 10856 requires_config_enabled MBEDTLS_DEBUG_C 10857 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10858 requires_config_enabled PSA_WANT_ALG_ECDH 10859 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \ 10860 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10861 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \ 10862 0 \ 10863 -s "Protocol is TLSv1.3" \ 10864 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 10865 -s "received signature algorithm: 0x403" \ 10866 -s "got named group: secp384r1(0018)" \ 10867 -s "Certificate verification was skipped" \ 10868 -c "Protocol is TLSv1.3" \ 10869 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 10870 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 10871 -c "NamedGroup: secp384r1 ( 18 )" \ 10872 -c "Verifying peer X.509 certificate... ok" \ 10873 -C "received HelloRetryRequest message" 10874 10875 requires_config_enabled MBEDTLS_SSL_SRV_C 10876 requires_config_enabled MBEDTLS_DEBUG_C 10877 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10878 requires_config_enabled PSA_WANT_ALG_ECDH 10879 requires_config_enabled MBEDTLS_SSL_CLI_C 10880 requires_config_enabled MBEDTLS_DEBUG_C 10881 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10882 requires_config_enabled PSA_WANT_ALG_ECDH 10883 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \ 10884 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10885 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \ 10886 0 \ 10887 -s "Protocol is TLSv1.3" \ 10888 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 10889 -s "received signature algorithm: 0x503" \ 10890 -s "got named group: secp384r1(0018)" \ 10891 -s "Certificate verification was skipped" \ 10892 -c "Protocol is TLSv1.3" \ 10893 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 10894 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 10895 -c "NamedGroup: secp384r1 ( 18 )" \ 10896 -c "Verifying peer X.509 certificate... ok" \ 10897 -C "received HelloRetryRequest message" 10898 10899 requires_config_enabled MBEDTLS_SSL_SRV_C 10900 requires_config_enabled MBEDTLS_DEBUG_C 10901 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10902 requires_config_enabled PSA_WANT_ALG_ECDH 10903 requires_config_enabled MBEDTLS_SSL_CLI_C 10904 requires_config_enabled MBEDTLS_DEBUG_C 10905 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10906 requires_config_enabled PSA_WANT_ALG_ECDH 10907 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \ 10908 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10909 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \ 10910 0 \ 10911 -s "Protocol is TLSv1.3" \ 10912 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 10913 -s "received signature algorithm: 0x603" \ 10914 -s "got named group: secp384r1(0018)" \ 10915 -s "Certificate verification was skipped" \ 10916 -c "Protocol is TLSv1.3" \ 10917 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 10918 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 10919 -c "NamedGroup: secp384r1 ( 18 )" \ 10920 -c "Verifying peer X.509 certificate... ok" \ 10921 -C "received HelloRetryRequest message" 10922 10923 requires_config_enabled MBEDTLS_SSL_SRV_C 10924 requires_config_enabled MBEDTLS_DEBUG_C 10925 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10926 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10927 requires_config_enabled PSA_WANT_ALG_ECDH 10928 requires_config_enabled MBEDTLS_SSL_CLI_C 10929 requires_config_enabled MBEDTLS_DEBUG_C 10930 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10931 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 10932 requires_config_enabled PSA_WANT_ALG_ECDH 10933 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \ 10934 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10935 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \ 10936 0 \ 10937 -s "Protocol is TLSv1.3" \ 10938 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 10939 -s "received signature algorithm: 0x804" \ 10940 -s "got named group: secp384r1(0018)" \ 10941 -s "Certificate verification was skipped" \ 10942 -c "Protocol is TLSv1.3" \ 10943 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 10944 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 10945 -c "NamedGroup: secp384r1 ( 18 )" \ 10946 -c "Verifying peer X.509 certificate... ok" \ 10947 -C "received HelloRetryRequest message" 10948 10949 requires_config_enabled MBEDTLS_SSL_SRV_C 10950 requires_config_enabled MBEDTLS_DEBUG_C 10951 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10952 requires_config_enabled PSA_WANT_ALG_ECDH 10953 requires_config_enabled MBEDTLS_SSL_CLI_C 10954 requires_config_enabled MBEDTLS_DEBUG_C 10955 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10956 requires_config_enabled PSA_WANT_ALG_ECDH 10957 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \ 10958 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10959 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \ 10960 0 \ 10961 -s "Protocol is TLSv1.3" \ 10962 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 10963 -s "received signature algorithm: 0x403" \ 10964 -s "got named group: secp521r1(0019)" \ 10965 -s "Certificate verification was skipped" \ 10966 -c "Protocol is TLSv1.3" \ 10967 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 10968 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 10969 -c "NamedGroup: secp521r1 ( 19 )" \ 10970 -c "Verifying peer X.509 certificate... ok" \ 10971 -C "received HelloRetryRequest message" 10972 10973 requires_config_enabled MBEDTLS_SSL_SRV_C 10974 requires_config_enabled MBEDTLS_DEBUG_C 10975 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10976 requires_config_enabled PSA_WANT_ALG_ECDH 10977 requires_config_enabled MBEDTLS_SSL_CLI_C 10978 requires_config_enabled MBEDTLS_DEBUG_C 10979 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 10980 requires_config_enabled PSA_WANT_ALG_ECDH 10981 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \ 10982 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 10983 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \ 10984 0 \ 10985 -s "Protocol is TLSv1.3" \ 10986 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 10987 -s "received signature algorithm: 0x503" \ 10988 -s "got named group: secp521r1(0019)" \ 10989 -s "Certificate verification was skipped" \ 10990 -c "Protocol is TLSv1.3" \ 10991 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 10992 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 10993 -c "NamedGroup: secp521r1 ( 19 )" \ 10994 -c "Verifying peer X.509 certificate... ok" \ 10995 -C "received HelloRetryRequest message" 10996 10997 requires_config_enabled MBEDTLS_SSL_SRV_C 10998 requires_config_enabled MBEDTLS_DEBUG_C 10999 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11000 requires_config_enabled PSA_WANT_ALG_ECDH 11001 requires_config_enabled MBEDTLS_SSL_CLI_C 11002 requires_config_enabled MBEDTLS_DEBUG_C 11003 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11004 requires_config_enabled PSA_WANT_ALG_ECDH 11005 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \ 11006 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11007 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \ 11008 0 \ 11009 -s "Protocol is TLSv1.3" \ 11010 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11011 -s "received signature algorithm: 0x603" \ 11012 -s "got named group: secp521r1(0019)" \ 11013 -s "Certificate verification was skipped" \ 11014 -c "Protocol is TLSv1.3" \ 11015 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11016 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 11017 -c "NamedGroup: secp521r1 ( 19 )" \ 11018 -c "Verifying peer X.509 certificate... ok" \ 11019 -C "received HelloRetryRequest message" 11020 11021 requires_config_enabled MBEDTLS_SSL_SRV_C 11022 requires_config_enabled MBEDTLS_DEBUG_C 11023 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11024 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 11025 requires_config_enabled PSA_WANT_ALG_ECDH 11026 requires_config_enabled MBEDTLS_SSL_CLI_C 11027 requires_config_enabled MBEDTLS_DEBUG_C 11028 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11029 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 11030 requires_config_enabled PSA_WANT_ALG_ECDH 11031 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \ 11032 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11033 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \ 11034 0 \ 11035 -s "Protocol is TLSv1.3" \ 11036 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11037 -s "received signature algorithm: 0x804" \ 11038 -s "got named group: secp521r1(0019)" \ 11039 -s "Certificate verification was skipped" \ 11040 -c "Protocol is TLSv1.3" \ 11041 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11042 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 11043 -c "NamedGroup: secp521r1 ( 19 )" \ 11044 -c "Verifying peer X.509 certificate... ok" \ 11045 -C "received HelloRetryRequest message" 11046 11047 requires_config_enabled MBEDTLS_SSL_SRV_C 11048 requires_config_enabled MBEDTLS_DEBUG_C 11049 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11050 requires_config_enabled PSA_WANT_ALG_ECDH 11051 requires_config_enabled MBEDTLS_SSL_CLI_C 11052 requires_config_enabled MBEDTLS_DEBUG_C 11053 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11054 requires_config_enabled PSA_WANT_ALG_ECDH 11055 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \ 11056 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11057 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \ 11058 0 \ 11059 -s "Protocol is TLSv1.3" \ 11060 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11061 -s "received signature algorithm: 0x403" \ 11062 -s "got named group: x25519(001d)" \ 11063 -s "Certificate verification was skipped" \ 11064 -c "Protocol is TLSv1.3" \ 11065 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11066 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 11067 -c "NamedGroup: x25519 ( 1d )" \ 11068 -c "Verifying peer X.509 certificate... ok" \ 11069 -C "received HelloRetryRequest message" 11070 11071 requires_config_enabled MBEDTLS_SSL_SRV_C 11072 requires_config_enabled MBEDTLS_DEBUG_C 11073 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11074 requires_config_enabled PSA_WANT_ALG_ECDH 11075 requires_config_enabled MBEDTLS_SSL_CLI_C 11076 requires_config_enabled MBEDTLS_DEBUG_C 11077 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11078 requires_config_enabled PSA_WANT_ALG_ECDH 11079 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \ 11080 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11081 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \ 11082 0 \ 11083 -s "Protocol is TLSv1.3" \ 11084 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11085 -s "received signature algorithm: 0x503" \ 11086 -s "got named group: x25519(001d)" \ 11087 -s "Certificate verification was skipped" \ 11088 -c "Protocol is TLSv1.3" \ 11089 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11090 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 11091 -c "NamedGroup: x25519 ( 1d )" \ 11092 -c "Verifying peer X.509 certificate... ok" \ 11093 -C "received HelloRetryRequest message" 11094 11095 requires_config_enabled MBEDTLS_SSL_SRV_C 11096 requires_config_enabled MBEDTLS_DEBUG_C 11097 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11098 requires_config_enabled PSA_WANT_ALG_ECDH 11099 requires_config_enabled MBEDTLS_SSL_CLI_C 11100 requires_config_enabled MBEDTLS_DEBUG_C 11101 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11102 requires_config_enabled PSA_WANT_ALG_ECDH 11103 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \ 11104 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11105 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \ 11106 0 \ 11107 -s "Protocol is TLSv1.3" \ 11108 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11109 -s "received signature algorithm: 0x603" \ 11110 -s "got named group: x25519(001d)" \ 11111 -s "Certificate verification was skipped" \ 11112 -c "Protocol is TLSv1.3" \ 11113 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11114 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 11115 -c "NamedGroup: x25519 ( 1d )" \ 11116 -c "Verifying peer X.509 certificate... ok" \ 11117 -C "received HelloRetryRequest message" 11118 11119 requires_config_enabled MBEDTLS_SSL_SRV_C 11120 requires_config_enabled MBEDTLS_DEBUG_C 11121 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11122 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 11123 requires_config_enabled PSA_WANT_ALG_ECDH 11124 requires_config_enabled MBEDTLS_SSL_CLI_C 11125 requires_config_enabled MBEDTLS_DEBUG_C 11126 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11127 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 11128 requires_config_enabled PSA_WANT_ALG_ECDH 11129 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \ 11130 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11131 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \ 11132 0 \ 11133 -s "Protocol is TLSv1.3" \ 11134 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11135 -s "received signature algorithm: 0x804" \ 11136 -s "got named group: x25519(001d)" \ 11137 -s "Certificate verification was skipped" \ 11138 -c "Protocol is TLSv1.3" \ 11139 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11140 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 11141 -c "NamedGroup: x25519 ( 1d )" \ 11142 -c "Verifying peer X.509 certificate... ok" \ 11143 -C "received HelloRetryRequest message" 11144 11145 requires_config_enabled MBEDTLS_SSL_SRV_C 11146 requires_config_enabled MBEDTLS_DEBUG_C 11147 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11148 requires_config_enabled PSA_WANT_ALG_ECDH 11149 requires_config_enabled MBEDTLS_SSL_CLI_C 11150 requires_config_enabled MBEDTLS_DEBUG_C 11151 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11152 requires_config_enabled PSA_WANT_ALG_ECDH 11153 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \ 11154 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11155 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \ 11156 0 \ 11157 -s "Protocol is TLSv1.3" \ 11158 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11159 -s "received signature algorithm: 0x403" \ 11160 -s "got named group: x448(001e)" \ 11161 -s "Certificate verification was skipped" \ 11162 -c "Protocol is TLSv1.3" \ 11163 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11164 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 11165 -c "NamedGroup: x448 ( 1e )" \ 11166 -c "Verifying peer X.509 certificate... ok" \ 11167 -C "received HelloRetryRequest message" 11168 11169 requires_config_enabled MBEDTLS_SSL_SRV_C 11170 requires_config_enabled MBEDTLS_DEBUG_C 11171 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11172 requires_config_enabled PSA_WANT_ALG_ECDH 11173 requires_config_enabled MBEDTLS_SSL_CLI_C 11174 requires_config_enabled MBEDTLS_DEBUG_C 11175 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11176 requires_config_enabled PSA_WANT_ALG_ECDH 11177 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \ 11178 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11179 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \ 11180 0 \ 11181 -s "Protocol is TLSv1.3" \ 11182 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11183 -s "received signature algorithm: 0x503" \ 11184 -s "got named group: x448(001e)" \ 11185 -s "Certificate verification was skipped" \ 11186 -c "Protocol is TLSv1.3" \ 11187 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11188 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 11189 -c "NamedGroup: x448 ( 1e )" \ 11190 -c "Verifying peer X.509 certificate... ok" \ 11191 -C "received HelloRetryRequest message" 11192 11193 requires_config_enabled MBEDTLS_SSL_SRV_C 11194 requires_config_enabled MBEDTLS_DEBUG_C 11195 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11196 requires_config_enabled PSA_WANT_ALG_ECDH 11197 requires_config_enabled MBEDTLS_SSL_CLI_C 11198 requires_config_enabled MBEDTLS_DEBUG_C 11199 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11200 requires_config_enabled PSA_WANT_ALG_ECDH 11201 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \ 11202 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11203 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \ 11204 0 \ 11205 -s "Protocol is TLSv1.3" \ 11206 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11207 -s "received signature algorithm: 0x603" \ 11208 -s "got named group: x448(001e)" \ 11209 -s "Certificate verification was skipped" \ 11210 -c "Protocol is TLSv1.3" \ 11211 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11212 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 11213 -c "NamedGroup: x448 ( 1e )" \ 11214 -c "Verifying peer X.509 certificate... ok" \ 11215 -C "received HelloRetryRequest message" 11216 11217 requires_config_enabled MBEDTLS_SSL_SRV_C 11218 requires_config_enabled MBEDTLS_DEBUG_C 11219 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11220 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 11221 requires_config_enabled PSA_WANT_ALG_ECDH 11222 requires_config_enabled MBEDTLS_SSL_CLI_C 11223 requires_config_enabled MBEDTLS_DEBUG_C 11224 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11225 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 11226 requires_config_enabled PSA_WANT_ALG_ECDH 11227 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ 11228 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11229 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \ 11230 0 \ 11231 -s "Protocol is TLSv1.3" \ 11232 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11233 -s "received signature algorithm: 0x804" \ 11234 -s "got named group: x448(001e)" \ 11235 -s "Certificate verification was skipped" \ 11236 -c "Protocol is TLSv1.3" \ 11237 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11238 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 11239 -c "NamedGroup: x448 ( 1e )" \ 11240 -c "Verifying peer X.509 certificate... ok" \ 11241 -C "received HelloRetryRequest message" 11242 11243 requires_config_enabled MBEDTLS_SSL_SRV_C 11244 requires_config_enabled MBEDTLS_DEBUG_C 11245 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11246 requires_config_enabled PSA_WANT_ALG_FFDH 11247 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11248 requires_config_enabled MBEDTLS_SSL_CLI_C 11249 requires_config_enabled MBEDTLS_DEBUG_C 11250 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11251 requires_config_enabled PSA_WANT_ALG_FFDH 11252 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11253 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ 11254 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11255 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ 11256 0 \ 11257 -s "Protocol is TLSv1.3" \ 11258 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11259 -s "received signature algorithm: 0x403" \ 11260 -s "got named group: ffdhe2048(0100)" \ 11261 -s "Certificate verification was skipped" \ 11262 -c "Protocol is TLSv1.3" \ 11263 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11264 -c "Certificate Verify: Signature algorithm ( 0403 )" \ 11265 -c "NamedGroup: ffdhe2048 ( 100 )" \ 11266 -c "Verifying peer X.509 certificate... ok" \ 11267 -C "received HelloRetryRequest message" 11268 11269 requires_config_enabled MBEDTLS_SSL_SRV_C 11270 requires_config_enabled MBEDTLS_DEBUG_C 11271 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11272 requires_config_enabled PSA_WANT_ALG_FFDH 11273 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11274 requires_config_enabled MBEDTLS_SSL_CLI_C 11275 requires_config_enabled MBEDTLS_DEBUG_C 11276 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11277 requires_config_enabled PSA_WANT_ALG_FFDH 11278 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11279 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ 11280 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11281 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ 11282 0 \ 11283 -s "Protocol is TLSv1.3" \ 11284 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11285 -s "received signature algorithm: 0x503" \ 11286 -s "got named group: ffdhe2048(0100)" \ 11287 -s "Certificate verification was skipped" \ 11288 -c "Protocol is TLSv1.3" \ 11289 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11290 -c "Certificate Verify: Signature algorithm ( 0503 )" \ 11291 -c "NamedGroup: ffdhe2048 ( 100 )" \ 11292 -c "Verifying peer X.509 certificate... ok" \ 11293 -C "received HelloRetryRequest message" 11294 11295 requires_config_enabled MBEDTLS_SSL_SRV_C 11296 requires_config_enabled MBEDTLS_DEBUG_C 11297 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11298 requires_config_enabled PSA_WANT_ALG_FFDH 11299 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11300 requires_config_enabled MBEDTLS_SSL_CLI_C 11301 requires_config_enabled MBEDTLS_DEBUG_C 11302 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11303 requires_config_enabled PSA_WANT_ALG_FFDH 11304 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11305 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ 11306 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11307 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ 11308 0 \ 11309 -s "Protocol is TLSv1.3" \ 11310 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11311 -s "received signature algorithm: 0x603" \ 11312 -s "got named group: ffdhe2048(0100)" \ 11313 -s "Certificate verification was skipped" \ 11314 -c "Protocol is TLSv1.3" \ 11315 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11316 -c "Certificate Verify: Signature algorithm ( 0603 )" \ 11317 -c "NamedGroup: ffdhe2048 ( 100 )" \ 11318 -c "Verifying peer X.509 certificate... ok" \ 11319 -C "received HelloRetryRequest message" 11320 11321 requires_config_enabled MBEDTLS_SSL_SRV_C 11322 requires_config_enabled MBEDTLS_DEBUG_C 11323 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11324 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 11325 requires_config_enabled PSA_WANT_ALG_FFDH 11326 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11327 requires_config_enabled MBEDTLS_SSL_CLI_C 11328 requires_config_enabled MBEDTLS_DEBUG_C 11329 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11330 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 11331 requires_config_enabled PSA_WANT_ALG_FFDH 11332 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11333 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ 11334 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11335 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ 11336 0 \ 11337 -s "Protocol is TLSv1.3" \ 11338 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \ 11339 -s "received signature algorithm: 0x804" \ 11340 -s "got named group: ffdhe2048(0100)" \ 11341 -s "Certificate verification was skipped" \ 11342 -c "Protocol is TLSv1.3" \ 11343 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \ 11344 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 11345 -c "NamedGroup: ffdhe2048 ( 100 )" \ 11346 -c "Verifying peer X.509 certificate... ok" \ 11347 -C "received HelloRetryRequest message" 11348 11349 requires_config_enabled MBEDTLS_SSL_SRV_C 11350 requires_config_enabled MBEDTLS_DEBUG_C 11351 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11352 requires_config_enabled PSA_WANT_ALG_ECDH 11353 requires_openssl_tls1_3 11354 run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \ 11355 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11356 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \ 11357 0 \ 11358 -s "Protocol is TLSv1.3" \ 11359 -s "got named group: secp384r1(0018)" \ 11360 -s "Certificate verification was skipped" \ 11361 -s "HRR selected_group: secp384r1" 11362 11363 requires_config_enabled MBEDTLS_SSL_SRV_C 11364 requires_config_enabled MBEDTLS_DEBUG_C 11365 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11366 requires_config_enabled PSA_WANT_ALG_ECDH 11367 requires_openssl_tls1_3 11368 run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \ 11369 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11370 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \ 11371 0 \ 11372 -s "Protocol is TLSv1.3" \ 11373 -s "got named group: secp521r1(0019)" \ 11374 -s "Certificate verification was skipped" \ 11375 -s "HRR selected_group: secp521r1" 11376 11377 requires_config_enabled MBEDTLS_SSL_SRV_C 11378 requires_config_enabled MBEDTLS_DEBUG_C 11379 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11380 requires_config_enabled PSA_WANT_ALG_ECDH 11381 requires_openssl_tls1_3 11382 run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \ 11383 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11384 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \ 11385 0 \ 11386 -s "Protocol is TLSv1.3" \ 11387 -s "got named group: x25519(001d)" \ 11388 -s "Certificate verification was skipped" \ 11389 -s "HRR selected_group: x25519" 11390 11391 requires_config_enabled MBEDTLS_SSL_SRV_C 11392 requires_config_enabled MBEDTLS_DEBUG_C 11393 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11394 requires_config_enabled PSA_WANT_ALG_ECDH 11395 requires_openssl_tls1_3 11396 run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \ 11397 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11398 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \ 11399 0 \ 11400 -s "Protocol is TLSv1.3" \ 11401 -s "got named group: x448(001e)" \ 11402 -s "Certificate verification was skipped" \ 11403 -s "HRR selected_group: x448" 11404 11405 requires_config_enabled MBEDTLS_SSL_SRV_C 11406 requires_config_enabled MBEDTLS_DEBUG_C 11407 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11408 requires_config_enabled PSA_WANT_ALG_FFDH 11409 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11410 requires_openssl_tls1_3_with_ffdh 11411 run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \ 11412 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11413 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:ffdhe2048 -msg -tls1_3" \ 11414 0 \ 11415 -s "Protocol is TLSv1.3" \ 11416 -s "got named group: ffdhe2048(0100)" \ 11417 -s "Certificate verification was skipped" \ 11418 -s "HRR selected_group: ffdhe2048" 11419 11420 requires_config_enabled MBEDTLS_SSL_SRV_C 11421 requires_config_enabled MBEDTLS_DEBUG_C 11422 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11423 requires_config_enabled PSA_WANT_ALG_ECDH 11424 requires_openssl_tls1_3 11425 run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \ 11426 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11427 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \ 11428 0 \ 11429 -s "Protocol is TLSv1.3" \ 11430 -s "got named group: secp256r1(0017)" \ 11431 -s "Certificate verification was skipped" \ 11432 -s "HRR selected_group: secp256r1" 11433 11434 requires_config_enabled MBEDTLS_SSL_SRV_C 11435 requires_config_enabled MBEDTLS_DEBUG_C 11436 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11437 requires_config_enabled PSA_WANT_ALG_ECDH 11438 requires_openssl_tls1_3 11439 run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \ 11440 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11441 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \ 11442 0 \ 11443 -s "Protocol is TLSv1.3" \ 11444 -s "got named group: secp521r1(0019)" \ 11445 -s "Certificate verification was skipped" \ 11446 -s "HRR selected_group: secp521r1" 11447 11448 requires_config_enabled MBEDTLS_SSL_SRV_C 11449 requires_config_enabled MBEDTLS_DEBUG_C 11450 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11451 requires_config_enabled PSA_WANT_ALG_ECDH 11452 requires_openssl_tls1_3 11453 run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \ 11454 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11455 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \ 11456 0 \ 11457 -s "Protocol is TLSv1.3" \ 11458 -s "got named group: x25519(001d)" \ 11459 -s "Certificate verification was skipped" \ 11460 -s "HRR selected_group: x25519" 11461 11462 requires_config_enabled MBEDTLS_SSL_SRV_C 11463 requires_config_enabled MBEDTLS_DEBUG_C 11464 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11465 requires_config_enabled PSA_WANT_ALG_ECDH 11466 requires_openssl_tls1_3 11467 run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \ 11468 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11469 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \ 11470 0 \ 11471 -s "Protocol is TLSv1.3" \ 11472 -s "got named group: x448(001e)" \ 11473 -s "Certificate verification was skipped" \ 11474 -s "HRR selected_group: x448" 11475 11476 requires_config_enabled MBEDTLS_SSL_SRV_C 11477 requires_config_enabled MBEDTLS_DEBUG_C 11478 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11479 requires_config_enabled PSA_WANT_ALG_FFDH 11480 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11481 requires_openssl_tls1_3_with_ffdh 11482 run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \ 11483 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11484 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:ffdhe2048 -msg -tls1_3" \ 11485 0 \ 11486 -s "Protocol is TLSv1.3" \ 11487 -s "got named group: ffdhe2048(0100)" \ 11488 -s "Certificate verification was skipped" \ 11489 -s "HRR selected_group: ffdhe2048" 11490 11491 requires_config_enabled MBEDTLS_SSL_SRV_C 11492 requires_config_enabled MBEDTLS_DEBUG_C 11493 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11494 requires_config_enabled PSA_WANT_ALG_ECDH 11495 requires_openssl_tls1_3 11496 run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \ 11497 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11498 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \ 11499 0 \ 11500 -s "Protocol is TLSv1.3" \ 11501 -s "got named group: secp256r1(0017)" \ 11502 -s "Certificate verification was skipped" \ 11503 -s "HRR selected_group: secp256r1" 11504 11505 requires_config_enabled MBEDTLS_SSL_SRV_C 11506 requires_config_enabled MBEDTLS_DEBUG_C 11507 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11508 requires_config_enabled PSA_WANT_ALG_ECDH 11509 requires_openssl_tls1_3 11510 run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \ 11511 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11512 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \ 11513 0 \ 11514 -s "Protocol is TLSv1.3" \ 11515 -s "got named group: secp384r1(0018)" \ 11516 -s "Certificate verification was skipped" \ 11517 -s "HRR selected_group: secp384r1" 11518 11519 requires_config_enabled MBEDTLS_SSL_SRV_C 11520 requires_config_enabled MBEDTLS_DEBUG_C 11521 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11522 requires_config_enabled PSA_WANT_ALG_ECDH 11523 requires_openssl_tls1_3 11524 run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \ 11525 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11526 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \ 11527 0 \ 11528 -s "Protocol is TLSv1.3" \ 11529 -s "got named group: x25519(001d)" \ 11530 -s "Certificate verification was skipped" \ 11531 -s "HRR selected_group: x25519" 11532 11533 requires_config_enabled MBEDTLS_SSL_SRV_C 11534 requires_config_enabled MBEDTLS_DEBUG_C 11535 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11536 requires_config_enabled PSA_WANT_ALG_ECDH 11537 requires_openssl_tls1_3 11538 run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \ 11539 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11540 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \ 11541 0 \ 11542 -s "Protocol is TLSv1.3" \ 11543 -s "got named group: x448(001e)" \ 11544 -s "Certificate verification was skipped" \ 11545 -s "HRR selected_group: x448" 11546 11547 requires_config_enabled MBEDTLS_SSL_SRV_C 11548 requires_config_enabled MBEDTLS_DEBUG_C 11549 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11550 requires_config_enabled PSA_WANT_ALG_FFDH 11551 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11552 requires_openssl_tls1_3_with_ffdh 11553 run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \ 11554 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11555 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:ffdhe2048 -msg -tls1_3" \ 11556 0 \ 11557 -s "Protocol is TLSv1.3" \ 11558 -s "got named group: ffdhe2048(0100)" \ 11559 -s "Certificate verification was skipped" \ 11560 -s "HRR selected_group: ffdhe2048" 11561 11562 requires_config_enabled MBEDTLS_SSL_SRV_C 11563 requires_config_enabled MBEDTLS_DEBUG_C 11564 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11565 requires_config_enabled PSA_WANT_ALG_ECDH 11566 requires_openssl_tls1_3 11567 run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \ 11568 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11569 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \ 11570 0 \ 11571 -s "Protocol is TLSv1.3" \ 11572 -s "got named group: secp256r1(0017)" \ 11573 -s "Certificate verification was skipped" \ 11574 -s "HRR selected_group: secp256r1" 11575 11576 requires_config_enabled MBEDTLS_SSL_SRV_C 11577 requires_config_enabled MBEDTLS_DEBUG_C 11578 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11579 requires_config_enabled PSA_WANT_ALG_ECDH 11580 requires_openssl_tls1_3 11581 run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \ 11582 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11583 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \ 11584 0 \ 11585 -s "Protocol is TLSv1.3" \ 11586 -s "got named group: secp384r1(0018)" \ 11587 -s "Certificate verification was skipped" \ 11588 -s "HRR selected_group: secp384r1" 11589 11590 requires_config_enabled MBEDTLS_SSL_SRV_C 11591 requires_config_enabled MBEDTLS_DEBUG_C 11592 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11593 requires_config_enabled PSA_WANT_ALG_ECDH 11594 requires_openssl_tls1_3 11595 run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \ 11596 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11597 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \ 11598 0 \ 11599 -s "Protocol is TLSv1.3" \ 11600 -s "got named group: secp521r1(0019)" \ 11601 -s "Certificate verification was skipped" \ 11602 -s "HRR selected_group: secp521r1" 11603 11604 requires_config_enabled MBEDTLS_SSL_SRV_C 11605 requires_config_enabled MBEDTLS_DEBUG_C 11606 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11607 requires_config_enabled PSA_WANT_ALG_ECDH 11608 requires_openssl_tls1_3 11609 run_test "TLS 1.3 O->m: HRR x25519 -> x448" \ 11610 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11611 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \ 11612 0 \ 11613 -s "Protocol is TLSv1.3" \ 11614 -s "got named group: x448(001e)" \ 11615 -s "Certificate verification was skipped" \ 11616 -s "HRR selected_group: x448" 11617 11618 requires_config_enabled MBEDTLS_SSL_SRV_C 11619 requires_config_enabled MBEDTLS_DEBUG_C 11620 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11621 requires_config_enabled PSA_WANT_ALG_FFDH 11622 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11623 requires_openssl_tls1_3_with_ffdh 11624 run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \ 11625 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11626 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:ffdhe2048 -msg -tls1_3" \ 11627 0 \ 11628 -s "Protocol is TLSv1.3" \ 11629 -s "got named group: ffdhe2048(0100)" \ 11630 -s "Certificate verification was skipped" \ 11631 -s "HRR selected_group: ffdhe2048" 11632 11633 requires_config_enabled MBEDTLS_SSL_SRV_C 11634 requires_config_enabled MBEDTLS_DEBUG_C 11635 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11636 requires_config_enabled PSA_WANT_ALG_ECDH 11637 requires_openssl_tls1_3 11638 run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \ 11639 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11640 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \ 11641 0 \ 11642 -s "Protocol is TLSv1.3" \ 11643 -s "got named group: secp256r1(0017)" \ 11644 -s "Certificate verification was skipped" \ 11645 -s "HRR selected_group: secp256r1" 11646 11647 requires_config_enabled MBEDTLS_SSL_SRV_C 11648 requires_config_enabled MBEDTLS_DEBUG_C 11649 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11650 requires_config_enabled PSA_WANT_ALG_ECDH 11651 requires_openssl_tls1_3 11652 run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \ 11653 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11654 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \ 11655 0 \ 11656 -s "Protocol is TLSv1.3" \ 11657 -s "got named group: secp384r1(0018)" \ 11658 -s "Certificate verification was skipped" \ 11659 -s "HRR selected_group: secp384r1" 11660 11661 requires_config_enabled MBEDTLS_SSL_SRV_C 11662 requires_config_enabled MBEDTLS_DEBUG_C 11663 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11664 requires_config_enabled PSA_WANT_ALG_ECDH 11665 requires_openssl_tls1_3 11666 run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \ 11667 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11668 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \ 11669 0 \ 11670 -s "Protocol is TLSv1.3" \ 11671 -s "got named group: secp521r1(0019)" \ 11672 -s "Certificate verification was skipped" \ 11673 -s "HRR selected_group: secp521r1" 11674 11675 requires_config_enabled MBEDTLS_SSL_SRV_C 11676 requires_config_enabled MBEDTLS_DEBUG_C 11677 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11678 requires_config_enabled PSA_WANT_ALG_ECDH 11679 requires_openssl_tls1_3 11680 run_test "TLS 1.3 O->m: HRR x448 -> x25519" \ 11681 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11682 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \ 11683 0 \ 11684 -s "Protocol is TLSv1.3" \ 11685 -s "got named group: x25519(001d)" \ 11686 -s "Certificate verification was skipped" \ 11687 -s "HRR selected_group: x25519" 11688 11689 requires_config_enabled MBEDTLS_SSL_SRV_C 11690 requires_config_enabled MBEDTLS_DEBUG_C 11691 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11692 requires_config_enabled PSA_WANT_ALG_FFDH 11693 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11694 requires_openssl_tls1_3_with_ffdh 11695 run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \ 11696 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11697 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:ffdhe2048 -msg -tls1_3" \ 11698 0 \ 11699 -s "Protocol is TLSv1.3" \ 11700 -s "got named group: ffdhe2048(0100)" \ 11701 -s "Certificate verification was skipped" \ 11702 -s "HRR selected_group: ffdhe2048" 11703 11704 requires_config_enabled MBEDTLS_SSL_SRV_C 11705 requires_config_enabled MBEDTLS_DEBUG_C 11706 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11707 requires_config_enabled PSA_WANT_ALG_ECDH 11708 requires_openssl_tls1_3_with_ffdh 11709 run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp256r1" \ 11710 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11711 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-256 -msg -tls1_3" \ 11712 0 \ 11713 -s "Protocol is TLSv1.3" \ 11714 -s "got named group: secp256r1(0017)" \ 11715 -s "Certificate verification was skipped" \ 11716 -s "HRR selected_group: secp256r1" 11717 11718 requires_config_enabled MBEDTLS_SSL_SRV_C 11719 requires_config_enabled MBEDTLS_DEBUG_C 11720 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11721 requires_config_enabled PSA_WANT_ALG_ECDH 11722 requires_openssl_tls1_3_with_ffdh 11723 run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp384r1" \ 11724 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11725 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-384 -msg -tls1_3" \ 11726 0 \ 11727 -s "Protocol is TLSv1.3" \ 11728 -s "got named group: secp384r1(0018)" \ 11729 -s "Certificate verification was skipped" \ 11730 -s "HRR selected_group: secp384r1" 11731 11732 requires_config_enabled MBEDTLS_SSL_SRV_C 11733 requires_config_enabled MBEDTLS_DEBUG_C 11734 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11735 requires_config_enabled PSA_WANT_ALG_ECDH 11736 requires_openssl_tls1_3_with_ffdh 11737 run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp521r1" \ 11738 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11739 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-521 -msg -tls1_3" \ 11740 0 \ 11741 -s "Protocol is TLSv1.3" \ 11742 -s "got named group: secp521r1(0019)" \ 11743 -s "Certificate verification was skipped" \ 11744 -s "HRR selected_group: secp521r1" 11745 11746 requires_config_enabled MBEDTLS_SSL_SRV_C 11747 requires_config_enabled MBEDTLS_DEBUG_C 11748 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11749 requires_config_enabled PSA_WANT_ALG_ECDH 11750 requires_openssl_tls1_3_with_ffdh 11751 run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x25519" \ 11752 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11753 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:X25519 -msg -tls1_3" \ 11754 0 \ 11755 -s "Protocol is TLSv1.3" \ 11756 -s "got named group: x25519(001d)" \ 11757 -s "Certificate verification was skipped" \ 11758 -s "HRR selected_group: x25519" 11759 11760 requires_config_enabled MBEDTLS_SSL_SRV_C 11761 requires_config_enabled MBEDTLS_DEBUG_C 11762 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11763 requires_config_enabled PSA_WANT_ALG_ECDH 11764 requires_openssl_tls1_3_with_ffdh 11765 run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x448" \ 11766 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11767 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:X448 -msg -tls1_3" \ 11768 0 \ 11769 -s "Protocol is TLSv1.3" \ 11770 -s "got named group: x448(001e)" \ 11771 -s "Certificate verification was skipped" \ 11772 -s "HRR selected_group: x448" 11773 11774 requires_config_enabled MBEDTLS_SSL_SRV_C 11775 requires_config_enabled MBEDTLS_DEBUG_C 11776 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11777 requires_config_enabled PSA_WANT_ALG_ECDH 11778 requires_gnutls_tls1_3 11779 requires_gnutls_next_no_ticket 11780 run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \ 11781 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11782 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 11783 0 \ 11784 -s "Protocol is TLSv1.3" \ 11785 -s "got named group: secp384r1(0018)" \ 11786 -s "Certificate verification was skipped" \ 11787 -s "HRR selected_group: secp384r1" 11788 11789 requires_config_enabled MBEDTLS_SSL_SRV_C 11790 requires_config_enabled MBEDTLS_DEBUG_C 11791 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11792 requires_config_enabled PSA_WANT_ALG_ECDH 11793 requires_gnutls_tls1_3 11794 requires_gnutls_next_no_ticket 11795 run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \ 11796 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11797 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 11798 0 \ 11799 -s "Protocol is TLSv1.3" \ 11800 -s "got named group: secp521r1(0019)" \ 11801 -s "Certificate verification was skipped" \ 11802 -s "HRR selected_group: secp521r1" 11803 11804 requires_config_enabled MBEDTLS_SSL_SRV_C 11805 requires_config_enabled MBEDTLS_DEBUG_C 11806 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11807 requires_config_enabled PSA_WANT_ALG_ECDH 11808 requires_gnutls_tls1_3 11809 requires_gnutls_next_no_ticket 11810 run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \ 11811 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11812 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 11813 0 \ 11814 -s "Protocol is TLSv1.3" \ 11815 -s "got named group: x25519(001d)" \ 11816 -s "Certificate verification was skipped" \ 11817 -s "HRR selected_group: x25519" 11818 11819 requires_config_enabled MBEDTLS_SSL_SRV_C 11820 requires_config_enabled MBEDTLS_DEBUG_C 11821 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11822 requires_config_enabled PSA_WANT_ALG_ECDH 11823 requires_gnutls_tls1_3 11824 requires_gnutls_next_no_ticket 11825 run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \ 11826 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11827 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 11828 0 \ 11829 -s "Protocol is TLSv1.3" \ 11830 -s "got named group: x448(001e)" \ 11831 -s "Certificate verification was skipped" \ 11832 -s "HRR selected_group: x448" 11833 11834 requires_config_enabled MBEDTLS_SSL_SRV_C 11835 requires_config_enabled MBEDTLS_DEBUG_C 11836 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11837 requires_config_enabled PSA_WANT_ALG_FFDH 11838 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11839 requires_gnutls_tls1_3 11840 requires_gnutls_next_no_ticket 11841 run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe2048" \ 11842 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11843 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 11844 0 \ 11845 -s "Protocol is TLSv1.3" \ 11846 -s "got named group: ffdhe2048(0100)" \ 11847 -s "Certificate verification was skipped" \ 11848 -s "HRR selected_group: ffdhe2048" 11849 11850 requires_config_enabled MBEDTLS_SSL_SRV_C 11851 requires_config_enabled MBEDTLS_DEBUG_C 11852 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11853 requires_config_enabled PSA_WANT_ALG_ECDH 11854 requires_gnutls_tls1_3 11855 requires_gnutls_next_no_ticket 11856 run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \ 11857 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11858 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 11859 0 \ 11860 -s "Protocol is TLSv1.3" \ 11861 -s "got named group: secp256r1(0017)" \ 11862 -s "Certificate verification was skipped" \ 11863 -s "HRR selected_group: secp256r1" 11864 11865 requires_config_enabled MBEDTLS_SSL_SRV_C 11866 requires_config_enabled MBEDTLS_DEBUG_C 11867 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11868 requires_config_enabled PSA_WANT_ALG_ECDH 11869 requires_gnutls_tls1_3 11870 requires_gnutls_next_no_ticket 11871 run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \ 11872 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11873 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 11874 0 \ 11875 -s "Protocol is TLSv1.3" \ 11876 -s "got named group: secp521r1(0019)" \ 11877 -s "Certificate verification was skipped" \ 11878 -s "HRR selected_group: secp521r1" 11879 11880 requires_config_enabled MBEDTLS_SSL_SRV_C 11881 requires_config_enabled MBEDTLS_DEBUG_C 11882 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11883 requires_config_enabled PSA_WANT_ALG_ECDH 11884 requires_gnutls_tls1_3 11885 requires_gnutls_next_no_ticket 11886 run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \ 11887 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11888 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 11889 0 \ 11890 -s "Protocol is TLSv1.3" \ 11891 -s "got named group: x25519(001d)" \ 11892 -s "Certificate verification was skipped" \ 11893 -s "HRR selected_group: x25519" 11894 11895 requires_config_enabled MBEDTLS_SSL_SRV_C 11896 requires_config_enabled MBEDTLS_DEBUG_C 11897 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11898 requires_config_enabled PSA_WANT_ALG_ECDH 11899 requires_gnutls_tls1_3 11900 requires_gnutls_next_no_ticket 11901 run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \ 11902 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11903 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 11904 0 \ 11905 -s "Protocol is TLSv1.3" \ 11906 -s "got named group: x448(001e)" \ 11907 -s "Certificate verification was skipped" \ 11908 -s "HRR selected_group: x448" 11909 11910 requires_config_enabled MBEDTLS_SSL_SRV_C 11911 requires_config_enabled MBEDTLS_DEBUG_C 11912 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11913 requires_config_enabled PSA_WANT_ALG_FFDH 11914 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11915 requires_gnutls_tls1_3 11916 requires_gnutls_next_no_ticket 11917 run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe2048" \ 11918 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11919 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 11920 0 \ 11921 -s "Protocol is TLSv1.3" \ 11922 -s "got named group: ffdhe2048(0100)" \ 11923 -s "Certificate verification was skipped" \ 11924 -s "HRR selected_group: ffdhe2048" 11925 11926 requires_config_enabled MBEDTLS_SSL_SRV_C 11927 requires_config_enabled MBEDTLS_DEBUG_C 11928 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11929 requires_config_enabled PSA_WANT_ALG_ECDH 11930 requires_gnutls_tls1_3 11931 requires_gnutls_next_no_ticket 11932 run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \ 11933 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11934 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 11935 0 \ 11936 -s "Protocol is TLSv1.3" \ 11937 -s "got named group: secp256r1(0017)" \ 11938 -s "Certificate verification was skipped" \ 11939 -s "HRR selected_group: secp256r1" 11940 11941 requires_config_enabled MBEDTLS_SSL_SRV_C 11942 requires_config_enabled MBEDTLS_DEBUG_C 11943 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11944 requires_config_enabled PSA_WANT_ALG_ECDH 11945 requires_gnutls_tls1_3 11946 requires_gnutls_next_no_ticket 11947 run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \ 11948 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11949 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 11950 0 \ 11951 -s "Protocol is TLSv1.3" \ 11952 -s "got named group: secp384r1(0018)" \ 11953 -s "Certificate verification was skipped" \ 11954 -s "HRR selected_group: secp384r1" 11955 11956 requires_config_enabled MBEDTLS_SSL_SRV_C 11957 requires_config_enabled MBEDTLS_DEBUG_C 11958 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11959 requires_config_enabled PSA_WANT_ALG_ECDH 11960 requires_gnutls_tls1_3 11961 requires_gnutls_next_no_ticket 11962 run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \ 11963 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11964 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 11965 0 \ 11966 -s "Protocol is TLSv1.3" \ 11967 -s "got named group: x25519(001d)" \ 11968 -s "Certificate verification was skipped" \ 11969 -s "HRR selected_group: x25519" 11970 11971 requires_config_enabled MBEDTLS_SSL_SRV_C 11972 requires_config_enabled MBEDTLS_DEBUG_C 11973 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11974 requires_config_enabled PSA_WANT_ALG_ECDH 11975 requires_gnutls_tls1_3 11976 requires_gnutls_next_no_ticket 11977 run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \ 11978 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11979 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 11980 0 \ 11981 -s "Protocol is TLSv1.3" \ 11982 -s "got named group: x448(001e)" \ 11983 -s "Certificate verification was skipped" \ 11984 -s "HRR selected_group: x448" 11985 11986 requires_config_enabled MBEDTLS_SSL_SRV_C 11987 requires_config_enabled MBEDTLS_DEBUG_C 11988 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11989 requires_config_enabled PSA_WANT_ALG_FFDH 11990 requires_config_enabled PSA_WANT_DH_RFC7919_2048 11991 requires_gnutls_tls1_3 11992 requires_gnutls_next_no_ticket 11993 run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe2048" \ 11994 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 11995 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 11996 0 \ 11997 -s "Protocol is TLSv1.3" \ 11998 -s "got named group: ffdhe2048(0100)" \ 11999 -s "Certificate verification was skipped" \ 12000 -s "HRR selected_group: ffdhe2048" 12001 12002 requires_config_enabled MBEDTLS_SSL_SRV_C 12003 requires_config_enabled MBEDTLS_DEBUG_C 12004 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12005 requires_config_enabled PSA_WANT_ALG_ECDH 12006 requires_gnutls_tls1_3 12007 requires_gnutls_next_no_ticket 12008 run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \ 12009 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12010 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 12011 0 \ 12012 -s "Protocol is TLSv1.3" \ 12013 -s "got named group: secp256r1(0017)" \ 12014 -s "Certificate verification was skipped" \ 12015 -s "HRR selected_group: secp256r1" 12016 12017 requires_config_enabled MBEDTLS_SSL_SRV_C 12018 requires_config_enabled MBEDTLS_DEBUG_C 12019 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12020 requires_config_enabled PSA_WANT_ALG_ECDH 12021 requires_gnutls_tls1_3 12022 requires_gnutls_next_no_ticket 12023 run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \ 12024 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12025 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 12026 0 \ 12027 -s "Protocol is TLSv1.3" \ 12028 -s "got named group: secp384r1(0018)" \ 12029 -s "Certificate verification was skipped" \ 12030 -s "HRR selected_group: secp384r1" 12031 12032 requires_config_enabled MBEDTLS_SSL_SRV_C 12033 requires_config_enabled MBEDTLS_DEBUG_C 12034 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12035 requires_config_enabled PSA_WANT_ALG_ECDH 12036 requires_gnutls_tls1_3 12037 requires_gnutls_next_no_ticket 12038 run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \ 12039 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12040 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 12041 0 \ 12042 -s "Protocol is TLSv1.3" \ 12043 -s "got named group: secp521r1(0019)" \ 12044 -s "Certificate verification was skipped" \ 12045 -s "HRR selected_group: secp521r1" 12046 12047 requires_config_enabled MBEDTLS_SSL_SRV_C 12048 requires_config_enabled MBEDTLS_DEBUG_C 12049 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12050 requires_config_enabled PSA_WANT_ALG_ECDH 12051 requires_gnutls_tls1_3 12052 requires_gnutls_next_no_ticket 12053 run_test "TLS 1.3 G->m: HRR x25519 -> x448" \ 12054 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12055 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 12056 0 \ 12057 -s "Protocol is TLSv1.3" \ 12058 -s "got named group: x448(001e)" \ 12059 -s "Certificate verification was skipped" \ 12060 -s "HRR selected_group: x448" 12061 12062 requires_config_enabled MBEDTLS_SSL_SRV_C 12063 requires_config_enabled MBEDTLS_DEBUG_C 12064 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12065 requires_config_enabled PSA_WANT_ALG_FFDH 12066 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12067 requires_gnutls_tls1_3 12068 requires_gnutls_next_no_ticket 12069 run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe2048" \ 12070 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12071 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 12072 0 \ 12073 -s "Protocol is TLSv1.3" \ 12074 -s "got named group: ffdhe2048(0100)" \ 12075 -s "Certificate verification was skipped" \ 12076 -s "HRR selected_group: ffdhe2048" 12077 12078 requires_config_enabled MBEDTLS_SSL_SRV_C 12079 requires_config_enabled MBEDTLS_DEBUG_C 12080 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12081 requires_config_enabled PSA_WANT_ALG_ECDH 12082 requires_gnutls_tls1_3 12083 requires_gnutls_next_no_ticket 12084 run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \ 12085 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12086 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 12087 0 \ 12088 -s "Protocol is TLSv1.3" \ 12089 -s "got named group: secp256r1(0017)" \ 12090 -s "Certificate verification was skipped" \ 12091 -s "HRR selected_group: secp256r1" 12092 12093 requires_config_enabled MBEDTLS_SSL_SRV_C 12094 requires_config_enabled MBEDTLS_DEBUG_C 12095 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12096 requires_config_enabled PSA_WANT_ALG_ECDH 12097 requires_gnutls_tls1_3 12098 requires_gnutls_next_no_ticket 12099 run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \ 12100 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12101 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 12102 0 \ 12103 -s "Protocol is TLSv1.3" \ 12104 -s "got named group: secp384r1(0018)" \ 12105 -s "Certificate verification was skipped" \ 12106 -s "HRR selected_group: secp384r1" 12107 12108 requires_config_enabled MBEDTLS_SSL_SRV_C 12109 requires_config_enabled MBEDTLS_DEBUG_C 12110 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12111 requires_config_enabled PSA_WANT_ALG_ECDH 12112 requires_gnutls_tls1_3 12113 requires_gnutls_next_no_ticket 12114 run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \ 12115 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12116 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 12117 0 \ 12118 -s "Protocol is TLSv1.3" \ 12119 -s "got named group: secp521r1(0019)" \ 12120 -s "Certificate verification was skipped" \ 12121 -s "HRR selected_group: secp521r1" 12122 12123 requires_config_enabled MBEDTLS_SSL_SRV_C 12124 requires_config_enabled MBEDTLS_DEBUG_C 12125 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12126 requires_config_enabled PSA_WANT_ALG_ECDH 12127 requires_gnutls_tls1_3 12128 requires_gnutls_next_no_ticket 12129 run_test "TLS 1.3 G->m: HRR x448 -> x25519" \ 12130 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12131 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 12132 0 \ 12133 -s "Protocol is TLSv1.3" \ 12134 -s "got named group: x25519(001d)" \ 12135 -s "Certificate verification was skipped" \ 12136 -s "HRR selected_group: x25519" 12137 12138 requires_config_enabled MBEDTLS_SSL_SRV_C 12139 requires_config_enabled MBEDTLS_DEBUG_C 12140 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12141 requires_config_enabled PSA_WANT_ALG_FFDH 12142 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12143 requires_gnutls_tls1_3 12144 requires_gnutls_next_no_ticket 12145 run_test "TLS 1.3 G->m: HRR x448 -> ffdhe2048" \ 12146 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12147 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 12148 0 \ 12149 -s "Protocol is TLSv1.3" \ 12150 -s "got named group: ffdhe2048(0100)" \ 12151 -s "Certificate verification was skipped" \ 12152 -s "HRR selected_group: ffdhe2048" 12153 12154 requires_config_enabled MBEDTLS_SSL_SRV_C 12155 requires_config_enabled MBEDTLS_DEBUG_C 12156 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12157 requires_config_enabled PSA_WANT_ALG_ECDH 12158 requires_gnutls_tls1_3 12159 requires_gnutls_next_no_ticket 12160 run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp256r1" \ 12161 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12162 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 12163 0 \ 12164 -s "Protocol is TLSv1.3" \ 12165 -s "got named group: secp256r1(0017)" \ 12166 -s "Certificate verification was skipped" \ 12167 -s "HRR selected_group: secp256r1" 12168 12169 requires_config_enabled MBEDTLS_SSL_SRV_C 12170 requires_config_enabled MBEDTLS_DEBUG_C 12171 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12172 requires_config_enabled PSA_WANT_ALG_ECDH 12173 requires_gnutls_tls1_3 12174 requires_gnutls_next_no_ticket 12175 run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp384r1" \ 12176 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12177 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 12178 0 \ 12179 -s "Protocol is TLSv1.3" \ 12180 -s "got named group: secp384r1(0018)" \ 12181 -s "Certificate verification was skipped" \ 12182 -s "HRR selected_group: secp384r1" 12183 12184 requires_config_enabled MBEDTLS_SSL_SRV_C 12185 requires_config_enabled MBEDTLS_DEBUG_C 12186 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12187 requires_config_enabled PSA_WANT_ALG_ECDH 12188 requires_gnutls_tls1_3 12189 requires_gnutls_next_no_ticket 12190 run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp521r1" \ 12191 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12192 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 12193 0 \ 12194 -s "Protocol is TLSv1.3" \ 12195 -s "got named group: secp521r1(0019)" \ 12196 -s "Certificate verification was skipped" \ 12197 -s "HRR selected_group: secp521r1" 12198 12199 requires_config_enabled MBEDTLS_SSL_SRV_C 12200 requires_config_enabled MBEDTLS_DEBUG_C 12201 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12202 requires_config_enabled PSA_WANT_ALG_ECDH 12203 requires_gnutls_tls1_3 12204 requires_gnutls_next_no_ticket 12205 run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x25519" \ 12206 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12207 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 12208 0 \ 12209 -s "Protocol is TLSv1.3" \ 12210 -s "got named group: x25519(001d)" \ 12211 -s "Certificate verification was skipped" \ 12212 -s "HRR selected_group: x25519" 12213 12214 requires_config_enabled MBEDTLS_SSL_SRV_C 12215 requires_config_enabled MBEDTLS_DEBUG_C 12216 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12217 requires_config_enabled PSA_WANT_ALG_ECDH 12218 requires_gnutls_tls1_3 12219 requires_gnutls_next_no_ticket 12220 run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x448" \ 12221 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 12222 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 12223 0 \ 12224 -s "Protocol is TLSv1.3" \ 12225 -s "got named group: x448(001e)" \ 12226 -s "Certificate verification was skipped" \ 12227 -s "HRR selected_group: x448" 12228 12229 requires_openssl_tls1_3 12230 requires_config_enabled MBEDTLS_SSL_CLI_C 12231 requires_config_enabled MBEDTLS_DEBUG_C 12232 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12233 requires_config_enabled PSA_WANT_ALG_ECDH 12234 run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \ 12235 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12236 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \ 12237 0 \ 12238 -c "HTTP/1.0 200 ok" \ 12239 -c "Protocol is TLSv1.3" \ 12240 -c "NamedGroup: secp256r1 ( 17 )" \ 12241 -c "NamedGroup: secp384r1 ( 18 )" \ 12242 -c "Verifying peer X.509 certificate... ok" \ 12243 -c "received HelloRetryRequest message" \ 12244 -c "selected_group ( 24 )" 12245 12246 requires_openssl_tls1_3 12247 requires_config_enabled MBEDTLS_SSL_CLI_C 12248 requires_config_enabled MBEDTLS_DEBUG_C 12249 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12250 requires_config_enabled PSA_WANT_ALG_ECDH 12251 run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \ 12252 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12253 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \ 12254 0 \ 12255 -c "HTTP/1.0 200 ok" \ 12256 -c "Protocol is TLSv1.3" \ 12257 -c "NamedGroup: secp256r1 ( 17 )" \ 12258 -c "NamedGroup: secp521r1 ( 19 )" \ 12259 -c "Verifying peer X.509 certificate... ok" \ 12260 -c "received HelloRetryRequest message" \ 12261 -c "selected_group ( 25 )" 12262 12263 requires_openssl_tls1_3 12264 requires_config_enabled MBEDTLS_SSL_CLI_C 12265 requires_config_enabled MBEDTLS_DEBUG_C 12266 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12267 requires_config_enabled PSA_WANT_ALG_ECDH 12268 run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \ 12269 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12270 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \ 12271 0 \ 12272 -c "HTTP/1.0 200 ok" \ 12273 -c "Protocol is TLSv1.3" \ 12274 -c "NamedGroup: secp256r1 ( 17 )" \ 12275 -c "NamedGroup: x25519 ( 1d )" \ 12276 -c "Verifying peer X.509 certificate... ok" \ 12277 -c "received HelloRetryRequest message" \ 12278 -c "selected_group ( 29 )" 12279 12280 requires_openssl_tls1_3 12281 requires_config_enabled MBEDTLS_SSL_CLI_C 12282 requires_config_enabled MBEDTLS_DEBUG_C 12283 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12284 requires_config_enabled PSA_WANT_ALG_ECDH 12285 run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \ 12286 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12287 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \ 12288 0 \ 12289 -c "HTTP/1.0 200 ok" \ 12290 -c "Protocol is TLSv1.3" \ 12291 -c "NamedGroup: secp256r1 ( 17 )" \ 12292 -c "NamedGroup: x448 ( 1e )" \ 12293 -c "Verifying peer X.509 certificate... ok" \ 12294 -c "received HelloRetryRequest message" \ 12295 -c "selected_group ( 30 )" 12296 12297 requires_openssl_tls1_3_with_ffdh 12298 requires_config_enabled MBEDTLS_SSL_CLI_C 12299 requires_config_enabled MBEDTLS_DEBUG_C 12300 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12301 requires_config_enabled PSA_WANT_ALG_ECDH 12302 requires_config_enabled PSA_WANT_ALG_FFDH 12303 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12304 run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \ 12305 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12306 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \ 12307 0 \ 12308 -c "HTTP/1.0 200 ok" \ 12309 -c "Protocol is TLSv1.3" \ 12310 -c "NamedGroup: secp256r1 ( 17 )" \ 12311 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12312 -c "Verifying peer X.509 certificate... ok" \ 12313 -c "received HelloRetryRequest message" \ 12314 -c "selected_group ( 256 )" 12315 12316 requires_openssl_tls1_3 12317 requires_config_enabled MBEDTLS_SSL_CLI_C 12318 requires_config_enabled MBEDTLS_DEBUG_C 12319 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12320 requires_config_enabled PSA_WANT_ALG_ECDH 12321 run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \ 12322 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12323 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \ 12324 0 \ 12325 -c "HTTP/1.0 200 ok" \ 12326 -c "Protocol is TLSv1.3" \ 12327 -c "NamedGroup: secp384r1 ( 18 )" \ 12328 -c "NamedGroup: secp256r1 ( 17 )" \ 12329 -c "Verifying peer X.509 certificate... ok" \ 12330 -c "received HelloRetryRequest message" \ 12331 -c "selected_group ( 23 )" 12332 12333 requires_openssl_tls1_3 12334 requires_config_enabled MBEDTLS_SSL_CLI_C 12335 requires_config_enabled MBEDTLS_DEBUG_C 12336 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12337 requires_config_enabled PSA_WANT_ALG_ECDH 12338 run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \ 12339 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12340 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \ 12341 0 \ 12342 -c "HTTP/1.0 200 ok" \ 12343 -c "Protocol is TLSv1.3" \ 12344 -c "NamedGroup: secp384r1 ( 18 )" \ 12345 -c "NamedGroup: secp521r1 ( 19 )" \ 12346 -c "Verifying peer X.509 certificate... ok" \ 12347 -c "received HelloRetryRequest message" \ 12348 -c "selected_group ( 25 )" 12349 12350 requires_openssl_tls1_3 12351 requires_config_enabled MBEDTLS_SSL_CLI_C 12352 requires_config_enabled MBEDTLS_DEBUG_C 12353 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12354 requires_config_enabled PSA_WANT_ALG_ECDH 12355 run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \ 12356 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12357 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \ 12358 0 \ 12359 -c "HTTP/1.0 200 ok" \ 12360 -c "Protocol is TLSv1.3" \ 12361 -c "NamedGroup: secp384r1 ( 18 )" \ 12362 -c "NamedGroup: x25519 ( 1d )" \ 12363 -c "Verifying peer X.509 certificate... ok" \ 12364 -c "received HelloRetryRequest message" \ 12365 -c "selected_group ( 29 )" 12366 12367 requires_openssl_tls1_3 12368 requires_config_enabled MBEDTLS_SSL_CLI_C 12369 requires_config_enabled MBEDTLS_DEBUG_C 12370 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12371 requires_config_enabled PSA_WANT_ALG_ECDH 12372 run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \ 12373 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12374 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \ 12375 0 \ 12376 -c "HTTP/1.0 200 ok" \ 12377 -c "Protocol is TLSv1.3" \ 12378 -c "NamedGroup: secp384r1 ( 18 )" \ 12379 -c "NamedGroup: x448 ( 1e )" \ 12380 -c "Verifying peer X.509 certificate... ok" \ 12381 -c "received HelloRetryRequest message" \ 12382 -c "selected_group ( 30 )" 12383 12384 requires_openssl_tls1_3_with_ffdh 12385 requires_config_enabled MBEDTLS_SSL_CLI_C 12386 requires_config_enabled MBEDTLS_DEBUG_C 12387 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12388 requires_config_enabled PSA_WANT_ALG_ECDH 12389 requires_config_enabled PSA_WANT_ALG_FFDH 12390 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12391 run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \ 12392 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12393 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \ 12394 0 \ 12395 -c "HTTP/1.0 200 ok" \ 12396 -c "Protocol is TLSv1.3" \ 12397 -c "NamedGroup: secp384r1 ( 18 )" \ 12398 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12399 -c "Verifying peer X.509 certificate... ok" \ 12400 -c "received HelloRetryRequest message" \ 12401 -c "selected_group ( 256 )" 12402 12403 requires_openssl_tls1_3 12404 requires_config_enabled MBEDTLS_SSL_CLI_C 12405 requires_config_enabled MBEDTLS_DEBUG_C 12406 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12407 requires_config_enabled PSA_WANT_ALG_ECDH 12408 run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \ 12409 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12410 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \ 12411 0 \ 12412 -c "HTTP/1.0 200 ok" \ 12413 -c "Protocol is TLSv1.3" \ 12414 -c "NamedGroup: secp521r1 ( 19 )" \ 12415 -c "NamedGroup: secp256r1 ( 17 )" \ 12416 -c "Verifying peer X.509 certificate... ok" \ 12417 -c "received HelloRetryRequest message" \ 12418 -c "selected_group ( 23 )" 12419 12420 requires_openssl_tls1_3 12421 requires_config_enabled MBEDTLS_SSL_CLI_C 12422 requires_config_enabled MBEDTLS_DEBUG_C 12423 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12424 requires_config_enabled PSA_WANT_ALG_ECDH 12425 run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \ 12426 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12427 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \ 12428 0 \ 12429 -c "HTTP/1.0 200 ok" \ 12430 -c "Protocol is TLSv1.3" \ 12431 -c "NamedGroup: secp521r1 ( 19 )" \ 12432 -c "NamedGroup: secp384r1 ( 18 )" \ 12433 -c "Verifying peer X.509 certificate... ok" \ 12434 -c "received HelloRetryRequest message" \ 12435 -c "selected_group ( 24 )" 12436 12437 requires_openssl_tls1_3 12438 requires_config_enabled MBEDTLS_SSL_CLI_C 12439 requires_config_enabled MBEDTLS_DEBUG_C 12440 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12441 requires_config_enabled PSA_WANT_ALG_ECDH 12442 run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \ 12443 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12444 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \ 12445 0 \ 12446 -c "HTTP/1.0 200 ok" \ 12447 -c "Protocol is TLSv1.3" \ 12448 -c "NamedGroup: secp521r1 ( 19 )" \ 12449 -c "NamedGroup: x25519 ( 1d )" \ 12450 -c "Verifying peer X.509 certificate... ok" \ 12451 -c "received HelloRetryRequest message" \ 12452 -c "selected_group ( 29 )" 12453 12454 requires_openssl_tls1_3 12455 requires_config_enabled MBEDTLS_SSL_CLI_C 12456 requires_config_enabled MBEDTLS_DEBUG_C 12457 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12458 requires_config_enabled PSA_WANT_ALG_ECDH 12459 run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \ 12460 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12461 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \ 12462 0 \ 12463 -c "HTTP/1.0 200 ok" \ 12464 -c "Protocol is TLSv1.3" \ 12465 -c "NamedGroup: secp521r1 ( 19 )" \ 12466 -c "NamedGroup: x448 ( 1e )" \ 12467 -c "Verifying peer X.509 certificate... ok" \ 12468 -c "received HelloRetryRequest message" \ 12469 -c "selected_group ( 30 )" 12470 12471 requires_openssl_tls1_3_with_ffdh 12472 requires_config_enabled MBEDTLS_SSL_CLI_C 12473 requires_config_enabled MBEDTLS_DEBUG_C 12474 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12475 requires_config_enabled PSA_WANT_ALG_ECDH 12476 requires_config_enabled PSA_WANT_ALG_FFDH 12477 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12478 run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \ 12479 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12480 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \ 12481 0 \ 12482 -c "HTTP/1.0 200 ok" \ 12483 -c "Protocol is TLSv1.3" \ 12484 -c "NamedGroup: secp521r1 ( 19 )" \ 12485 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12486 -c "Verifying peer X.509 certificate... ok" \ 12487 -c "received HelloRetryRequest message" \ 12488 -c "selected_group ( 256 )" 12489 12490 requires_openssl_tls1_3 12491 requires_config_enabled MBEDTLS_SSL_CLI_C 12492 requires_config_enabled MBEDTLS_DEBUG_C 12493 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12494 requires_config_enabled PSA_WANT_ALG_ECDH 12495 run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \ 12496 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12497 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \ 12498 0 \ 12499 -c "HTTP/1.0 200 ok" \ 12500 -c "Protocol is TLSv1.3" \ 12501 -c "NamedGroup: x25519 ( 1d )" \ 12502 -c "NamedGroup: secp256r1 ( 17 )" \ 12503 -c "Verifying peer X.509 certificate... ok" \ 12504 -c "received HelloRetryRequest message" \ 12505 -c "selected_group ( 23 )" 12506 12507 requires_openssl_tls1_3 12508 requires_config_enabled MBEDTLS_SSL_CLI_C 12509 requires_config_enabled MBEDTLS_DEBUG_C 12510 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12511 requires_config_enabled PSA_WANT_ALG_ECDH 12512 run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \ 12513 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12514 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \ 12515 0 \ 12516 -c "HTTP/1.0 200 ok" \ 12517 -c "Protocol is TLSv1.3" \ 12518 -c "NamedGroup: x25519 ( 1d )" \ 12519 -c "NamedGroup: secp384r1 ( 18 )" \ 12520 -c "Verifying peer X.509 certificate... ok" \ 12521 -c "received HelloRetryRequest message" \ 12522 -c "selected_group ( 24 )" 12523 12524 requires_openssl_tls1_3 12525 requires_config_enabled MBEDTLS_SSL_CLI_C 12526 requires_config_enabled MBEDTLS_DEBUG_C 12527 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12528 requires_config_enabled PSA_WANT_ALG_ECDH 12529 run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \ 12530 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12531 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \ 12532 0 \ 12533 -c "HTTP/1.0 200 ok" \ 12534 -c "Protocol is TLSv1.3" \ 12535 -c "NamedGroup: x25519 ( 1d )" \ 12536 -c "NamedGroup: secp521r1 ( 19 )" \ 12537 -c "Verifying peer X.509 certificate... ok" \ 12538 -c "received HelloRetryRequest message" \ 12539 -c "selected_group ( 25 )" 12540 12541 requires_openssl_tls1_3 12542 requires_config_enabled MBEDTLS_SSL_CLI_C 12543 requires_config_enabled MBEDTLS_DEBUG_C 12544 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12545 requires_config_enabled PSA_WANT_ALG_ECDH 12546 run_test "TLS 1.3 m->O: HRR x25519 -> x448" \ 12547 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12548 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \ 12549 0 \ 12550 -c "HTTP/1.0 200 ok" \ 12551 -c "Protocol is TLSv1.3" \ 12552 -c "NamedGroup: x25519 ( 1d )" \ 12553 -c "NamedGroup: x448 ( 1e )" \ 12554 -c "Verifying peer X.509 certificate... ok" \ 12555 -c "received HelloRetryRequest message" \ 12556 -c "selected_group ( 30 )" 12557 12558 requires_openssl_tls1_3_with_ffdh 12559 requires_config_enabled MBEDTLS_SSL_CLI_C 12560 requires_config_enabled MBEDTLS_DEBUG_C 12561 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12562 requires_config_enabled PSA_WANT_ALG_ECDH 12563 requires_config_enabled PSA_WANT_ALG_FFDH 12564 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12565 run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \ 12566 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12567 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \ 12568 0 \ 12569 -c "HTTP/1.0 200 ok" \ 12570 -c "Protocol is TLSv1.3" \ 12571 -c "NamedGroup: x25519 ( 1d )" \ 12572 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12573 -c "Verifying peer X.509 certificate... ok" \ 12574 -c "received HelloRetryRequest message" \ 12575 -c "selected_group ( 256 )" 12576 12577 requires_openssl_tls1_3 12578 requires_config_enabled MBEDTLS_SSL_CLI_C 12579 requires_config_enabled MBEDTLS_DEBUG_C 12580 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12581 requires_config_enabled PSA_WANT_ALG_ECDH 12582 run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \ 12583 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12584 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \ 12585 0 \ 12586 -c "HTTP/1.0 200 ok" \ 12587 -c "Protocol is TLSv1.3" \ 12588 -c "NamedGroup: x448 ( 1e )" \ 12589 -c "NamedGroup: secp256r1 ( 17 )" \ 12590 -c "Verifying peer X.509 certificate... ok" \ 12591 -c "received HelloRetryRequest message" \ 12592 -c "selected_group ( 23 )" 12593 12594 requires_openssl_tls1_3 12595 requires_config_enabled MBEDTLS_SSL_CLI_C 12596 requires_config_enabled MBEDTLS_DEBUG_C 12597 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12598 requires_config_enabled PSA_WANT_ALG_ECDH 12599 run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \ 12600 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12601 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \ 12602 0 \ 12603 -c "HTTP/1.0 200 ok" \ 12604 -c "Protocol is TLSv1.3" \ 12605 -c "NamedGroup: x448 ( 1e )" \ 12606 -c "NamedGroup: secp384r1 ( 18 )" \ 12607 -c "Verifying peer X.509 certificate... ok" \ 12608 -c "received HelloRetryRequest message" \ 12609 -c "selected_group ( 24 )" 12610 12611 requires_openssl_tls1_3 12612 requires_config_enabled MBEDTLS_SSL_CLI_C 12613 requires_config_enabled MBEDTLS_DEBUG_C 12614 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12615 requires_config_enabled PSA_WANT_ALG_ECDH 12616 run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \ 12617 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12618 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \ 12619 0 \ 12620 -c "HTTP/1.0 200 ok" \ 12621 -c "Protocol is TLSv1.3" \ 12622 -c "NamedGroup: x448 ( 1e )" \ 12623 -c "NamedGroup: secp521r1 ( 19 )" \ 12624 -c "Verifying peer X.509 certificate... ok" \ 12625 -c "received HelloRetryRequest message" \ 12626 -c "selected_group ( 25 )" 12627 12628 requires_openssl_tls1_3 12629 requires_config_enabled MBEDTLS_SSL_CLI_C 12630 requires_config_enabled MBEDTLS_DEBUG_C 12631 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12632 requires_config_enabled PSA_WANT_ALG_ECDH 12633 run_test "TLS 1.3 m->O: HRR x448 -> x25519" \ 12634 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12635 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \ 12636 0 \ 12637 -c "HTTP/1.0 200 ok" \ 12638 -c "Protocol is TLSv1.3" \ 12639 -c "NamedGroup: x448 ( 1e )" \ 12640 -c "NamedGroup: x25519 ( 1d )" \ 12641 -c "Verifying peer X.509 certificate... ok" \ 12642 -c "received HelloRetryRequest message" \ 12643 -c "selected_group ( 29 )" 12644 12645 requires_openssl_tls1_3_with_ffdh 12646 requires_config_enabled MBEDTLS_SSL_CLI_C 12647 requires_config_enabled MBEDTLS_DEBUG_C 12648 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12649 requires_config_enabled PSA_WANT_ALG_ECDH 12650 requires_config_enabled PSA_WANT_ALG_FFDH 12651 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12652 run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \ 12653 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12654 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \ 12655 0 \ 12656 -c "HTTP/1.0 200 ok" \ 12657 -c "Protocol is TLSv1.3" \ 12658 -c "NamedGroup: x448 ( 1e )" \ 12659 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12660 -c "Verifying peer X.509 certificate... ok" \ 12661 -c "received HelloRetryRequest message" \ 12662 -c "selected_group ( 256 )" 12663 12664 requires_openssl_tls1_3 12665 requires_config_enabled MBEDTLS_SSL_CLI_C 12666 requires_config_enabled MBEDTLS_DEBUG_C 12667 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12668 requires_config_enabled PSA_WANT_ALG_ECDH 12669 requires_config_enabled PSA_WANT_ALG_FFDH 12670 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12671 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \ 12672 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12673 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \ 12674 0 \ 12675 -c "HTTP/1.0 200 ok" \ 12676 -c "Protocol is TLSv1.3" \ 12677 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12678 -c "NamedGroup: secp256r1 ( 17 )" \ 12679 -c "Verifying peer X.509 certificate... ok" \ 12680 -c "received HelloRetryRequest message" \ 12681 -c "selected_group ( 23 )" 12682 12683 requires_openssl_tls1_3 12684 requires_config_enabled MBEDTLS_SSL_CLI_C 12685 requires_config_enabled MBEDTLS_DEBUG_C 12686 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12687 requires_config_enabled PSA_WANT_ALG_ECDH 12688 requires_config_enabled PSA_WANT_ALG_FFDH 12689 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12690 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \ 12691 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12692 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \ 12693 0 \ 12694 -c "HTTP/1.0 200 ok" \ 12695 -c "Protocol is TLSv1.3" \ 12696 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12697 -c "NamedGroup: secp384r1 ( 18 )" \ 12698 -c "Verifying peer X.509 certificate... ok" \ 12699 -c "received HelloRetryRequest message" \ 12700 -c "selected_group ( 24 )" 12701 12702 requires_openssl_tls1_3 12703 requires_config_enabled MBEDTLS_SSL_CLI_C 12704 requires_config_enabled MBEDTLS_DEBUG_C 12705 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12706 requires_config_enabled PSA_WANT_ALG_ECDH 12707 requires_config_enabled PSA_WANT_ALG_FFDH 12708 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12709 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \ 12710 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12711 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \ 12712 0 \ 12713 -c "HTTP/1.0 200 ok" \ 12714 -c "Protocol is TLSv1.3" \ 12715 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12716 -c "NamedGroup: secp521r1 ( 19 )" \ 12717 -c "Verifying peer X.509 certificate... ok" \ 12718 -c "received HelloRetryRequest message" \ 12719 -c "selected_group ( 25 )" 12720 12721 requires_openssl_tls1_3 12722 requires_config_enabled MBEDTLS_SSL_CLI_C 12723 requires_config_enabled MBEDTLS_DEBUG_C 12724 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12725 requires_config_enabled PSA_WANT_ALG_ECDH 12726 requires_config_enabled PSA_WANT_ALG_FFDH 12727 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12728 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \ 12729 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12730 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \ 12731 0 \ 12732 -c "HTTP/1.0 200 ok" \ 12733 -c "Protocol is TLSv1.3" \ 12734 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12735 -c "NamedGroup: x25519 ( 1d )" \ 12736 -c "Verifying peer X.509 certificate... ok" \ 12737 -c "received HelloRetryRequest message" \ 12738 -c "selected_group ( 29 )" 12739 12740 requires_openssl_tls1_3 12741 requires_config_enabled MBEDTLS_SSL_CLI_C 12742 requires_config_enabled MBEDTLS_DEBUG_C 12743 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12744 requires_config_enabled PSA_WANT_ALG_ECDH 12745 requires_config_enabled PSA_WANT_ALG_FFDH 12746 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12747 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \ 12748 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12749 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \ 12750 0 \ 12751 -c "HTTP/1.0 200 ok" \ 12752 -c "Protocol is TLSv1.3" \ 12753 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12754 -c "NamedGroup: x448 ( 1e )" \ 12755 -c "Verifying peer X.509 certificate... ok" \ 12756 -c "received HelloRetryRequest message" \ 12757 -c "selected_group ( 30 )" 12758 12759 requires_gnutls_tls1_3 12760 requires_gnutls_next_no_ticket 12761 requires_config_enabled MBEDTLS_SSL_CLI_C 12762 requires_config_enabled MBEDTLS_DEBUG_C 12763 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12764 requires_config_enabled PSA_WANT_ALG_ECDH 12765 run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \ 12766 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 12767 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \ 12768 0 \ 12769 -c "HTTP/1.0 200 OK" \ 12770 -c "Protocol is TLSv1.3" \ 12771 -c "NamedGroup: secp256r1 ( 17 )" \ 12772 -c "NamedGroup: secp384r1 ( 18 )" \ 12773 -c "Verifying peer X.509 certificate... ok" \ 12774 -c "received HelloRetryRequest message" \ 12775 -c "selected_group ( 24 )" 12776 12777 requires_gnutls_tls1_3 12778 requires_gnutls_next_no_ticket 12779 requires_config_enabled MBEDTLS_SSL_CLI_C 12780 requires_config_enabled MBEDTLS_DEBUG_C 12781 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12782 requires_config_enabled PSA_WANT_ALG_ECDH 12783 run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \ 12784 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 12785 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \ 12786 0 \ 12787 -c "HTTP/1.0 200 OK" \ 12788 -c "Protocol is TLSv1.3" \ 12789 -c "NamedGroup: secp256r1 ( 17 )" \ 12790 -c "NamedGroup: secp521r1 ( 19 )" \ 12791 -c "Verifying peer X.509 certificate... ok" \ 12792 -c "received HelloRetryRequest message" \ 12793 -c "selected_group ( 25 )" 12794 12795 requires_gnutls_tls1_3 12796 requires_gnutls_next_no_ticket 12797 requires_config_enabled MBEDTLS_SSL_CLI_C 12798 requires_config_enabled MBEDTLS_DEBUG_C 12799 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12800 requires_config_enabled PSA_WANT_ALG_ECDH 12801 run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \ 12802 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 12803 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \ 12804 0 \ 12805 -c "HTTP/1.0 200 OK" \ 12806 -c "Protocol is TLSv1.3" \ 12807 -c "NamedGroup: secp256r1 ( 17 )" \ 12808 -c "NamedGroup: x25519 ( 1d )" \ 12809 -c "Verifying peer X.509 certificate... ok" \ 12810 -c "received HelloRetryRequest message" \ 12811 -c "selected_group ( 29 )" 12812 12813 requires_gnutls_tls1_3 12814 requires_gnutls_next_no_ticket 12815 requires_config_enabled MBEDTLS_SSL_CLI_C 12816 requires_config_enabled MBEDTLS_DEBUG_C 12817 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12818 requires_config_enabled PSA_WANT_ALG_ECDH 12819 run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \ 12820 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 12821 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \ 12822 0 \ 12823 -c "HTTP/1.0 200 OK" \ 12824 -c "Protocol is TLSv1.3" \ 12825 -c "NamedGroup: secp256r1 ( 17 )" \ 12826 -c "NamedGroup: x448 ( 1e )" \ 12827 -c "Verifying peer X.509 certificate... ok" \ 12828 -c "received HelloRetryRequest message" \ 12829 -c "selected_group ( 30 )" 12830 12831 requires_gnutls_tls1_3 12832 requires_gnutls_next_no_ticket 12833 requires_config_enabled MBEDTLS_SSL_CLI_C 12834 requires_config_enabled MBEDTLS_DEBUG_C 12835 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12836 requires_config_enabled PSA_WANT_ALG_ECDH 12837 requires_config_enabled PSA_WANT_ALG_FFDH 12838 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12839 run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \ 12840 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 12841 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \ 12842 0 \ 12843 -c "HTTP/1.0 200 OK" \ 12844 -c "Protocol is TLSv1.3" \ 12845 -c "NamedGroup: secp256r1 ( 17 )" \ 12846 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12847 -c "Verifying peer X.509 certificate... ok" \ 12848 -c "received HelloRetryRequest message" \ 12849 -c "selected_group ( 256 )" 12850 12851 requires_gnutls_tls1_3 12852 requires_gnutls_next_no_ticket 12853 requires_config_enabled MBEDTLS_SSL_CLI_C 12854 requires_config_enabled MBEDTLS_DEBUG_C 12855 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12856 requires_config_enabled PSA_WANT_ALG_ECDH 12857 run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \ 12858 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 12859 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \ 12860 0 \ 12861 -c "HTTP/1.0 200 OK" \ 12862 -c "Protocol is TLSv1.3" \ 12863 -c "NamedGroup: secp384r1 ( 18 )" \ 12864 -c "NamedGroup: secp256r1 ( 17 )" \ 12865 -c "Verifying peer X.509 certificate... ok" \ 12866 -c "received HelloRetryRequest message" \ 12867 -c "selected_group ( 23 )" 12868 12869 requires_gnutls_tls1_3 12870 requires_gnutls_next_no_ticket 12871 requires_config_enabled MBEDTLS_SSL_CLI_C 12872 requires_config_enabled MBEDTLS_DEBUG_C 12873 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12874 requires_config_enabled PSA_WANT_ALG_ECDH 12875 run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \ 12876 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 12877 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \ 12878 0 \ 12879 -c "HTTP/1.0 200 OK" \ 12880 -c "Protocol is TLSv1.3" \ 12881 -c "NamedGroup: secp384r1 ( 18 )" \ 12882 -c "NamedGroup: secp521r1 ( 19 )" \ 12883 -c "Verifying peer X.509 certificate... ok" \ 12884 -c "received HelloRetryRequest message" \ 12885 -c "selected_group ( 25 )" 12886 12887 requires_gnutls_tls1_3 12888 requires_gnutls_next_no_ticket 12889 requires_config_enabled MBEDTLS_SSL_CLI_C 12890 requires_config_enabled MBEDTLS_DEBUG_C 12891 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12892 requires_config_enabled PSA_WANT_ALG_ECDH 12893 run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \ 12894 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 12895 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \ 12896 0 \ 12897 -c "HTTP/1.0 200 OK" \ 12898 -c "Protocol is TLSv1.3" \ 12899 -c "NamedGroup: secp384r1 ( 18 )" \ 12900 -c "NamedGroup: x25519 ( 1d )" \ 12901 -c "Verifying peer X.509 certificate... ok" \ 12902 -c "received HelloRetryRequest message" \ 12903 -c "selected_group ( 29 )" 12904 12905 requires_gnutls_tls1_3 12906 requires_gnutls_next_no_ticket 12907 requires_config_enabled MBEDTLS_SSL_CLI_C 12908 requires_config_enabled MBEDTLS_DEBUG_C 12909 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12910 requires_config_enabled PSA_WANT_ALG_ECDH 12911 run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \ 12912 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 12913 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \ 12914 0 \ 12915 -c "HTTP/1.0 200 OK" \ 12916 -c "Protocol is TLSv1.3" \ 12917 -c "NamedGroup: secp384r1 ( 18 )" \ 12918 -c "NamedGroup: x448 ( 1e )" \ 12919 -c "Verifying peer X.509 certificate... ok" \ 12920 -c "received HelloRetryRequest message" \ 12921 -c "selected_group ( 30 )" 12922 12923 requires_gnutls_tls1_3 12924 requires_gnutls_next_no_ticket 12925 requires_config_enabled MBEDTLS_SSL_CLI_C 12926 requires_config_enabled MBEDTLS_DEBUG_C 12927 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12928 requires_config_enabled PSA_WANT_ALG_ECDH 12929 requires_config_enabled PSA_WANT_ALG_FFDH 12930 requires_config_enabled PSA_WANT_DH_RFC7919_2048 12931 run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \ 12932 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 12933 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \ 12934 0 \ 12935 -c "HTTP/1.0 200 OK" \ 12936 -c "Protocol is TLSv1.3" \ 12937 -c "NamedGroup: secp384r1 ( 18 )" \ 12938 -c "NamedGroup: ffdhe2048 ( 100 )" \ 12939 -c "Verifying peer X.509 certificate... ok" \ 12940 -c "received HelloRetryRequest message" \ 12941 -c "selected_group ( 256 )" 12942 12943 requires_gnutls_tls1_3 12944 requires_gnutls_next_no_ticket 12945 requires_config_enabled MBEDTLS_SSL_CLI_C 12946 requires_config_enabled MBEDTLS_DEBUG_C 12947 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12948 requires_config_enabled PSA_WANT_ALG_ECDH 12949 run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \ 12950 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 12951 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \ 12952 0 \ 12953 -c "HTTP/1.0 200 OK" \ 12954 -c "Protocol is TLSv1.3" \ 12955 -c "NamedGroup: secp521r1 ( 19 )" \ 12956 -c "NamedGroup: secp256r1 ( 17 )" \ 12957 -c "Verifying peer X.509 certificate... ok" \ 12958 -c "received HelloRetryRequest message" \ 12959 -c "selected_group ( 23 )" 12960 12961 requires_gnutls_tls1_3 12962 requires_gnutls_next_no_ticket 12963 requires_config_enabled MBEDTLS_SSL_CLI_C 12964 requires_config_enabled MBEDTLS_DEBUG_C 12965 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12966 requires_config_enabled PSA_WANT_ALG_ECDH 12967 run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \ 12968 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 12969 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \ 12970 0 \ 12971 -c "HTTP/1.0 200 OK" \ 12972 -c "Protocol is TLSv1.3" \ 12973 -c "NamedGroup: secp521r1 ( 19 )" \ 12974 -c "NamedGroup: secp384r1 ( 18 )" \ 12975 -c "Verifying peer X.509 certificate... ok" \ 12976 -c "received HelloRetryRequest message" \ 12977 -c "selected_group ( 24 )" 12978 12979 requires_gnutls_tls1_3 12980 requires_gnutls_next_no_ticket 12981 requires_config_enabled MBEDTLS_SSL_CLI_C 12982 requires_config_enabled MBEDTLS_DEBUG_C 12983 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12984 requires_config_enabled PSA_WANT_ALG_ECDH 12985 run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \ 12986 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 12987 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \ 12988 0 \ 12989 -c "HTTP/1.0 200 OK" \ 12990 -c "Protocol is TLSv1.3" \ 12991 -c "NamedGroup: secp521r1 ( 19 )" \ 12992 -c "NamedGroup: x25519 ( 1d )" \ 12993 -c "Verifying peer X.509 certificate... ok" \ 12994 -c "received HelloRetryRequest message" \ 12995 -c "selected_group ( 29 )" 12996 12997 requires_gnutls_tls1_3 12998 requires_gnutls_next_no_ticket 12999 requires_config_enabled MBEDTLS_SSL_CLI_C 13000 requires_config_enabled MBEDTLS_DEBUG_C 13001 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13002 requires_config_enabled PSA_WANT_ALG_ECDH 13003 run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \ 13004 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 13005 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \ 13006 0 \ 13007 -c "HTTP/1.0 200 OK" \ 13008 -c "Protocol is TLSv1.3" \ 13009 -c "NamedGroup: secp521r1 ( 19 )" \ 13010 -c "NamedGroup: x448 ( 1e )" \ 13011 -c "Verifying peer X.509 certificate... ok" \ 13012 -c "received HelloRetryRequest message" \ 13013 -c "selected_group ( 30 )" 13014 13015 requires_gnutls_tls1_3 13016 requires_gnutls_next_no_ticket 13017 requires_config_enabled MBEDTLS_SSL_CLI_C 13018 requires_config_enabled MBEDTLS_DEBUG_C 13019 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13020 requires_config_enabled PSA_WANT_ALG_ECDH 13021 requires_config_enabled PSA_WANT_ALG_FFDH 13022 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13023 run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \ 13024 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 13025 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \ 13026 0 \ 13027 -c "HTTP/1.0 200 OK" \ 13028 -c "Protocol is TLSv1.3" \ 13029 -c "NamedGroup: secp521r1 ( 19 )" \ 13030 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13031 -c "Verifying peer X.509 certificate... ok" \ 13032 -c "received HelloRetryRequest message" \ 13033 -c "selected_group ( 256 )" 13034 13035 requires_gnutls_tls1_3 13036 requires_gnutls_next_no_ticket 13037 requires_config_enabled MBEDTLS_SSL_CLI_C 13038 requires_config_enabled MBEDTLS_DEBUG_C 13039 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13040 requires_config_enabled PSA_WANT_ALG_ECDH 13041 run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \ 13042 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 13043 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \ 13044 0 \ 13045 -c "HTTP/1.0 200 OK" \ 13046 -c "Protocol is TLSv1.3" \ 13047 -c "NamedGroup: x25519 ( 1d )" \ 13048 -c "NamedGroup: secp256r1 ( 17 )" \ 13049 -c "Verifying peer X.509 certificate... ok" \ 13050 -c "received HelloRetryRequest message" \ 13051 -c "selected_group ( 23 )" 13052 13053 requires_gnutls_tls1_3 13054 requires_gnutls_next_no_ticket 13055 requires_config_enabled MBEDTLS_SSL_CLI_C 13056 requires_config_enabled MBEDTLS_DEBUG_C 13057 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13058 requires_config_enabled PSA_WANT_ALG_ECDH 13059 run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \ 13060 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 13061 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \ 13062 0 \ 13063 -c "HTTP/1.0 200 OK" \ 13064 -c "Protocol is TLSv1.3" \ 13065 -c "NamedGroup: x25519 ( 1d )" \ 13066 -c "NamedGroup: secp384r1 ( 18 )" \ 13067 -c "Verifying peer X.509 certificate... ok" \ 13068 -c "received HelloRetryRequest message" \ 13069 -c "selected_group ( 24 )" 13070 13071 requires_gnutls_tls1_3 13072 requires_gnutls_next_no_ticket 13073 requires_config_enabled MBEDTLS_SSL_CLI_C 13074 requires_config_enabled MBEDTLS_DEBUG_C 13075 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13076 requires_config_enabled PSA_WANT_ALG_ECDH 13077 run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \ 13078 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 13079 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \ 13080 0 \ 13081 -c "HTTP/1.0 200 OK" \ 13082 -c "Protocol is TLSv1.3" \ 13083 -c "NamedGroup: x25519 ( 1d )" \ 13084 -c "NamedGroup: secp521r1 ( 19 )" \ 13085 -c "Verifying peer X.509 certificate... ok" \ 13086 -c "received HelloRetryRequest message" \ 13087 -c "selected_group ( 25 )" 13088 13089 requires_gnutls_tls1_3 13090 requires_gnutls_next_no_ticket 13091 requires_config_enabled MBEDTLS_SSL_CLI_C 13092 requires_config_enabled MBEDTLS_DEBUG_C 13093 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13094 requires_config_enabled PSA_WANT_ALG_ECDH 13095 run_test "TLS 1.3 m->G: HRR x25519 -> x448" \ 13096 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 13097 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \ 13098 0 \ 13099 -c "HTTP/1.0 200 OK" \ 13100 -c "Protocol is TLSv1.3" \ 13101 -c "NamedGroup: x25519 ( 1d )" \ 13102 -c "NamedGroup: x448 ( 1e )" \ 13103 -c "Verifying peer X.509 certificate... ok" \ 13104 -c "received HelloRetryRequest message" \ 13105 -c "selected_group ( 30 )" 13106 13107 requires_gnutls_tls1_3 13108 requires_gnutls_next_no_ticket 13109 requires_config_enabled MBEDTLS_SSL_CLI_C 13110 requires_config_enabled MBEDTLS_DEBUG_C 13111 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13112 requires_config_enabled PSA_WANT_ALG_ECDH 13113 requires_config_enabled PSA_WANT_ALG_FFDH 13114 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13115 run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \ 13116 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 13117 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \ 13118 0 \ 13119 -c "HTTP/1.0 200 OK" \ 13120 -c "Protocol is TLSv1.3" \ 13121 -c "NamedGroup: x25519 ( 1d )" \ 13122 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13123 -c "Verifying peer X.509 certificate... ok" \ 13124 -c "received HelloRetryRequest message" \ 13125 -c "selected_group ( 256 )" 13126 13127 requires_gnutls_tls1_3 13128 requires_gnutls_next_no_ticket 13129 requires_config_enabled MBEDTLS_SSL_CLI_C 13130 requires_config_enabled MBEDTLS_DEBUG_C 13131 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13132 requires_config_enabled PSA_WANT_ALG_ECDH 13133 run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \ 13134 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 13135 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \ 13136 0 \ 13137 -c "HTTP/1.0 200 OK" \ 13138 -c "Protocol is TLSv1.3" \ 13139 -c "NamedGroup: x448 ( 1e )" \ 13140 -c "NamedGroup: secp256r1 ( 17 )" \ 13141 -c "Verifying peer X.509 certificate... ok" \ 13142 -c "received HelloRetryRequest message" \ 13143 -c "selected_group ( 23 )" 13144 13145 requires_gnutls_tls1_3 13146 requires_gnutls_next_no_ticket 13147 requires_config_enabled MBEDTLS_SSL_CLI_C 13148 requires_config_enabled MBEDTLS_DEBUG_C 13149 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13150 requires_config_enabled PSA_WANT_ALG_ECDH 13151 run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \ 13152 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 13153 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \ 13154 0 \ 13155 -c "HTTP/1.0 200 OK" \ 13156 -c "Protocol is TLSv1.3" \ 13157 -c "NamedGroup: x448 ( 1e )" \ 13158 -c "NamedGroup: secp384r1 ( 18 )" \ 13159 -c "Verifying peer X.509 certificate... ok" \ 13160 -c "received HelloRetryRequest message" \ 13161 -c "selected_group ( 24 )" 13162 13163 requires_gnutls_tls1_3 13164 requires_gnutls_next_no_ticket 13165 requires_config_enabled MBEDTLS_SSL_CLI_C 13166 requires_config_enabled MBEDTLS_DEBUG_C 13167 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13168 requires_config_enabled PSA_WANT_ALG_ECDH 13169 run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \ 13170 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 13171 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \ 13172 0 \ 13173 -c "HTTP/1.0 200 OK" \ 13174 -c "Protocol is TLSv1.3" \ 13175 -c "NamedGroup: x448 ( 1e )" \ 13176 -c "NamedGroup: secp521r1 ( 19 )" \ 13177 -c "Verifying peer X.509 certificate... ok" \ 13178 -c "received HelloRetryRequest message" \ 13179 -c "selected_group ( 25 )" 13180 13181 requires_gnutls_tls1_3 13182 requires_gnutls_next_no_ticket 13183 requires_config_enabled MBEDTLS_SSL_CLI_C 13184 requires_config_enabled MBEDTLS_DEBUG_C 13185 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13186 requires_config_enabled PSA_WANT_ALG_ECDH 13187 run_test "TLS 1.3 m->G: HRR x448 -> x25519" \ 13188 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 13189 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \ 13190 0 \ 13191 -c "HTTP/1.0 200 OK" \ 13192 -c "Protocol is TLSv1.3" \ 13193 -c "NamedGroup: x448 ( 1e )" \ 13194 -c "NamedGroup: x25519 ( 1d )" \ 13195 -c "Verifying peer X.509 certificate... ok" \ 13196 -c "received HelloRetryRequest message" \ 13197 -c "selected_group ( 29 )" 13198 13199 requires_gnutls_tls1_3 13200 requires_gnutls_next_no_ticket 13201 requires_config_enabled MBEDTLS_SSL_CLI_C 13202 requires_config_enabled MBEDTLS_DEBUG_C 13203 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13204 requires_config_enabled PSA_WANT_ALG_ECDH 13205 requires_config_enabled PSA_WANT_ALG_FFDH 13206 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13207 run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \ 13208 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ 13209 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \ 13210 0 \ 13211 -c "HTTP/1.0 200 OK" \ 13212 -c "Protocol is TLSv1.3" \ 13213 -c "NamedGroup: x448 ( 1e )" \ 13214 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13215 -c "Verifying peer X.509 certificate... ok" \ 13216 -c "received HelloRetryRequest message" \ 13217 -c "selected_group ( 256 )" 13218 13219 requires_gnutls_tls1_3 13220 requires_gnutls_next_no_ticket 13221 requires_config_enabled MBEDTLS_SSL_CLI_C 13222 requires_config_enabled MBEDTLS_DEBUG_C 13223 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13224 requires_config_enabled PSA_WANT_ALG_ECDH 13225 requires_config_enabled PSA_WANT_ALG_FFDH 13226 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13227 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \ 13228 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ 13229 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \ 13230 0 \ 13231 -c "HTTP/1.0 200 OK" \ 13232 -c "Protocol is TLSv1.3" \ 13233 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13234 -c "NamedGroup: secp256r1 ( 17 )" \ 13235 -c "Verifying peer X.509 certificate... ok" \ 13236 -c "received HelloRetryRequest message" \ 13237 -c "selected_group ( 23 )" 13238 13239 requires_gnutls_tls1_3 13240 requires_gnutls_next_no_ticket 13241 requires_config_enabled MBEDTLS_SSL_CLI_C 13242 requires_config_enabled MBEDTLS_DEBUG_C 13243 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13244 requires_config_enabled PSA_WANT_ALG_ECDH 13245 requires_config_enabled PSA_WANT_ALG_FFDH 13246 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13247 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \ 13248 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ 13249 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \ 13250 0 \ 13251 -c "HTTP/1.0 200 OK" \ 13252 -c "Protocol is TLSv1.3" \ 13253 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13254 -c "NamedGroup: secp384r1 ( 18 )" \ 13255 -c "Verifying peer X.509 certificate... ok" \ 13256 -c "received HelloRetryRequest message" \ 13257 -c "selected_group ( 24 )" 13258 13259 requires_gnutls_tls1_3 13260 requires_gnutls_next_no_ticket 13261 requires_config_enabled MBEDTLS_SSL_CLI_C 13262 requires_config_enabled MBEDTLS_DEBUG_C 13263 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13264 requires_config_enabled PSA_WANT_ALG_ECDH 13265 requires_config_enabled PSA_WANT_ALG_FFDH 13266 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13267 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \ 13268 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ 13269 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \ 13270 0 \ 13271 -c "HTTP/1.0 200 OK" \ 13272 -c "Protocol is TLSv1.3" \ 13273 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13274 -c "NamedGroup: secp521r1 ( 19 )" \ 13275 -c "Verifying peer X.509 certificate... ok" \ 13276 -c "received HelloRetryRequest message" \ 13277 -c "selected_group ( 25 )" 13278 13279 requires_gnutls_tls1_3 13280 requires_gnutls_next_no_ticket 13281 requires_config_enabled MBEDTLS_SSL_CLI_C 13282 requires_config_enabled MBEDTLS_DEBUG_C 13283 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13284 requires_config_enabled PSA_WANT_ALG_ECDH 13285 requires_config_enabled PSA_WANT_ALG_FFDH 13286 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13287 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \ 13288 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ 13289 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \ 13290 0 \ 13291 -c "HTTP/1.0 200 OK" \ 13292 -c "Protocol is TLSv1.3" \ 13293 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13294 -c "NamedGroup: x25519 ( 1d )" \ 13295 -c "Verifying peer X.509 certificate... ok" \ 13296 -c "received HelloRetryRequest message" \ 13297 -c "selected_group ( 29 )" 13298 13299 requires_gnutls_tls1_3 13300 requires_gnutls_next_no_ticket 13301 requires_config_enabled MBEDTLS_SSL_CLI_C 13302 requires_config_enabled MBEDTLS_DEBUG_C 13303 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13304 requires_config_enabled PSA_WANT_ALG_ECDH 13305 requires_config_enabled PSA_WANT_ALG_FFDH 13306 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13307 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \ 13308 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ 13309 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \ 13310 0 \ 13311 -c "HTTP/1.0 200 OK" \ 13312 -c "Protocol is TLSv1.3" \ 13313 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13314 -c "NamedGroup: x448 ( 1e )" \ 13315 -c "Verifying peer X.509 certificate... ok" \ 13316 -c "received HelloRetryRequest message" \ 13317 -c "selected_group ( 30 )" 13318 13319 requires_config_enabled MBEDTLS_SSL_SRV_C 13320 requires_config_enabled MBEDTLS_DEBUG_C 13321 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13322 requires_config_enabled PSA_WANT_ALG_ECDH 13323 requires_config_enabled MBEDTLS_SSL_CLI_C 13324 requires_config_enabled MBEDTLS_DEBUG_C 13325 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13326 requires_config_enabled PSA_WANT_ALG_ECDH 13327 run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \ 13328 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13329 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \ 13330 0 \ 13331 -s "Protocol is TLSv1.3" \ 13332 -s "got named group: secp384r1(0018)" \ 13333 -s "Certificate verification was skipped" \ 13334 -c "Protocol is TLSv1.3" \ 13335 -c "NamedGroup: secp256r1 ( 17 )" \ 13336 -c "NamedGroup: secp384r1 ( 18 )" \ 13337 -c "Verifying peer X.509 certificate... ok" \ 13338 -s "HRR selected_group: secp384r1" \ 13339 -c "received HelloRetryRequest message" \ 13340 -c "selected_group ( 24 )" 13341 13342 requires_config_enabled MBEDTLS_SSL_SRV_C 13343 requires_config_enabled MBEDTLS_DEBUG_C 13344 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13345 requires_config_enabled PSA_WANT_ALG_ECDH 13346 requires_config_enabled MBEDTLS_SSL_CLI_C 13347 requires_config_enabled MBEDTLS_DEBUG_C 13348 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13349 requires_config_enabled PSA_WANT_ALG_ECDH 13350 run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \ 13351 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13352 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \ 13353 0 \ 13354 -s "Protocol is TLSv1.3" \ 13355 -s "got named group: secp521r1(0019)" \ 13356 -s "Certificate verification was skipped" \ 13357 -c "Protocol is TLSv1.3" \ 13358 -c "NamedGroup: secp256r1 ( 17 )" \ 13359 -c "NamedGroup: secp521r1 ( 19 )" \ 13360 -c "Verifying peer X.509 certificate... ok" \ 13361 -s "HRR selected_group: secp521r1" \ 13362 -c "received HelloRetryRequest message" \ 13363 -c "selected_group ( 25 )" 13364 13365 requires_config_enabled MBEDTLS_SSL_SRV_C 13366 requires_config_enabled MBEDTLS_DEBUG_C 13367 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13368 requires_config_enabled PSA_WANT_ALG_ECDH 13369 requires_config_enabled MBEDTLS_SSL_CLI_C 13370 requires_config_enabled MBEDTLS_DEBUG_C 13371 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13372 requires_config_enabled PSA_WANT_ALG_ECDH 13373 run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \ 13374 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13375 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \ 13376 0 \ 13377 -s "Protocol is TLSv1.3" \ 13378 -s "got named group: x25519(001d)" \ 13379 -s "Certificate verification was skipped" \ 13380 -c "Protocol is TLSv1.3" \ 13381 -c "NamedGroup: secp256r1 ( 17 )" \ 13382 -c "NamedGroup: x25519 ( 1d )" \ 13383 -c "Verifying peer X.509 certificate... ok" \ 13384 -s "HRR selected_group: x25519" \ 13385 -c "received HelloRetryRequest message" \ 13386 -c "selected_group ( 29 )" 13387 13388 requires_config_enabled MBEDTLS_SSL_SRV_C 13389 requires_config_enabled MBEDTLS_DEBUG_C 13390 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13391 requires_config_enabled PSA_WANT_ALG_ECDH 13392 requires_config_enabled MBEDTLS_SSL_CLI_C 13393 requires_config_enabled MBEDTLS_DEBUG_C 13394 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13395 requires_config_enabled PSA_WANT_ALG_ECDH 13396 run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \ 13397 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13398 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \ 13399 0 \ 13400 -s "Protocol is TLSv1.3" \ 13401 -s "got named group: x448(001e)" \ 13402 -s "Certificate verification was skipped" \ 13403 -c "Protocol is TLSv1.3" \ 13404 -c "NamedGroup: secp256r1 ( 17 )" \ 13405 -c "NamedGroup: x448 ( 1e )" \ 13406 -c "Verifying peer X.509 certificate... ok" \ 13407 -s "HRR selected_group: x448" \ 13408 -c "received HelloRetryRequest message" \ 13409 -c "selected_group ( 30 )" 13410 13411 requires_config_enabled MBEDTLS_SSL_SRV_C 13412 requires_config_enabled MBEDTLS_DEBUG_C 13413 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13414 requires_config_enabled PSA_WANT_ALG_FFDH 13415 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13416 requires_config_enabled MBEDTLS_SSL_CLI_C 13417 requires_config_enabled MBEDTLS_DEBUG_C 13418 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13419 requires_config_enabled PSA_WANT_ALG_ECDH 13420 requires_config_enabled PSA_WANT_ALG_FFDH 13421 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13422 run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \ 13423 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13424 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \ 13425 0 \ 13426 -s "Protocol is TLSv1.3" \ 13427 -s "got named group: ffdhe2048(0100)" \ 13428 -s "Certificate verification was skipped" \ 13429 -c "Protocol is TLSv1.3" \ 13430 -c "NamedGroup: secp256r1 ( 17 )" \ 13431 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13432 -c "Verifying peer X.509 certificate... ok" \ 13433 -s "HRR selected_group: ffdhe2048" \ 13434 -c "received HelloRetryRequest message" \ 13435 -c "selected_group ( 256 )" 13436 13437 requires_config_enabled MBEDTLS_SSL_SRV_C 13438 requires_config_enabled MBEDTLS_DEBUG_C 13439 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13440 requires_config_enabled PSA_WANT_ALG_ECDH 13441 requires_config_enabled MBEDTLS_SSL_CLI_C 13442 requires_config_enabled MBEDTLS_DEBUG_C 13443 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13444 requires_config_enabled PSA_WANT_ALG_ECDH 13445 run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \ 13446 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13447 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \ 13448 0 \ 13449 -s "Protocol is TLSv1.3" \ 13450 -s "got named group: secp256r1(0017)" \ 13451 -s "Certificate verification was skipped" \ 13452 -c "Protocol is TLSv1.3" \ 13453 -c "NamedGroup: secp384r1 ( 18 )" \ 13454 -c "NamedGroup: secp256r1 ( 17 )" \ 13455 -c "Verifying peer X.509 certificate... ok" \ 13456 -s "HRR selected_group: secp256r1" \ 13457 -c "received HelloRetryRequest message" \ 13458 -c "selected_group ( 23 )" 13459 13460 requires_config_enabled MBEDTLS_SSL_SRV_C 13461 requires_config_enabled MBEDTLS_DEBUG_C 13462 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13463 requires_config_enabled PSA_WANT_ALG_ECDH 13464 requires_config_enabled MBEDTLS_SSL_CLI_C 13465 requires_config_enabled MBEDTLS_DEBUG_C 13466 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13467 requires_config_enabled PSA_WANT_ALG_ECDH 13468 run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \ 13469 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13470 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \ 13471 0 \ 13472 -s "Protocol is TLSv1.3" \ 13473 -s "got named group: secp521r1(0019)" \ 13474 -s "Certificate verification was skipped" \ 13475 -c "Protocol is TLSv1.3" \ 13476 -c "NamedGroup: secp384r1 ( 18 )" \ 13477 -c "NamedGroup: secp521r1 ( 19 )" \ 13478 -c "Verifying peer X.509 certificate... ok" \ 13479 -s "HRR selected_group: secp521r1" \ 13480 -c "received HelloRetryRequest message" \ 13481 -c "selected_group ( 25 )" 13482 13483 requires_config_enabled MBEDTLS_SSL_SRV_C 13484 requires_config_enabled MBEDTLS_DEBUG_C 13485 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13486 requires_config_enabled PSA_WANT_ALG_ECDH 13487 requires_config_enabled MBEDTLS_SSL_CLI_C 13488 requires_config_enabled MBEDTLS_DEBUG_C 13489 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13490 requires_config_enabled PSA_WANT_ALG_ECDH 13491 run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \ 13492 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13493 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \ 13494 0 \ 13495 -s "Protocol is TLSv1.3" \ 13496 -s "got named group: x25519(001d)" \ 13497 -s "Certificate verification was skipped" \ 13498 -c "Protocol is TLSv1.3" \ 13499 -c "NamedGroup: secp384r1 ( 18 )" \ 13500 -c "NamedGroup: x25519 ( 1d )" \ 13501 -c "Verifying peer X.509 certificate... ok" \ 13502 -s "HRR selected_group: x25519" \ 13503 -c "received HelloRetryRequest message" \ 13504 -c "selected_group ( 29 )" 13505 13506 requires_config_enabled MBEDTLS_SSL_SRV_C 13507 requires_config_enabled MBEDTLS_DEBUG_C 13508 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13509 requires_config_enabled PSA_WANT_ALG_ECDH 13510 requires_config_enabled MBEDTLS_SSL_CLI_C 13511 requires_config_enabled MBEDTLS_DEBUG_C 13512 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13513 requires_config_enabled PSA_WANT_ALG_ECDH 13514 run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \ 13515 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13516 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \ 13517 0 \ 13518 -s "Protocol is TLSv1.3" \ 13519 -s "got named group: x448(001e)" \ 13520 -s "Certificate verification was skipped" \ 13521 -c "Protocol is TLSv1.3" \ 13522 -c "NamedGroup: secp384r1 ( 18 )" \ 13523 -c "NamedGroup: x448 ( 1e )" \ 13524 -c "Verifying peer X.509 certificate... ok" \ 13525 -s "HRR selected_group: x448" \ 13526 -c "received HelloRetryRequest message" \ 13527 -c "selected_group ( 30 )" 13528 13529 requires_config_enabled MBEDTLS_SSL_SRV_C 13530 requires_config_enabled MBEDTLS_DEBUG_C 13531 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13532 requires_config_enabled PSA_WANT_ALG_FFDH 13533 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13534 requires_config_enabled MBEDTLS_SSL_CLI_C 13535 requires_config_enabled MBEDTLS_DEBUG_C 13536 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13537 requires_config_enabled PSA_WANT_ALG_ECDH 13538 requires_config_enabled PSA_WANT_ALG_FFDH 13539 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13540 run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \ 13541 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13542 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \ 13543 0 \ 13544 -s "Protocol is TLSv1.3" \ 13545 -s "got named group: ffdhe2048(0100)" \ 13546 -s "Certificate verification was skipped" \ 13547 -c "Protocol is TLSv1.3" \ 13548 -c "NamedGroup: secp384r1 ( 18 )" \ 13549 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13550 -c "Verifying peer X.509 certificate... ok" \ 13551 -s "HRR selected_group: ffdhe2048" \ 13552 -c "received HelloRetryRequest message" \ 13553 -c "selected_group ( 256 )" 13554 13555 requires_config_enabled MBEDTLS_SSL_SRV_C 13556 requires_config_enabled MBEDTLS_DEBUG_C 13557 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13558 requires_config_enabled PSA_WANT_ALG_ECDH 13559 requires_config_enabled MBEDTLS_SSL_CLI_C 13560 requires_config_enabled MBEDTLS_DEBUG_C 13561 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13562 requires_config_enabled PSA_WANT_ALG_ECDH 13563 run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \ 13564 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13565 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \ 13566 0 \ 13567 -s "Protocol is TLSv1.3" \ 13568 -s "got named group: secp256r1(0017)" \ 13569 -s "Certificate verification was skipped" \ 13570 -c "Protocol is TLSv1.3" \ 13571 -c "NamedGroup: secp521r1 ( 19 )" \ 13572 -c "NamedGroup: secp256r1 ( 17 )" \ 13573 -c "Verifying peer X.509 certificate... ok" \ 13574 -s "HRR selected_group: secp256r1" \ 13575 -c "received HelloRetryRequest message" \ 13576 -c "selected_group ( 23 )" 13577 13578 requires_config_enabled MBEDTLS_SSL_SRV_C 13579 requires_config_enabled MBEDTLS_DEBUG_C 13580 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13581 requires_config_enabled PSA_WANT_ALG_ECDH 13582 requires_config_enabled MBEDTLS_SSL_CLI_C 13583 requires_config_enabled MBEDTLS_DEBUG_C 13584 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13585 requires_config_enabled PSA_WANT_ALG_ECDH 13586 run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \ 13587 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13588 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \ 13589 0 \ 13590 -s "Protocol is TLSv1.3" \ 13591 -s "got named group: secp384r1(0018)" \ 13592 -s "Certificate verification was skipped" \ 13593 -c "Protocol is TLSv1.3" \ 13594 -c "NamedGroup: secp521r1 ( 19 )" \ 13595 -c "NamedGroup: secp384r1 ( 18 )" \ 13596 -c "Verifying peer X.509 certificate... ok" \ 13597 -s "HRR selected_group: secp384r1" \ 13598 -c "received HelloRetryRequest message" \ 13599 -c "selected_group ( 24 )" 13600 13601 requires_config_enabled MBEDTLS_SSL_SRV_C 13602 requires_config_enabled MBEDTLS_DEBUG_C 13603 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13604 requires_config_enabled PSA_WANT_ALG_ECDH 13605 requires_config_enabled MBEDTLS_SSL_CLI_C 13606 requires_config_enabled MBEDTLS_DEBUG_C 13607 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13608 requires_config_enabled PSA_WANT_ALG_ECDH 13609 run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \ 13610 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13611 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \ 13612 0 \ 13613 -s "Protocol is TLSv1.3" \ 13614 -s "got named group: x25519(001d)" \ 13615 -s "Certificate verification was skipped" \ 13616 -c "Protocol is TLSv1.3" \ 13617 -c "NamedGroup: secp521r1 ( 19 )" \ 13618 -c "NamedGroup: x25519 ( 1d )" \ 13619 -c "Verifying peer X.509 certificate... ok" \ 13620 -s "HRR selected_group: x25519" \ 13621 -c "received HelloRetryRequest message" \ 13622 -c "selected_group ( 29 )" 13623 13624 requires_config_enabled MBEDTLS_SSL_SRV_C 13625 requires_config_enabled MBEDTLS_DEBUG_C 13626 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13627 requires_config_enabled PSA_WANT_ALG_ECDH 13628 requires_config_enabled MBEDTLS_SSL_CLI_C 13629 requires_config_enabled MBEDTLS_DEBUG_C 13630 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13631 requires_config_enabled PSA_WANT_ALG_ECDH 13632 run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \ 13633 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13634 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \ 13635 0 \ 13636 -s "Protocol is TLSv1.3" \ 13637 -s "got named group: x448(001e)" \ 13638 -s "Certificate verification was skipped" \ 13639 -c "Protocol is TLSv1.3" \ 13640 -c "NamedGroup: secp521r1 ( 19 )" \ 13641 -c "NamedGroup: x448 ( 1e )" \ 13642 -c "Verifying peer X.509 certificate... ok" \ 13643 -s "HRR selected_group: x448" \ 13644 -c "received HelloRetryRequest message" \ 13645 -c "selected_group ( 30 )" 13646 13647 requires_config_enabled MBEDTLS_SSL_SRV_C 13648 requires_config_enabled MBEDTLS_DEBUG_C 13649 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13650 requires_config_enabled PSA_WANT_ALG_FFDH 13651 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13652 requires_config_enabled MBEDTLS_SSL_CLI_C 13653 requires_config_enabled MBEDTLS_DEBUG_C 13654 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13655 requires_config_enabled PSA_WANT_ALG_ECDH 13656 requires_config_enabled PSA_WANT_ALG_FFDH 13657 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13658 run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \ 13659 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13660 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \ 13661 0 \ 13662 -s "Protocol is TLSv1.3" \ 13663 -s "got named group: ffdhe2048(0100)" \ 13664 -s "Certificate verification was skipped" \ 13665 -c "Protocol is TLSv1.3" \ 13666 -c "NamedGroup: secp521r1 ( 19 )" \ 13667 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13668 -c "Verifying peer X.509 certificate... ok" \ 13669 -s "HRR selected_group: ffdhe2048" \ 13670 -c "received HelloRetryRequest message" \ 13671 -c "selected_group ( 256 )" 13672 13673 requires_config_enabled MBEDTLS_SSL_SRV_C 13674 requires_config_enabled MBEDTLS_DEBUG_C 13675 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13676 requires_config_enabled PSA_WANT_ALG_ECDH 13677 requires_config_enabled MBEDTLS_SSL_CLI_C 13678 requires_config_enabled MBEDTLS_DEBUG_C 13679 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13680 requires_config_enabled PSA_WANT_ALG_ECDH 13681 run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \ 13682 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13683 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \ 13684 0 \ 13685 -s "Protocol is TLSv1.3" \ 13686 -s "got named group: secp256r1(0017)" \ 13687 -s "Certificate verification was skipped" \ 13688 -c "Protocol is TLSv1.3" \ 13689 -c "NamedGroup: x25519 ( 1d )" \ 13690 -c "NamedGroup: secp256r1 ( 17 )" \ 13691 -c "Verifying peer X.509 certificate... ok" \ 13692 -s "HRR selected_group: secp256r1" \ 13693 -c "received HelloRetryRequest message" \ 13694 -c "selected_group ( 23 )" 13695 13696 requires_config_enabled MBEDTLS_SSL_SRV_C 13697 requires_config_enabled MBEDTLS_DEBUG_C 13698 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13699 requires_config_enabled PSA_WANT_ALG_ECDH 13700 requires_config_enabled MBEDTLS_SSL_CLI_C 13701 requires_config_enabled MBEDTLS_DEBUG_C 13702 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13703 requires_config_enabled PSA_WANT_ALG_ECDH 13704 run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \ 13705 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13706 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \ 13707 0 \ 13708 -s "Protocol is TLSv1.3" \ 13709 -s "got named group: secp384r1(0018)" \ 13710 -s "Certificate verification was skipped" \ 13711 -c "Protocol is TLSv1.3" \ 13712 -c "NamedGroup: x25519 ( 1d )" \ 13713 -c "NamedGroup: secp384r1 ( 18 )" \ 13714 -c "Verifying peer X.509 certificate... ok" \ 13715 -s "HRR selected_group: secp384r1" \ 13716 -c "received HelloRetryRequest message" \ 13717 -c "selected_group ( 24 )" 13718 13719 requires_config_enabled MBEDTLS_SSL_SRV_C 13720 requires_config_enabled MBEDTLS_DEBUG_C 13721 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13722 requires_config_enabled PSA_WANT_ALG_ECDH 13723 requires_config_enabled MBEDTLS_SSL_CLI_C 13724 requires_config_enabled MBEDTLS_DEBUG_C 13725 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13726 requires_config_enabled PSA_WANT_ALG_ECDH 13727 run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \ 13728 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13729 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \ 13730 0 \ 13731 -s "Protocol is TLSv1.3" \ 13732 -s "got named group: secp521r1(0019)" \ 13733 -s "Certificate verification was skipped" \ 13734 -c "Protocol is TLSv1.3" \ 13735 -c "NamedGroup: x25519 ( 1d )" \ 13736 -c "NamedGroup: secp521r1 ( 19 )" \ 13737 -c "Verifying peer X.509 certificate... ok" \ 13738 -s "HRR selected_group: secp521r1" \ 13739 -c "received HelloRetryRequest message" \ 13740 -c "selected_group ( 25 )" 13741 13742 requires_config_enabled MBEDTLS_SSL_SRV_C 13743 requires_config_enabled MBEDTLS_DEBUG_C 13744 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13745 requires_config_enabled PSA_WANT_ALG_ECDH 13746 requires_config_enabled MBEDTLS_SSL_CLI_C 13747 requires_config_enabled MBEDTLS_DEBUG_C 13748 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13749 requires_config_enabled PSA_WANT_ALG_ECDH 13750 run_test "TLS 1.3 m->m: HRR x25519 -> x448" \ 13751 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13752 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \ 13753 0 \ 13754 -s "Protocol is TLSv1.3" \ 13755 -s "got named group: x448(001e)" \ 13756 -s "Certificate verification was skipped" \ 13757 -c "Protocol is TLSv1.3" \ 13758 -c "NamedGroup: x25519 ( 1d )" \ 13759 -c "NamedGroup: x448 ( 1e )" \ 13760 -c "Verifying peer X.509 certificate... ok" \ 13761 -s "HRR selected_group: x448" \ 13762 -c "received HelloRetryRequest message" \ 13763 -c "selected_group ( 30 )" 13764 13765 requires_config_enabled MBEDTLS_SSL_SRV_C 13766 requires_config_enabled MBEDTLS_DEBUG_C 13767 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13768 requires_config_enabled PSA_WANT_ALG_FFDH 13769 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13770 requires_config_enabled MBEDTLS_SSL_CLI_C 13771 requires_config_enabled MBEDTLS_DEBUG_C 13772 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13773 requires_config_enabled PSA_WANT_ALG_ECDH 13774 requires_config_enabled PSA_WANT_ALG_FFDH 13775 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13776 run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \ 13777 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13778 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \ 13779 0 \ 13780 -s "Protocol is TLSv1.3" \ 13781 -s "got named group: ffdhe2048(0100)" \ 13782 -s "Certificate verification was skipped" \ 13783 -c "Protocol is TLSv1.3" \ 13784 -c "NamedGroup: x25519 ( 1d )" \ 13785 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13786 -c "Verifying peer X.509 certificate... ok" \ 13787 -s "HRR selected_group: ffdhe2048" \ 13788 -c "received HelloRetryRequest message" \ 13789 -c "selected_group ( 256 )" 13790 13791 requires_config_enabled MBEDTLS_SSL_SRV_C 13792 requires_config_enabled MBEDTLS_DEBUG_C 13793 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13794 requires_config_enabled PSA_WANT_ALG_ECDH 13795 requires_config_enabled MBEDTLS_SSL_CLI_C 13796 requires_config_enabled MBEDTLS_DEBUG_C 13797 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13798 requires_config_enabled PSA_WANT_ALG_ECDH 13799 run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \ 13800 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13801 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \ 13802 0 \ 13803 -s "Protocol is TLSv1.3" \ 13804 -s "got named group: secp256r1(0017)" \ 13805 -s "Certificate verification was skipped" \ 13806 -c "Protocol is TLSv1.3" \ 13807 -c "NamedGroup: x448 ( 1e )" \ 13808 -c "NamedGroup: secp256r1 ( 17 )" \ 13809 -c "Verifying peer X.509 certificate... ok" \ 13810 -s "HRR selected_group: secp256r1" \ 13811 -c "received HelloRetryRequest message" \ 13812 -c "selected_group ( 23 )" 13813 13814 requires_config_enabled MBEDTLS_SSL_SRV_C 13815 requires_config_enabled MBEDTLS_DEBUG_C 13816 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13817 requires_config_enabled PSA_WANT_ALG_ECDH 13818 requires_config_enabled MBEDTLS_SSL_CLI_C 13819 requires_config_enabled MBEDTLS_DEBUG_C 13820 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13821 requires_config_enabled PSA_WANT_ALG_ECDH 13822 run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \ 13823 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13824 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \ 13825 0 \ 13826 -s "Protocol is TLSv1.3" \ 13827 -s "got named group: secp384r1(0018)" \ 13828 -s "Certificate verification was skipped" \ 13829 -c "Protocol is TLSv1.3" \ 13830 -c "NamedGroup: x448 ( 1e )" \ 13831 -c "NamedGroup: secp384r1 ( 18 )" \ 13832 -c "Verifying peer X.509 certificate... ok" \ 13833 -s "HRR selected_group: secp384r1" \ 13834 -c "received HelloRetryRequest message" \ 13835 -c "selected_group ( 24 )" 13836 13837 requires_config_enabled MBEDTLS_SSL_SRV_C 13838 requires_config_enabled MBEDTLS_DEBUG_C 13839 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13840 requires_config_enabled PSA_WANT_ALG_ECDH 13841 requires_config_enabled MBEDTLS_SSL_CLI_C 13842 requires_config_enabled MBEDTLS_DEBUG_C 13843 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13844 requires_config_enabled PSA_WANT_ALG_ECDH 13845 run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \ 13846 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13847 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \ 13848 0 \ 13849 -s "Protocol is TLSv1.3" \ 13850 -s "got named group: secp521r1(0019)" \ 13851 -s "Certificate verification was skipped" \ 13852 -c "Protocol is TLSv1.3" \ 13853 -c "NamedGroup: x448 ( 1e )" \ 13854 -c "NamedGroup: secp521r1 ( 19 )" \ 13855 -c "Verifying peer X.509 certificate... ok" \ 13856 -s "HRR selected_group: secp521r1" \ 13857 -c "received HelloRetryRequest message" \ 13858 -c "selected_group ( 25 )" 13859 13860 requires_config_enabled MBEDTLS_SSL_SRV_C 13861 requires_config_enabled MBEDTLS_DEBUG_C 13862 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13863 requires_config_enabled PSA_WANT_ALG_ECDH 13864 requires_config_enabled MBEDTLS_SSL_CLI_C 13865 requires_config_enabled MBEDTLS_DEBUG_C 13866 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13867 requires_config_enabled PSA_WANT_ALG_ECDH 13868 run_test "TLS 1.3 m->m: HRR x448 -> x25519" \ 13869 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13870 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \ 13871 0 \ 13872 -s "Protocol is TLSv1.3" \ 13873 -s "got named group: x25519(001d)" \ 13874 -s "Certificate verification was skipped" \ 13875 -c "Protocol is TLSv1.3" \ 13876 -c "NamedGroup: x448 ( 1e )" \ 13877 -c "NamedGroup: x25519 ( 1d )" \ 13878 -c "Verifying peer X.509 certificate... ok" \ 13879 -s "HRR selected_group: x25519" \ 13880 -c "received HelloRetryRequest message" \ 13881 -c "selected_group ( 29 )" 13882 13883 requires_config_enabled MBEDTLS_SSL_SRV_C 13884 requires_config_enabled MBEDTLS_DEBUG_C 13885 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13886 requires_config_enabled PSA_WANT_ALG_FFDH 13887 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13888 requires_config_enabled MBEDTLS_SSL_CLI_C 13889 requires_config_enabled MBEDTLS_DEBUG_C 13890 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13891 requires_config_enabled PSA_WANT_ALG_ECDH 13892 requires_config_enabled PSA_WANT_ALG_FFDH 13893 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13894 run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \ 13895 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13896 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \ 13897 0 \ 13898 -s "Protocol is TLSv1.3" \ 13899 -s "got named group: ffdhe2048(0100)" \ 13900 -s "Certificate verification was skipped" \ 13901 -c "Protocol is TLSv1.3" \ 13902 -c "NamedGroup: x448 ( 1e )" \ 13903 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13904 -c "Verifying peer X.509 certificate... ok" \ 13905 -s "HRR selected_group: ffdhe2048" \ 13906 -c "received HelloRetryRequest message" \ 13907 -c "selected_group ( 256 )" 13908 13909 requires_config_enabled MBEDTLS_SSL_SRV_C 13910 requires_config_enabled MBEDTLS_DEBUG_C 13911 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13912 requires_config_enabled PSA_WANT_ALG_ECDH 13913 requires_config_enabled MBEDTLS_SSL_CLI_C 13914 requires_config_enabled MBEDTLS_DEBUG_C 13915 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13916 requires_config_enabled PSA_WANT_ALG_ECDH 13917 requires_config_enabled PSA_WANT_ALG_FFDH 13918 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13919 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \ 13920 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13921 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \ 13922 0 \ 13923 -s "Protocol is TLSv1.3" \ 13924 -s "got named group: secp256r1(0017)" \ 13925 -s "Certificate verification was skipped" \ 13926 -c "Protocol is TLSv1.3" \ 13927 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13928 -c "NamedGroup: secp256r1 ( 17 )" \ 13929 -c "Verifying peer X.509 certificate... ok" \ 13930 -s "HRR selected_group: secp256r1" \ 13931 -c "received HelloRetryRequest message" \ 13932 -c "selected_group ( 23 )" 13933 13934 requires_config_enabled MBEDTLS_SSL_SRV_C 13935 requires_config_enabled MBEDTLS_DEBUG_C 13936 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13937 requires_config_enabled PSA_WANT_ALG_ECDH 13938 requires_config_enabled MBEDTLS_SSL_CLI_C 13939 requires_config_enabled MBEDTLS_DEBUG_C 13940 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13941 requires_config_enabled PSA_WANT_ALG_ECDH 13942 requires_config_enabled PSA_WANT_ALG_FFDH 13943 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13944 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \ 13945 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13946 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \ 13947 0 \ 13948 -s "Protocol is TLSv1.3" \ 13949 -s "got named group: secp384r1(0018)" \ 13950 -s "Certificate verification was skipped" \ 13951 -c "Protocol is TLSv1.3" \ 13952 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13953 -c "NamedGroup: secp384r1 ( 18 )" \ 13954 -c "Verifying peer X.509 certificate... ok" \ 13955 -s "HRR selected_group: secp384r1" \ 13956 -c "received HelloRetryRequest message" \ 13957 -c "selected_group ( 24 )" 13958 13959 requires_config_enabled MBEDTLS_SSL_SRV_C 13960 requires_config_enabled MBEDTLS_DEBUG_C 13961 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13962 requires_config_enabled PSA_WANT_ALG_ECDH 13963 requires_config_enabled MBEDTLS_SSL_CLI_C 13964 requires_config_enabled MBEDTLS_DEBUG_C 13965 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13966 requires_config_enabled PSA_WANT_ALG_ECDH 13967 requires_config_enabled PSA_WANT_ALG_FFDH 13968 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13969 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \ 13970 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13971 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \ 13972 0 \ 13973 -s "Protocol is TLSv1.3" \ 13974 -s "got named group: secp521r1(0019)" \ 13975 -s "Certificate verification was skipped" \ 13976 -c "Protocol is TLSv1.3" \ 13977 -c "NamedGroup: ffdhe2048 ( 100 )" \ 13978 -c "NamedGroup: secp521r1 ( 19 )" \ 13979 -c "Verifying peer X.509 certificate... ok" \ 13980 -s "HRR selected_group: secp521r1" \ 13981 -c "received HelloRetryRequest message" \ 13982 -c "selected_group ( 25 )" 13983 13984 requires_config_enabled MBEDTLS_SSL_SRV_C 13985 requires_config_enabled MBEDTLS_DEBUG_C 13986 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13987 requires_config_enabled PSA_WANT_ALG_ECDH 13988 requires_config_enabled MBEDTLS_SSL_CLI_C 13989 requires_config_enabled MBEDTLS_DEBUG_C 13990 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13991 requires_config_enabled PSA_WANT_ALG_ECDH 13992 requires_config_enabled PSA_WANT_ALG_FFDH 13993 requires_config_enabled PSA_WANT_DH_RFC7919_2048 13994 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \ 13995 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13996 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \ 13997 0 \ 13998 -s "Protocol is TLSv1.3" \ 13999 -s "got named group: x25519(001d)" \ 14000 -s "Certificate verification was skipped" \ 14001 -c "Protocol is TLSv1.3" \ 14002 -c "NamedGroup: ffdhe2048 ( 100 )" \ 14003 -c "NamedGroup: x25519 ( 1d )" \ 14004 -c "Verifying peer X.509 certificate... ok" \ 14005 -s "HRR selected_group: x25519" \ 14006 -c "received HelloRetryRequest message" \ 14007 -c "selected_group ( 29 )" 14008 14009 requires_config_enabled MBEDTLS_SSL_SRV_C 14010 requires_config_enabled MBEDTLS_DEBUG_C 14011 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14012 requires_config_enabled PSA_WANT_ALG_ECDH 14013 requires_config_enabled MBEDTLS_SSL_CLI_C 14014 requires_config_enabled MBEDTLS_DEBUG_C 14015 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 14016 requires_config_enabled PSA_WANT_ALG_ECDH 14017 requires_config_enabled PSA_WANT_ALG_FFDH 14018 requires_config_enabled PSA_WANT_DH_RFC7919_2048 14019 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \ 14020 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 14021 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \ 14022 0 \ 14023 -s "Protocol is TLSv1.3" \ 14024 -s "got named group: x448(001e)" \ 14025 -s "Certificate verification was skipped" \ 14026 -c "Protocol is TLSv1.3" \ 14027 -c "NamedGroup: ffdhe2048 ( 100 )" \ 14028 -c "NamedGroup: x448 ( 1e )" \ 14029 -c "Verifying peer X.509 certificate... ok" \ 14030 -s "HRR selected_group: x448" \ 14031 -c "received HelloRetryRequest message" \ 14032 -c "selected_group ( 30 )"