tls13-misc.sh (73325B)
1 # Miscellaneous tests of TLS 1.3 features. 2 3 # Copyright The Mbed TLS Contributors 4 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 5 # 6 7 requires_gnutls_tls1_3 8 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 9 requires_config_enabled MBEDTLS_SSL_SRV_C 10 requires_config_enabled MBEDTLS_DEBUG_C 11 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 12 run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ 13 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 14 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 15 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 16 localhost" \ 17 1 \ 18 -s "found psk key exchange modes extension" \ 19 -s "found pre_shared_key extension" \ 20 -s "Found PSK_EPHEMERAL KEX MODE" \ 21 -s "Found PSK KEX MODE" \ 22 -s "No matched ciphersuite" 23 24 requires_openssl_tls1_3 25 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 26 requires_config_enabled MBEDTLS_SSL_SRV_C 27 requires_config_enabled MBEDTLS_DEBUG_C 28 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 29 run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ 30 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 31 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ 32 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 33 1 \ 34 -s "found psk key exchange modes extension" \ 35 -s "found pre_shared_key extension" \ 36 -s "Found PSK_EPHEMERAL KEX MODE" \ 37 -s "Found PSK KEX MODE" \ 38 -s "No matched ciphersuite" 39 40 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 41 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 42 requires_config_enabled MBEDTLS_SSL_SRV_C 43 requires_config_enabled MBEDTLS_SSL_CLI_C 44 requires_config_enabled MBEDTLS_DEBUG_C 45 requires_config_enabled MBEDTLS_HAVE_TIME 46 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 47 run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ 48 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ 49 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \ 50 0 \ 51 -c "Pre-configured PSK number = 2" \ 52 -s "sent selected_identity: 0" \ 53 -s "key exchange mode: psk_ephemeral" \ 54 -S "key exchange mode: psk$" \ 55 -S "key exchange mode: ephemeral$" \ 56 -S "ticket is not authentic" 57 58 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 59 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 60 requires_config_enabled MBEDTLS_SSL_SRV_C 61 requires_config_enabled MBEDTLS_SSL_CLI_C 62 requires_config_enabled MBEDTLS_DEBUG_C 63 requires_config_enabled MBEDTLS_HAVE_TIME 64 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 65 run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ 66 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ 67 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \ 68 0 \ 69 -c "Pre-configured PSK number = 2" \ 70 -s "sent selected_identity: 1" \ 71 -s "key exchange mode: psk_ephemeral" \ 72 -S "key exchange mode: psk$" \ 73 -S "key exchange mode: ephemeral$" \ 74 -s "ticket is not authentic" 75 76 requires_gnutls_tls1_3 77 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 78 requires_config_enabled MBEDTLS_SSL_SRV_C 79 requires_config_enabled MBEDTLS_DEBUG_C 80 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 81 run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ 82 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 83 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 84 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 85 localhost" \ 86 1 \ 87 -s "found psk key exchange modes extension" \ 88 -s "found pre_shared_key extension" \ 89 -s "Found PSK_EPHEMERAL KEX MODE" \ 90 -S "Found PSK KEX MODE" \ 91 -S "key exchange mode: psk$" \ 92 -S "key exchange mode: psk_ephemeral" \ 93 -S "key exchange mode: ephemeral" 94 95 requires_gnutls_tls1_3 96 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 97 requires_config_enabled MBEDTLS_SSL_SRV_C 98 requires_config_enabled MBEDTLS_DEBUG_C 99 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 100 requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 101 requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 102 run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ 103 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 104 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 105 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 106 localhost" \ 107 0 \ 108 -s "found psk key exchange modes extension" \ 109 -s "found pre_shared_key extension" \ 110 -s "Found PSK_EPHEMERAL KEX MODE" \ 111 -s "Found PSK KEX MODE" \ 112 -s "key exchange mode: psk$" 113 114 requires_gnutls_tls1_3 115 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 116 requires_config_enabled MBEDTLS_SSL_SRV_C 117 requires_config_enabled MBEDTLS_DEBUG_C 118 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 119 requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 120 requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 121 run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ 122 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 123 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 124 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 125 localhost" \ 126 0 \ 127 -s "found psk key exchange modes extension" \ 128 -s "found pre_shared_key extension" \ 129 -s "Found PSK_EPHEMERAL KEX MODE" \ 130 -s "Found PSK KEX MODE" \ 131 -s "key exchange mode: psk_ephemeral$" 132 133 requires_gnutls_tls1_3 134 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 135 requires_config_enabled MBEDTLS_SSL_SRV_C 136 requires_config_enabled MBEDTLS_DEBUG_C 137 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 138 requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 139 requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 140 run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ 141 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 142 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 143 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 144 localhost" \ 145 0 \ 146 -s "key exchange mode: ephemeral$" 147 148 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 149 requires_config_enabled MBEDTLS_SSL_CLI_C 150 requires_config_enabled MBEDTLS_SSL_SRV_C 151 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 152 requires_config_enabled MBEDTLS_HAVE_TIME 153 requires_config_enabled MBEDTLS_DEBUG_C 154 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 155 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 156 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 157 run_test "TLS 1.3 m->m: resumption" \ 158 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 159 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \ 160 0 \ 161 -c "Protocol is TLSv1.3" \ 162 -c "Saving session for reuse... ok" \ 163 -c "Reconnecting with saved session... ok" \ 164 -c "HTTP/1.0 200 OK" \ 165 -s "Protocol is TLSv1.3" \ 166 -s "key exchange mode: psk" \ 167 -s "Select PSK ciphersuite" 168 169 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 170 requires_config_enabled MBEDTLS_SSL_CLI_C 171 requires_config_enabled MBEDTLS_SSL_SRV_C 172 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 173 requires_config_enabled MBEDTLS_HAVE_TIME 174 requires_config_enabled MBEDTLS_DEBUG_C 175 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 176 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 177 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 178 run_test "TLS 1.3 m->m: resumption with servername" \ 179 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ 180 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ 181 "$P_CLI server_name=localhost new_session_tickets=1 reco_mode=1 reconnect=1" \ 182 0 \ 183 -c "Protocol is TLSv1.3" \ 184 -c "Saving session for reuse... ok" \ 185 -c "Reconnecting with saved session... ok" \ 186 -c "HTTP/1.0 200 OK" \ 187 -s "Protocol is TLSv1.3" \ 188 -s "key exchange mode: psk" \ 189 -s "Select PSK ciphersuite" 190 191 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 192 requires_config_enabled MBEDTLS_SSL_CLI_C 193 requires_config_enabled MBEDTLS_SSL_SRV_C 194 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 195 requires_config_enabled MBEDTLS_HAVE_TIME 196 requires_config_enabled MBEDTLS_DEBUG_C 197 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 198 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 199 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 200 run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \ 201 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604800 tickets=1" \ 202 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \ 203 0 \ 204 -c "Protocol is TLSv1.3" \ 205 -c "Saving session for reuse... ok" \ 206 -c "Reconnecting with saved session... ok" \ 207 -c "HTTP/1.0 200 OK" \ 208 -s "Protocol is TLSv1.3" \ 209 -s "key exchange mode: psk" \ 210 -s "Select PSK ciphersuite" 211 212 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 213 requires_config_enabled MBEDTLS_SSL_CLI_C 214 requires_config_enabled MBEDTLS_SSL_SRV_C 215 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 216 requires_config_enabled MBEDTLS_HAVE_TIME 217 requires_config_enabled MBEDTLS_DEBUG_C 218 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 219 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 220 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 221 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 222 run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \ 223 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 224 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 new_session_tickets=1 reco_mode=1 reconnect=1" \ 225 0 \ 226 -c "Protocol is TLSv1.3" \ 227 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 228 -c "Saving session for reuse... ok" \ 229 -c "Reconnecting with saved session... ok" \ 230 -c "HTTP/1.0 200 OK" \ 231 -s "Protocol is TLSv1.3" \ 232 -s "key exchange mode: psk" \ 233 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" 234 235 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 236 requires_config_enabled MBEDTLS_SSL_CLI_C 237 requires_config_enabled MBEDTLS_SSL_SRV_C 238 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 239 requires_config_enabled MBEDTLS_HAVE_TIME 240 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 241 requires_config_enabled MBEDTLS_DEBUG_C 242 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 243 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 244 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 245 run_test "TLS 1.3 m->m: resumption with early data" \ 246 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 247 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \ 248 0 \ 249 -c "Protocol is TLSv1.3" \ 250 -c "Saving session for reuse... ok" \ 251 -c "Reconnecting with saved session" \ 252 -c "HTTP/1.0 200 OK" \ 253 -c "received max_early_data_size" \ 254 -c "NewSessionTicket: early_data(42) extension received." \ 255 -c "ClientHello: early_data(42) extension exists." \ 256 -c "EncryptedExtensions: early_data(42) extension received." \ 257 -c "bytes of early data written" \ 258 -C "0 bytes of early data written" \ 259 -s "Protocol is TLSv1.3" \ 260 -s "key exchange mode: psk" \ 261 -s "Select PSK ciphersuite" \ 262 -s "Sent max_early_data_size" \ 263 -s "NewSessionTicket: early_data(42) extension exists." \ 264 -s "ClientHello: early_data(42) extension exists." \ 265 -s "EncryptedExtensions: early_data(42) extension exists." \ 266 -s "early data bytes read" 267 268 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 269 requires_config_enabled MBEDTLS_SSL_CLI_C 270 requires_config_enabled MBEDTLS_SSL_SRV_C 271 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 272 requires_config_enabled MBEDTLS_HAVE_TIME 273 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 274 requires_config_enabled MBEDTLS_DEBUG_C 275 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 276 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 277 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 278 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 279 run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \ 280 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 281 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \ 282 0 \ 283 -c "Protocol is TLSv1.3" \ 284 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 285 -c "Saving session for reuse... ok" \ 286 -c "Reconnecting with saved session" \ 287 -c "HTTP/1.0 200 OK" \ 288 -c "received max_early_data_size" \ 289 -c "NewSessionTicket: early_data(42) extension received." \ 290 -c "ClientHello: early_data(42) extension exists." \ 291 -c "EncryptedExtensions: early_data(42) extension received." \ 292 -c "bytes of early data written" \ 293 -C "0 bytes of early data written" \ 294 -s "Protocol is TLSv1.3" \ 295 -s "key exchange mode: psk" \ 296 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ 297 -s "Sent max_early_data_size" \ 298 -s "NewSessionTicket: early_data(42) extension exists." \ 299 -s "ClientHello: early_data(42) extension exists." \ 300 -s "EncryptedExtensions: early_data(42) extension exists." \ 301 -s "early data bytes read" 302 303 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 304 requires_config_enabled MBEDTLS_SSL_CLI_C 305 requires_config_enabled MBEDTLS_SSL_SRV_C 306 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 307 requires_config_enabled MBEDTLS_HAVE_TIME 308 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 309 requires_config_enabled MBEDTLS_DEBUG_C 310 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 311 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 312 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 313 run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \ 314 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 315 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \ 316 0 \ 317 -c "Protocol is TLSv1.3" \ 318 -c "Saving session for reuse... ok" \ 319 -c "Reconnecting with saved session" \ 320 -c "HTTP/1.0 200 OK" \ 321 -C "received max_early_data_size" \ 322 -C "NewSessionTicket: early_data(42) extension received." \ 323 -C "ClientHello: early_data(42) extension exists." \ 324 -C "EncryptedExtensions: early_data(42) extension received." \ 325 -c "0 bytes of early data written" \ 326 -s "Protocol is TLSv1.3" \ 327 -s "key exchange mode: psk" \ 328 -s "Select PSK ciphersuite" \ 329 -S "Sent max_early_data_size" \ 330 -S "NewSessionTicket: early_data(42) extension exists." \ 331 -S "ClientHello: early_data(42) extension exists." \ 332 -S "EncryptedExtensions: early_data(42) extension exists." \ 333 -S "early data bytes read" 334 335 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 336 requires_config_enabled MBEDTLS_SSL_CLI_C 337 requires_config_enabled MBEDTLS_SSL_SRV_C 338 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 339 requires_config_enabled MBEDTLS_HAVE_TIME 340 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 341 requires_config_enabled MBEDTLS_DEBUG_C 342 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 343 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 344 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 345 run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \ 346 "$P_SRV debug_level=4 early_data=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 347 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \ 348 0 \ 349 -c "Protocol is TLSv1.3" \ 350 -c "Saving session for reuse... ok" \ 351 -c "Reconnecting with saved session" \ 352 -c "HTTP/1.0 200 OK" \ 353 -C "received max_early_data_size" \ 354 -C "NewSessionTicket: early_data(42) extension received." \ 355 -C "ClientHello: early_data(42) extension exists." \ 356 -C "EncryptedExtensions: early_data(42) extension received." \ 357 -c "0 bytes of early data written" \ 358 -s "Protocol is TLSv1.3" \ 359 -s "key exchange mode: psk" \ 360 -s "Select PSK ciphersuite" \ 361 -S "Sent max_early_data_size" \ 362 -S "NewSessionTicket: early_data(42) extension exists." \ 363 -S "ClientHello: early_data(42) extension exists." \ 364 -S "EncryptedExtensions: early_data(42) extension exists." \ 365 -S "early data bytes read" 366 367 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 368 requires_config_enabled MBEDTLS_SSL_CLI_C 369 requires_config_enabled MBEDTLS_SSL_SRV_C 370 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 371 requires_config_enabled MBEDTLS_HAVE_TIME 372 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 373 requires_config_enabled MBEDTLS_DEBUG_C 374 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 375 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 376 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 377 run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \ 378 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 379 "$P_CLI debug_level=3 new_session_tickets=1 reco_mode=1 reconnect=1" \ 380 0 \ 381 -c "Protocol is TLSv1.3" \ 382 -c "Saving session for reuse... ok" \ 383 -c "Reconnecting with saved session" \ 384 -c "HTTP/1.0 200 OK" \ 385 -c "received max_early_data_size" \ 386 -c "NewSessionTicket: early_data(42) extension received." \ 387 -C "ClientHello: early_data(42) extension exists." \ 388 -C "EncryptedExtensions: early_data(42) extension received." \ 389 -C "bytes of early data written" \ 390 -s "Protocol is TLSv1.3" \ 391 -s "key exchange mode: psk" \ 392 -s "Select PSK ciphersuite" \ 393 -s "Sent max_early_data_size" \ 394 -s "NewSessionTicket: early_data(42) extension exists." \ 395 -S "ClientHello: early_data(42) extension exists." \ 396 -S "EncryptedExtensions: early_data(42) extension exists." \ 397 -S "early data bytes read" 398 399 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 400 requires_config_enabled MBEDTLS_SSL_CLI_C 401 requires_config_enabled MBEDTLS_SSL_SRV_C 402 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 403 requires_config_enabled MBEDTLS_HAVE_TIME 404 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 405 requires_config_enabled MBEDTLS_DEBUG_C 406 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 407 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 408 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 409 run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \ 410 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ 411 "$P_CLI debug_level=3 early_data=0 new_session_tickets=1 reco_mode=1 reconnect=1" \ 412 0 \ 413 -c "Protocol is TLSv1.3" \ 414 -c "Saving session for reuse... ok" \ 415 -c "Reconnecting with saved session" \ 416 -c "HTTP/1.0 200 OK" \ 417 -c "received max_early_data_size" \ 418 -c "NewSessionTicket: early_data(42) extension received." \ 419 -C "ClientHello: early_data(42) extension exists." \ 420 -C "EncryptedExtensions: early_data(42) extension received." \ 421 -C "bytes of early data written" \ 422 -s "Protocol is TLSv1.3" \ 423 -s "key exchange mode: psk" \ 424 -s "Select PSK ciphersuite" \ 425 -s "Sent max_early_data_size" \ 426 -s "NewSessionTicket: early_data(42) extension exists." \ 427 -S "ClientHello: early_data(42) extension exists." \ 428 -S "EncryptedExtensions: early_data(42) extension exists." \ 429 -S "early data bytes read" 430 431 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 432 requires_config_enabled MBEDTLS_SSL_CLI_C 433 requires_config_enabled MBEDTLS_SSL_SRV_C 434 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 435 requires_config_enabled MBEDTLS_HAVE_TIME 436 requires_config_enabled MBEDTLS_DEBUG_C 437 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 438 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 439 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 440 run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \ 441 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604801 tickets=1" \ 442 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \ 443 1 \ 444 -c "Protocol is TLSv1.3" \ 445 -C "Saving session for reuse... ok" \ 446 -c "Reconnecting with saved session... failed" \ 447 -S "Protocol is TLSv1.3" \ 448 -S "key exchange mode: psk" \ 449 -S "Select PSK ciphersuite" \ 450 -s "Ticket lifetime (604801) is greater than 7 days." 451 452 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 453 requires_config_enabled MBEDTLS_SSL_CLI_C 454 requires_config_enabled MBEDTLS_SSL_SRV_C 455 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 456 requires_config_enabled MBEDTLS_HAVE_TIME 457 requires_config_enabled MBEDTLS_DEBUG_C 458 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 459 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 460 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 461 run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \ 462 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=0 tickets=1" \ 463 "$P_CLI debug_level=2 new_session_tickets=1 reco_mode=1 reconnect=1" \ 464 1 \ 465 -c "Protocol is TLSv1.3" \ 466 -C "Saving session for reuse... ok" \ 467 -c "Discard new session ticket" \ 468 -c "Reconnecting with saved session... failed" \ 469 -s "Protocol is TLSv1.3" \ 470 -S "key exchange mode: psk" \ 471 -S "Select PSK ciphersuite" 472 473 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 474 requires_config_enabled MBEDTLS_SSL_CLI_C 475 requires_config_enabled MBEDTLS_SSL_SRV_C 476 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 477 requires_config_enabled MBEDTLS_HAVE_TIME 478 requires_config_enabled MBEDTLS_DEBUG_C 479 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 480 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 481 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 482 run_test "TLS 1.3 m->m: resumption fails, servername check failed" \ 483 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ 484 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ 485 "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote new_session_tickets=1 reco_mode=1 reconnect=1" \ 486 1 \ 487 -c "Protocol is TLSv1.3" \ 488 -c "Saving session for reuse... ok" \ 489 -c "Reconnecting with saved session" \ 490 -c "Hostname mismatch the session ticket, disable session resumption." \ 491 -s "Protocol is TLSv1.3" \ 492 -S "key exchange mode: psk" \ 493 -S "Select PSK ciphersuite" 494 495 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 496 requires_config_enabled MBEDTLS_SSL_CLI_C 497 requires_config_enabled MBEDTLS_SSL_SRV_C 498 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 499 requires_config_enabled MBEDTLS_HAVE_TIME 500 requires_config_enabled MBEDTLS_DEBUG_C 501 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 502 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 503 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 504 run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \ 505 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=1" \ 506 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \ 507 0 \ 508 -c "Protocol is TLSv1.3" \ 509 -s "key exchange mode: ephemeral" \ 510 -s "Protocol is TLSv1.3" \ 511 -c "Saving session for reuse... ok" \ 512 -c "Reconnecting with saved session" \ 513 -S "key exchange mode: psk" \ 514 -s "ticket is not authentic" \ 515 -S "ticket is expired" \ 516 -S "Invalid ticket creation time" \ 517 -S "Ticket age exceeds limitation" \ 518 -S "Ticket age outside tolerance window" 519 520 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 521 requires_config_enabled MBEDTLS_SSL_CLI_C 522 requires_config_enabled MBEDTLS_SSL_SRV_C 523 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 524 requires_config_enabled MBEDTLS_HAVE_TIME 525 requires_config_enabled MBEDTLS_DEBUG_C 526 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 527 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 528 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 529 run_test "TLS 1.3 m->m: resumption fails, ticket expired." \ 530 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=2" \ 531 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \ 532 0 \ 533 -c "Protocol is TLSv1.3" \ 534 -s "key exchange mode: ephemeral" \ 535 -s "Protocol is TLSv1.3" \ 536 -c "Saving session for reuse... ok" \ 537 -c "Reconnecting with saved session" \ 538 -S "key exchange mode: psk" \ 539 -S "ticket is not authentic" \ 540 -s "ticket is expired" \ 541 -S "Invalid ticket creation time" \ 542 -S "Ticket age exceeds limitation" \ 543 -S "Ticket age outside tolerance window" 544 545 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 546 requires_config_enabled MBEDTLS_SSL_CLI_C 547 requires_config_enabled MBEDTLS_SSL_SRV_C 548 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 549 requires_config_enabled MBEDTLS_HAVE_TIME 550 requires_config_enabled MBEDTLS_DEBUG_C 551 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 552 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 553 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 554 run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \ 555 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=3" \ 556 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \ 557 0 \ 558 -c "Protocol is TLSv1.3" \ 559 -s "key exchange mode: ephemeral" \ 560 -s "Protocol is TLSv1.3" \ 561 -c "Saving session for reuse... ok" \ 562 -c "Reconnecting with saved session" \ 563 -S "key exchange mode: psk" \ 564 -S "ticket is not authentic" \ 565 -S "ticket is expired" \ 566 -s "Invalid ticket creation time" \ 567 -S "Ticket age exceeds limitation" \ 568 -S "Ticket age outside tolerance window" 569 570 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 571 requires_config_enabled MBEDTLS_SSL_CLI_C 572 requires_config_enabled MBEDTLS_SSL_SRV_C 573 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 574 requires_config_enabled MBEDTLS_HAVE_TIME 575 requires_config_enabled MBEDTLS_DEBUG_C 576 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 577 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 578 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 579 run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \ 580 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=4" \ 581 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \ 582 0 \ 583 -c "Protocol is TLSv1.3" \ 584 -s "key exchange mode: ephemeral" \ 585 -s "Protocol is TLSv1.3" \ 586 -c "Saving session for reuse... ok" \ 587 -c "Reconnecting with saved session" \ 588 -S "key exchange mode: psk" \ 589 -S "ticket is not authentic" \ 590 -S "ticket is expired" \ 591 -S "Invalid ticket creation time" \ 592 -s "Ticket age exceeds limitation" \ 593 -S "Ticket age outside tolerance window" 594 595 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 596 requires_config_enabled MBEDTLS_SSL_CLI_C 597 requires_config_enabled MBEDTLS_SSL_SRV_C 598 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 599 requires_config_enabled MBEDTLS_HAVE_TIME 600 requires_config_enabled MBEDTLS_DEBUG_C 601 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 602 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 603 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 604 run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \ 605 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=5" \ 606 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \ 607 0 \ 608 -c "Protocol is TLSv1.3" \ 609 -s "key exchange mode: ephemeral" \ 610 -s "Protocol is TLSv1.3" \ 611 -c "Saving session for reuse... ok" \ 612 -c "Reconnecting with saved session" \ 613 -S "key exchange mode: psk" \ 614 -S "ticket is not authentic" \ 615 -S "ticket is expired" \ 616 -S "Invalid ticket creation time" \ 617 -S "Ticket age exceeds limitation" \ 618 -s "Ticket age outside tolerance window" 619 620 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 621 requires_config_enabled MBEDTLS_SSL_CLI_C 622 requires_config_enabled MBEDTLS_SSL_SRV_C 623 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 624 requires_config_enabled MBEDTLS_HAVE_TIME 625 requires_config_enabled MBEDTLS_DEBUG_C 626 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 627 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 628 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 629 run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \ 630 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=6" \ 631 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \ 632 0 \ 633 -c "Protocol is TLSv1.3" \ 634 -s "key exchange mode: ephemeral" \ 635 -s "Protocol is TLSv1.3" \ 636 -c "Saving session for reuse... ok" \ 637 -c "Reconnecting with saved session" \ 638 -S "key exchange mode: psk" \ 639 -S "ticket is not authentic" \ 640 -S "ticket is expired" \ 641 -S "Invalid ticket creation time" \ 642 -S "Ticket age exceeds limitation" \ 643 -s "Ticket age outside tolerance window" 644 645 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 646 requires_config_enabled MBEDTLS_SSL_CLI_C 647 requires_config_enabled MBEDTLS_SSL_SRV_C 648 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 649 requires_config_enabled MBEDTLS_HAVE_TIME 650 requires_config_enabled MBEDTLS_DEBUG_C 651 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 652 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 653 run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \ 654 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ 655 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \ 656 0 \ 657 -c "Protocol is TLSv1.3" \ 658 -s "key exchange mode: ephemeral" \ 659 -S "key exchange mode: psk_ephemeral" \ 660 -S "key exchange mode: psk$" \ 661 -s "found matched identity" \ 662 -s "No suitable PSK key exchange mode" \ 663 -s "No usable PSK or ticket" 664 665 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 666 requires_config_enabled MBEDTLS_SSL_CLI_C 667 requires_config_enabled MBEDTLS_SSL_SRV_C 668 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 669 requires_config_enabled MBEDTLS_HAVE_TIME 670 requires_config_enabled MBEDTLS_DEBUG_C 671 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 672 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 673 run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \ 674 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ 675 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \ 676 0 \ 677 -c "Protocol is TLSv1.3" \ 678 -s "key exchange mode: ephemeral" \ 679 -S "key exchange mode: psk_ephemeral" \ 680 -S "key exchange mode: psk$" \ 681 -s "found matched identity" \ 682 -S "No suitable PSK key exchange mode" \ 683 -S "No usable PSK or ticket" 684 685 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 686 requires_config_enabled MBEDTLS_SSL_CLI_C 687 requires_config_enabled MBEDTLS_SSL_SRV_C 688 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 689 requires_config_enabled MBEDTLS_HAVE_TIME 690 requires_config_enabled MBEDTLS_DEBUG_C 691 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 692 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 693 run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \ 694 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ 695 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \ 696 0 \ 697 -c "Protocol is TLSv1.3" \ 698 -s "key exchange mode: ephemeral" \ 699 -S "key exchange mode: psk_ephemeral" \ 700 -S "key exchange mode: psk$" \ 701 -s "found matched identity" \ 702 -s "No suitable PSK key exchange mode" \ 703 -s "No usable PSK or ticket" 704 705 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 706 requires_config_enabled MBEDTLS_SSL_CLI_C 707 requires_config_enabled MBEDTLS_SSL_SRV_C 708 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 709 requires_config_enabled MBEDTLS_HAVE_TIME 710 requires_config_enabled MBEDTLS_DEBUG_C 711 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 712 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 713 run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \ 714 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ 715 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \ 716 0 \ 717 -c "Protocol is TLSv1.3" \ 718 -s "key exchange mode: ephemeral" \ 719 -S "key exchange mode: psk_ephemeral" \ 720 -S "key exchange mode: psk$" \ 721 -s "found matched identity" \ 722 -S "No suitable PSK key exchange mode" \ 723 -S "No usable PSK or ticket" 724 725 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 726 requires_config_enabled MBEDTLS_SSL_CLI_C 727 requires_config_enabled MBEDTLS_SSL_SRV_C 728 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 729 requires_config_enabled MBEDTLS_HAVE_TIME 730 requires_config_enabled MBEDTLS_DEBUG_C 731 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 732 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 733 run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \ 734 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ 735 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \ 736 0 \ 737 -c "Protocol is TLSv1.3" \ 738 -s "key exchange mode: ephemeral" \ 739 -S "key exchange mode: psk_ephemeral" \ 740 -S "key exchange mode: psk$" \ 741 -s "found matched identity" \ 742 -s "No suitable PSK key exchange mode" \ 743 -s "No usable PSK or ticket" 744 745 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 746 requires_config_enabled MBEDTLS_SSL_CLI_C 747 requires_config_enabled MBEDTLS_SSL_SRV_C 748 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 749 requires_config_enabled MBEDTLS_HAVE_TIME 750 requires_config_enabled MBEDTLS_DEBUG_C 751 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 752 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 753 run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \ 754 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ 755 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \ 756 0 \ 757 -c "Protocol is TLSv1.3" \ 758 -s "key exchange mode: ephemeral" \ 759 -S "key exchange mode: psk_ephemeral" \ 760 -S "key exchange mode: psk$" \ 761 -s "found matched identity" \ 762 -s "No suitable PSK key exchange mode" \ 763 -s "No usable PSK or ticket" 764 765 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 766 requires_config_enabled MBEDTLS_SSL_CLI_C 767 requires_config_enabled MBEDTLS_SSL_SRV_C 768 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 769 requires_config_enabled MBEDTLS_HAVE_TIME 770 requires_config_enabled MBEDTLS_DEBUG_C 771 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 772 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 773 run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \ 774 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ 775 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \ 776 0 \ 777 -c "Protocol is TLSv1.3" \ 778 -s "key exchange mode: ephemeral" \ 779 -s "key exchange mode: psk_ephemeral" \ 780 -S "key exchange mode: psk$" \ 781 -s "found matched identity" \ 782 -S "No suitable PSK key exchange mode" \ 783 -S "No usable PSK or ticket" 784 785 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 786 requires_config_enabled MBEDTLS_SSL_CLI_C 787 requires_config_enabled MBEDTLS_SSL_SRV_C 788 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 789 requires_config_enabled MBEDTLS_HAVE_TIME 790 requires_config_enabled MBEDTLS_DEBUG_C 791 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 792 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 793 run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \ 794 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ 795 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \ 796 0 \ 797 -c "Protocol is TLSv1.3" \ 798 -s "key exchange mode: ephemeral" \ 799 -s "key exchange mode: psk_ephemeral" \ 800 -S "key exchange mode: psk$" \ 801 -s "found matched identity" \ 802 -S "No suitable PSK key exchange mode" \ 803 -S "No usable PSK or ticket" 804 805 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 806 requires_config_enabled MBEDTLS_SSL_CLI_C 807 requires_config_enabled MBEDTLS_SSL_SRV_C 808 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 809 requires_config_enabled MBEDTLS_HAVE_TIME 810 requires_config_enabled MBEDTLS_DEBUG_C 811 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 812 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 813 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 814 run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \ 815 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ 816 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \ 817 0 \ 818 -c "Pre-configured PSK number = 1" \ 819 -S "sent selected_identity:" \ 820 -s "key exchange mode: ephemeral" \ 821 -S "key exchange mode: psk_ephemeral" \ 822 -S "key exchange mode: psk$" \ 823 -s "No suitable PSK key exchange mode" \ 824 -s "No usable PSK or ticket" 825 826 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 827 requires_config_enabled MBEDTLS_SSL_CLI_C 828 requires_config_enabled MBEDTLS_SSL_SRV_C 829 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 830 requires_config_enabled MBEDTLS_HAVE_TIME 831 requires_config_enabled MBEDTLS_DEBUG_C 832 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 833 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 834 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 835 run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \ 836 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ 837 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \ 838 0 \ 839 -c "Protocol is TLSv1.3" \ 840 -s "key exchange mode: ephemeral" \ 841 -S "key exchange mode: psk_ephemeral" \ 842 -S "key exchange mode: psk$" \ 843 -s "found matched identity" \ 844 -S "No suitable PSK key exchange mode" \ 845 -S "No usable PSK or ticket" 846 847 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 848 requires_config_enabled MBEDTLS_SSL_CLI_C 849 requires_config_enabled MBEDTLS_SSL_SRV_C 850 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 851 requires_config_enabled MBEDTLS_HAVE_TIME 852 requires_config_enabled MBEDTLS_DEBUG_C 853 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 854 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 855 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 856 run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \ 857 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ 858 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \ 859 0 \ 860 -c "Protocol is TLSv1.3" \ 861 -s "key exchange mode: ephemeral" \ 862 -s "key exchange mode: psk_ephemeral" \ 863 -S "key exchange mode: psk$" \ 864 -s "found matched identity" \ 865 -S "No suitable PSK key exchange mode" \ 866 -S "No usable PSK or ticket" 867 868 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 869 requires_config_enabled MBEDTLS_SSL_CLI_C 870 requires_config_enabled MBEDTLS_SSL_SRV_C 871 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 872 requires_config_enabled MBEDTLS_HAVE_TIME 873 requires_config_enabled MBEDTLS_DEBUG_C 874 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 875 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 876 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 877 run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \ 878 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ 879 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \ 880 0 \ 881 -c "Protocol is TLSv1.3" \ 882 -s "key exchange mode: ephemeral" \ 883 -s "key exchange mode: psk_ephemeral" \ 884 -S "key exchange mode: psk$" \ 885 -s "found matched identity" \ 886 -S "No suitable PSK key exchange mode" \ 887 -S "No usable PSK or ticket" 888 889 requires_openssl_tls1_3_with_compatible_ephemeral 890 requires_config_enabled MBEDTLS_SSL_CLI_C 891 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 892 requires_config_enabled MBEDTLS_HAVE_TIME 893 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 894 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 895 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 896 run_test "TLS 1.3 m->O: resumption" \ 897 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 898 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \ 899 0 \ 900 -c "Protocol is TLSv1.3" \ 901 -c "Saving session for reuse... ok" \ 902 -c "Reconnecting with saved session... ok" \ 903 -c "HTTP/1.0 200 ok" 904 905 requires_openssl_tls1_3_with_compatible_ephemeral 906 requires_config_enabled MBEDTLS_SSL_CLI_C 907 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 908 requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS 909 run_test "TLS 1.3 m->O: resumption fails, no ticket support" \ 910 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 911 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 912 1 \ 913 -c "Protocol is TLSv1.3" \ 914 -C "Saving session for reuse... ok" \ 915 -C "Reconnecting with saved session... ok" \ 916 -c "Ignoring NewSessionTicket, not supported." 917 918 requires_openssl_tls1_3_with_compatible_ephemeral 919 requires_config_enabled MBEDTLS_SSL_CLI_C 920 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 921 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 922 run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (explicit)" \ 923 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 924 "$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \ 925 1 \ 926 -c "Protocol is TLSv1.3" \ 927 -C "Saving session for reuse... ok" \ 928 -C "Reconnecting with saved session... ok" \ 929 -c "Ignoring NewSessionTicket, handling disabled." 930 931 requires_openssl_tls1_3_with_compatible_ephemeral 932 requires_config_enabled MBEDTLS_SSL_CLI_C 933 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 934 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 935 run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (default)" \ 936 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 937 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 938 1 \ 939 -c "Protocol is TLSv1.3" \ 940 -C "Saving session for reuse... ok" \ 941 -C "Reconnecting with saved session... ok" \ 942 -c "Ignoring NewSessionTicket, handling disabled." 943 944 # No early data m->O tests for the time being. The option -early_data is needed 945 # to enable early data on OpenSSL server and it is not compatible with the 946 # -www option we usually use for testing with OpenSSL server (see 947 # O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the 948 # ephemeral then ticket based scenario we use for early data testing the first 949 # handshake fails. The following skipped test is here to illustrate the kind 950 # of testing we would like to do. 951 # https://github.com/Mbed-TLS/mbedtls/issues/9582 952 skip_next_test 953 requires_openssl_tls1_3_with_compatible_ephemeral 954 requires_config_enabled MBEDTLS_SSL_CLI_C 955 requires_config_enabled MBEDTLS_DEBUG_C 956 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 957 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 958 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 959 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 960 run_test "TLS 1.3 m->O: resumption with early data" \ 961 "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 962 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \ 963 0 \ 964 -c "Protocol is TLSv1.3" \ 965 -c "Saving session for reuse... ok" \ 966 -c "Reconnecting with saved session" \ 967 -c "HTTP/1.0 200 OK" \ 968 -c "received max_early_data_size: 16384" \ 969 -c "NewSessionTicket: early_data(42) extension received." \ 970 -c "ClientHello: early_data(42) extension exists." \ 971 -c "EncryptedExtensions: early_data(42) extension received." \ 972 -c "bytes of early data written" \ 973 -s "decrypted early data with length:" 974 975 requires_gnutls_tls1_3 976 requires_config_enabled MBEDTLS_SSL_CLI_C 977 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 978 requires_config_enabled MBEDTLS_HAVE_TIME 979 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 980 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 981 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 982 run_test "TLS 1.3 m->G: resumption" \ 983 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 984 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \ 985 0 \ 986 -c "Protocol is TLSv1.3" \ 987 -c "Saving session for reuse... ok" \ 988 -c "Reconnecting with saved session... ok" \ 989 -c "HTTP/1.0 200 OK" 990 991 requires_gnutls_tls1_3 992 requires_config_enabled MBEDTLS_SSL_CLI_C 993 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 994 requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS 995 run_test "TLS 1.3 m->G: resumption fails, no ticket support" \ 996 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 997 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 998 1 \ 999 -c "Protocol is TLSv1.3" \ 1000 -C "Saving session for reuse... ok" \ 1001 -C "Reconnecting with saved session... ok" \ 1002 -c "Ignoring NewSessionTicket, not supported." 1003 1004 requires_gnutls_tls1_3 1005 requires_config_enabled MBEDTLS_SSL_CLI_C 1006 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1007 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1008 run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (explicit)" \ 1009 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 1010 "$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \ 1011 1 \ 1012 -c "Protocol is TLSv1.3" \ 1013 -C "Saving session for reuse... ok" \ 1014 -C "Reconnecting with saved session... ok" \ 1015 -c "Ignoring NewSessionTicket, handling disabled." 1016 1017 requires_gnutls_tls1_3 1018 requires_config_enabled MBEDTLS_SSL_CLI_C 1019 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1020 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1021 run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (default)" \ 1022 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 1023 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 1024 1 \ 1025 -c "Protocol is TLSv1.3" \ 1026 -C "Saving session for reuse... ok" \ 1027 -C "Reconnecting with saved session... ok" \ 1028 -c "Ignoring NewSessionTicket, handling disabled." 1029 1030 requires_gnutls_tls1_3 1031 requires_config_enabled MBEDTLS_SSL_CLI_C 1032 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1033 requires_config_enabled MBEDTLS_HAVE_TIME 1034 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1035 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1036 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1037 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 1038 run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \ 1039 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 1040 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 new_session_tickets=1 reco_mode=1 reconnect=1" \ 1041 0 \ 1042 -c "Protocol is TLSv1.3" \ 1043 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 1044 -c "Saving session for reuse... ok" \ 1045 -c "Reconnecting with saved session... ok" \ 1046 -c "HTTP/1.0 200 OK" 1047 1048 requires_gnutls_tls1_3 1049 requires_config_enabled MBEDTLS_SSL_CLI_C 1050 requires_config_enabled MBEDTLS_DEBUG_C 1051 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1052 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1053 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1054 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1055 run_test "TLS 1.3 m->G: resumption with early data" \ 1056 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 1057 --earlydata --maxearlydata 16384" \ 1058 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \ 1059 0 \ 1060 -c "Protocol is TLSv1.3" \ 1061 -c "Saving session for reuse... ok" \ 1062 -c "Reconnecting with saved session" \ 1063 -c "HTTP/1.0 200 OK" \ 1064 -c "received max_early_data_size: 16384" \ 1065 -c "NewSessionTicket: early_data(42) extension received." \ 1066 -c "ClientHello: early_data(42) extension exists." \ 1067 -c "EncryptedExtensions: early_data(42) extension received." \ 1068 -c "bytes of early data written" \ 1069 -s "decrypted early data with length:" 1070 1071 requires_gnutls_tls1_3 1072 requires_config_enabled MBEDTLS_SSL_CLI_C 1073 requires_config_enabled MBEDTLS_DEBUG_C 1074 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1075 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1076 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1077 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1078 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 1079 run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \ 1080 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 1081 --earlydata --maxearlydata 16384" \ 1082 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \ 1083 0 \ 1084 -c "Protocol is TLSv1.3" \ 1085 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 1086 -c "Saving session for reuse... ok" \ 1087 -c "Reconnecting with saved session" \ 1088 -c "HTTP/1.0 200 OK" \ 1089 -c "received max_early_data_size: 16384" \ 1090 -c "NewSessionTicket: early_data(42) extension received." \ 1091 -c "ClientHello: early_data(42) extension exists." \ 1092 -c "EncryptedExtensions: early_data(42) extension received." \ 1093 -c "bytes of early data written" \ 1094 -s "decrypted early data with length:" 1095 1096 requires_gnutls_tls1_3 1097 requires_config_enabled MBEDTLS_SSL_CLI_C 1098 requires_config_enabled MBEDTLS_DEBUG_C 1099 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1100 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1101 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1102 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1103 run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \ 1104 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ 1105 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \ 1106 0 \ 1107 -c "Protocol is TLSv1.3" \ 1108 -c "Saving session for reuse... ok" \ 1109 -c "Reconnecting with saved session" \ 1110 -c "HTTP/1.0 200 OK" \ 1111 -C "received max_early_data_size: 16384" \ 1112 -C "NewSessionTicket: early_data(42) extension received." \ 1113 1114 requires_gnutls_tls1_3 1115 requires_config_enabled MBEDTLS_SSL_CLI_C 1116 requires_config_enabled MBEDTLS_DEBUG_C 1117 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1118 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1119 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1120 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1121 run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \ 1122 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 1123 --earlydata --maxearlydata 16384" \ 1124 "$P_CLI debug_level=3 new_session_tickets=1 reco_mode=1 reconnect=1" \ 1125 0 \ 1126 -c "Protocol is TLSv1.3" \ 1127 -c "Saving session for reuse... ok" \ 1128 -c "Reconnecting with saved session" \ 1129 -c "HTTP/1.0 200 OK" \ 1130 -c "received max_early_data_size: 16384" \ 1131 -c "NewSessionTicket: early_data(42) extension received." \ 1132 -C "ClientHello: early_data(42) extension exists." \ 1133 1134 requires_gnutls_tls1_3 1135 requires_config_enabled MBEDTLS_SSL_CLI_C 1136 requires_config_enabled MBEDTLS_DEBUG_C 1137 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1138 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1139 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 1140 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1141 run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \ 1142 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 1143 --earlydata --maxearlydata 16384" \ 1144 "$P_CLI debug_level=3 early_data=0 new_session_tickets=1 reco_mode=1 reconnect=1" \ 1145 0 \ 1146 -c "Protocol is TLSv1.3" \ 1147 -c "Saving session for reuse... ok" \ 1148 -c "Reconnecting with saved session" \ 1149 -c "HTTP/1.0 200 OK" \ 1150 -c "received max_early_data_size: 16384" \ 1151 -c "NewSessionTicket: early_data(42) extension received." \ 1152 -C "ClientHello: early_data(42) extension exists." \ 1153 1154 requires_openssl_tls1_3_with_compatible_ephemeral 1155 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1156 requires_config_enabled MBEDTLS_SSL_SRV_C 1157 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1158 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1159 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1160 # https://github.com/openssl/openssl/issues/10714 1161 # Until now, OpenSSL client does not support reconnect. 1162 skip_next_test 1163 run_test "TLS 1.3 O->m: resumption" \ 1164 "$P_SRV debug_level=2 tickets=1" \ 1165 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \ 1166 0 \ 1167 -s "Protocol is TLSv1.3" \ 1168 -s "key exchange mode: psk" \ 1169 -s "Select PSK ciphersuite" 1170 1171 requires_gnutls_tls1_3 1172 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1173 requires_config_enabled MBEDTLS_HAVE_TIME 1174 requires_config_enabled MBEDTLS_SSL_SRV_C 1175 requires_config_enabled MBEDTLS_DEBUG_C 1176 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1177 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1178 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1179 run_test "TLS 1.3 G->m: resumption" \ 1180 "$P_SRV debug_level=2 tickets=1" \ 1181 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 1182 0 \ 1183 -s "Protocol is TLSv1.3" \ 1184 -s "key exchange mode: psk" \ 1185 -s "Select PSK ciphersuite" 1186 1187 requires_gnutls_tls1_3 1188 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1189 requires_config_enabled MBEDTLS_HAVE_TIME 1190 requires_config_enabled MBEDTLS_SSL_SRV_C 1191 requires_config_enabled MBEDTLS_DEBUG_C 1192 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1193 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1194 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1195 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 1196 # Test the session resumption when the cipher suite for the original session is 1197 # TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not 1198 # 256 bits long as with all the other TLS 1.3 cipher suites. 1199 run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \ 1200 "$P_SRV debug_level=2 tickets=1" \ 1201 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \ 1202 0 \ 1203 -s "Protocol is TLSv1.3" \ 1204 -s "key exchange mode: psk" \ 1205 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" 1206 1207 EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) 1208 EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) 1209 1210 requires_gnutls_tls1_3 1211 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1212 requires_config_enabled MBEDTLS_HAVE_TIME 1213 requires_config_enabled MBEDTLS_SSL_SRV_C 1214 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1215 requires_config_enabled MBEDTLS_DEBUG_C 1216 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1217 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1218 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1219 run_test "TLS 1.3 G->m: resumption with early data" \ 1220 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1221 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1222 --earlydata $EARLY_DATA_INPUT" \ 1223 0 \ 1224 -s "Protocol is TLSv1.3" \ 1225 -s "key exchange mode: psk" \ 1226 -s "Select PSK ciphersuite" \ 1227 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1228 -s "NewSessionTicket: early_data(42) extension exists." \ 1229 -s "ClientHello: early_data(42) extension exists." \ 1230 -s "EncryptedExtensions: early_data(42) extension exists." \ 1231 -s "$( head -1 $EARLY_DATA_INPUT )" \ 1232 -s "$( tail -1 $EARLY_DATA_INPUT )" \ 1233 -s "200 early data bytes read" \ 1234 -s "106 early data bytes read" 1235 1236 requires_gnutls_tls1_3 1237 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1238 requires_config_enabled MBEDTLS_HAVE_TIME 1239 requires_config_enabled MBEDTLS_SSL_SRV_C 1240 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1241 requires_config_enabled MBEDTLS_DEBUG_C 1242 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1243 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1244 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1245 requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 1246 run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \ 1247 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1248 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \ 1249 --earlydata $EARLY_DATA_INPUT" \ 1250 0 \ 1251 -s "Protocol is TLSv1.3" \ 1252 -s "key exchange mode: psk" \ 1253 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ 1254 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1255 -s "NewSessionTicket: early_data(42) extension exists." \ 1256 -s "ClientHello: early_data(42) extension exists." \ 1257 -s "EncryptedExtensions: early_data(42) extension exists." \ 1258 -s "$( head -1 $EARLY_DATA_INPUT )" \ 1259 -s "$( tail -1 $EARLY_DATA_INPUT )" \ 1260 -s "200 early data bytes read" \ 1261 -s "106 early data bytes read" 1262 1263 # The Mbed TLS server does not allow early data for the ticket it sends but 1264 # the GnuTLS indicates early data anyway when resuming with the ticket and 1265 # sends early data. The Mbed TLS server does not expect early data in 1266 # association with the ticket thus it eventually fails the resumption 1267 # handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 1268 # specification and thus its behavior may change in following versions. 1269 requires_gnutls_tls1_3 1270 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1271 requires_config_enabled MBEDTLS_HAVE_TIME 1272 requires_config_enabled MBEDTLS_SSL_SRV_C 1273 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1274 requires_config_enabled MBEDTLS_DEBUG_C 1275 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1276 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1277 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1278 run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \ 1279 "$P_SRV debug_level=4 tickets=1" \ 1280 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1281 --earlydata $EARLY_DATA_INPUT" \ 1282 1 \ 1283 -s "Protocol is TLSv1.3" \ 1284 -s "key exchange mode: psk" \ 1285 -s "Select PSK ciphersuite" \ 1286 -S "Sent max_early_data_size" \ 1287 -S "NewSessionTicket: early_data(42) extension exists." \ 1288 -s "ClientHello: early_data(42) extension exists." \ 1289 -s "EarlyData: rejected, feature disabled in server configuration." \ 1290 -S "EncryptedExtensions: early_data(42) extension exists." \ 1291 -s "EarlyData: deprotect and discard app data records" \ 1292 -s "EarlyData: Too much early data received" 1293 1294 # The Mbed TLS server does not allow early data for the ticket it sends but 1295 # the GnuTLS indicates early data anyway when resuming with the ticket and 1296 # sends early data. The Mbed TLS server does not expect early data in 1297 # association with the ticket thus it eventually fails the resumption 1298 # handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 1299 # specification and thus its behavior may change in following versions. 1300 requires_gnutls_tls1_3 1301 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1302 requires_config_enabled MBEDTLS_HAVE_TIME 1303 requires_config_enabled MBEDTLS_SSL_SRV_C 1304 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1305 requires_config_enabled MBEDTLS_DEBUG_C 1306 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1307 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1308 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1309 run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \ 1310 "$P_SRV debug_level=4 tickets=1 early_data=0" \ 1311 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1312 --earlydata $EARLY_DATA_INPUT" \ 1313 1 \ 1314 -s "Protocol is TLSv1.3" \ 1315 -s "key exchange mode: psk" \ 1316 -s "Select PSK ciphersuite" \ 1317 -S "Sent max_early_data_size" \ 1318 -S "NewSessionTicket: early_data(42) extension exists." \ 1319 -s "ClientHello: early_data(42) extension exists." \ 1320 -s "EarlyData: rejected, feature disabled in server configuration." \ 1321 -S "EncryptedExtensions: early_data(42) extension exists." \ 1322 -s "EarlyData: deprotect and discard app data records" \ 1323 -s "EarlyData: Too much early data received" 1324 1325 requires_gnutls_tls1_3 1326 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1327 requires_config_enabled MBEDTLS_HAVE_TIME 1328 requires_config_enabled MBEDTLS_SSL_SRV_C 1329 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1330 requires_config_enabled MBEDTLS_DEBUG_C 1331 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1332 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1333 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1334 run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \ 1335 "$P_SRV debug_level=4 tickets=1 early_data=1" \ 1336 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 1337 0 \ 1338 -s "Protocol is TLSv1.3" \ 1339 -s "key exchange mode: psk" \ 1340 -s "Select PSK ciphersuite" \ 1341 -s "Sent max_early_data_size" \ 1342 -s "NewSessionTicket: early_data(42) extension exists." \ 1343 -S "ClientHello: early_data(42) extension exists." \ 1344 -S "EncryptedExtensions: early_data(42) extension exists." 1345 1346 requires_config_enabled MBEDTLS_SSL_EARLY_DATA 1347 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 1348 requires_config_enabled MBEDTLS_SSL_CLI_C 1349 requires_config_enabled MBEDTLS_SSL_SRV_C 1350 requires_config_enabled MBEDTLS_DEBUG_C 1351 requires_config_enabled MBEDTLS_HAVE_TIME 1352 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 1353 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1354 run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \ 1355 "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \ 1356 "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reco_mode=1 reconnect=1" \ 1357 0 \ 1358 -s "key exchange mode: ephemeral" \ 1359 -S "key exchange mode: psk" \ 1360 -s "found matched identity" \ 1361 -s "EarlyData: rejected, not a session resumption" \ 1362 -C "EncryptedExtensions: early_data(42) extension exists."