1a8e1175bSopenharmony_ci#!/bin/sh 2a8e1175bSopenharmony_ci 3a8e1175bSopenharmony_ci# tls13-misc.sh 4a8e1175bSopenharmony_ci# 5a8e1175bSopenharmony_ci# Copyright The Mbed TLS Contributors 6a8e1175bSopenharmony_ci# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7a8e1175bSopenharmony_ci# 8a8e1175bSopenharmony_ci 9a8e1175bSopenharmony_cirequires_gnutls_tls1_3 10a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 11a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_SSL_SRV_C 13a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_DEBUG_C 14a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 15a8e1175bSopenharmony_ci 16a8e1175bSopenharmony_cirun_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ 17a8e1175bSopenharmony_ci "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 18a8e1175bSopenharmony_ci "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ 19a8e1175bSopenharmony_ci --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 20a8e1175bSopenharmony_ci localhost" \ 21a8e1175bSopenharmony_ci 1 \ 22a8e1175bSopenharmony_ci -s "found psk key exchange modes extension" \ 23a8e1175bSopenharmony_ci -s "found pre_shared_key extension" \ 24a8e1175bSopenharmony_ci -s "Found PSK_EPHEMERAL KEX MODE" \ 25a8e1175bSopenharmony_ci -s "Found PSK KEX MODE" \ 26a8e1175bSopenharmony_ci -s "No matched ciphersuite" 27a8e1175bSopenharmony_ci 28a8e1175bSopenharmony_cirequires_openssl_tls1_3 29a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 30a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 31a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_SSL_SRV_C 32a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_DEBUG_C 33a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 34a8e1175bSopenharmony_ci 35a8e1175bSopenharmony_cirun_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ 36a8e1175bSopenharmony_ci "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 37a8e1175bSopenharmony_ci "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ 38a8e1175bSopenharmony_ci -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ 39a8e1175bSopenharmony_ci 1 \ 40a8e1175bSopenharmony_ci -s "found psk key exchange modes extension" \ 41a8e1175bSopenharmony_ci -s "found pre_shared_key extension" \ 42a8e1175bSopenharmony_ci -s "Found PSK_EPHEMERAL KEX MODE" \ 43a8e1175bSopenharmony_ci -s "Found PSK KEX MODE" \ 44a8e1175bSopenharmony_ci -s "No matched ciphersuite" 45a8e1175bSopenharmony_ci 46a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 47a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 48a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 49a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ 50a8e1175bSopenharmony_ci "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ 51a8e1175bSopenharmony_ci "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 52a8e1175bSopenharmony_ci 0 \ 53a8e1175bSopenharmony_ci -c "Pre-configured PSK number = 2" \ 54a8e1175bSopenharmony_ci -s "sent selected_identity: 0" \ 55a8e1175bSopenharmony_ci -s "key exchange mode: psk_ephemeral" \ 56a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 57a8e1175bSopenharmony_ci -S "key exchange mode: ephemeral$" \ 58a8e1175bSopenharmony_ci -S "ticket is not authentic" 59a8e1175bSopenharmony_ci 60a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 61a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 62a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 63a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ 64a8e1175bSopenharmony_ci "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ 65a8e1175bSopenharmony_ci "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 66a8e1175bSopenharmony_ci 0 \ 67a8e1175bSopenharmony_ci -c "Pre-configured PSK number = 2" \ 68a8e1175bSopenharmony_ci -s "sent selected_identity: 1" \ 69a8e1175bSopenharmony_ci -s "key exchange mode: psk_ephemeral" \ 70a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 71a8e1175bSopenharmony_ci -S "key exchange mode: ephemeral$" \ 72a8e1175bSopenharmony_ci -s "ticket is not authentic" 73a8e1175bSopenharmony_ci 74a8e1175bSopenharmony_cirequires_gnutls_tls1_3 75a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C 76a8e1175bSopenharmony_cirequires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 77a8e1175bSopenharmony_cirun_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ 78a8e1175bSopenharmony_ci "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ 79a8e1175bSopenharmony_ci "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ 80a8e1175bSopenharmony_ci --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 81a8e1175bSopenharmony_ci localhost" \ 82a8e1175bSopenharmony_ci 1 \ 83a8e1175bSopenharmony_ci -s "found psk key exchange modes extension" \ 84a8e1175bSopenharmony_ci -s "found pre_shared_key extension" \ 85a8e1175bSopenharmony_ci -s "Found PSK_EPHEMERAL KEX MODE" \ 86a8e1175bSopenharmony_ci -S "Found PSK KEX MODE" \ 87a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 88a8e1175bSopenharmony_ci -S "key exchange mode: psk_ephemeral" \ 89a8e1175bSopenharmony_ci -S "key exchange mode: ephemeral" 90a8e1175bSopenharmony_ci 91a8e1175bSopenharmony_cirequires_gnutls_tls1_3 92a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 93a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 94a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 95a8e1175bSopenharmony_cirequires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 96a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 97a8e1175bSopenharmony_cirun_test "TLS 1.3: G->m: PSK: configured psk only, good." \ 98a8e1175bSopenharmony_ci "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 99a8e1175bSopenharmony_ci "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 100a8e1175bSopenharmony_ci --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 101a8e1175bSopenharmony_ci localhost" \ 102a8e1175bSopenharmony_ci 0 \ 103a8e1175bSopenharmony_ci -s "found psk key exchange modes extension" \ 104a8e1175bSopenharmony_ci -s "found pre_shared_key extension" \ 105a8e1175bSopenharmony_ci -s "Found PSK_EPHEMERAL KEX MODE" \ 106a8e1175bSopenharmony_ci -s "Found PSK KEX MODE" \ 107a8e1175bSopenharmony_ci -s "key exchange mode: psk$" 108a8e1175bSopenharmony_ci 109a8e1175bSopenharmony_cirequires_gnutls_tls1_3 110a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 111a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 112a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 113a8e1175bSopenharmony_cirequires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 114a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 115a8e1175bSopenharmony_cirun_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ 116a8e1175bSopenharmony_ci "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 117a8e1175bSopenharmony_ci "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 118a8e1175bSopenharmony_ci --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 119a8e1175bSopenharmony_ci localhost" \ 120a8e1175bSopenharmony_ci 0 \ 121a8e1175bSopenharmony_ci -s "found psk key exchange modes extension" \ 122a8e1175bSopenharmony_ci -s "found pre_shared_key extension" \ 123a8e1175bSopenharmony_ci -s "Found PSK_EPHEMERAL KEX MODE" \ 124a8e1175bSopenharmony_ci -s "Found PSK KEX MODE" \ 125a8e1175bSopenharmony_ci -s "key exchange mode: psk_ephemeral$" 126a8e1175bSopenharmony_ci 127a8e1175bSopenharmony_cirequires_gnutls_tls1_3 128a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 129a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 130a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 131a8e1175bSopenharmony_cirequires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 132a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 133a8e1175bSopenharmony_cirun_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ 134a8e1175bSopenharmony_ci "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ 135a8e1175bSopenharmony_ci "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ 136a8e1175bSopenharmony_ci --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ 137a8e1175bSopenharmony_ci localhost" \ 138a8e1175bSopenharmony_ci 0 \ 139a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral$" 140a8e1175bSopenharmony_ci 141a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 142a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 143a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 144a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 145a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 146a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 147a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 148a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption" \ 149a8e1175bSopenharmony_ci "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 150a8e1175bSopenharmony_ci "$P_CLI reco_mode=1 reconnect=1" \ 151a8e1175bSopenharmony_ci 0 \ 152a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 153a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 154a8e1175bSopenharmony_ci -c "Reconnecting with saved session... ok" \ 155a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 156a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 157a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 158a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" 159a8e1175bSopenharmony_ci 160a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 161a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 162a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 163a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 164a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 165a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 166a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 167a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption with servername" \ 168a8e1175bSopenharmony_ci "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 169a8e1175bSopenharmony_ci sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 170a8e1175bSopenharmony_ci "$P_CLI server_name=localhost reco_mode=1 reconnect=1" \ 171a8e1175bSopenharmony_ci 0 \ 172a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 173a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 174a8e1175bSopenharmony_ci -c "Reconnecting with saved session... ok" \ 175a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 176a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 177a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 178a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" 179a8e1175bSopenharmony_ci 180a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 181a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 182a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 183a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 184a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 185a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 186a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 187a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \ 188a8e1175bSopenharmony_ci "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604800 tickets=1" \ 189a8e1175bSopenharmony_ci "$P_CLI reco_mode=1 reconnect=1" \ 190a8e1175bSopenharmony_ci 0 \ 191a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 192a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 193a8e1175bSopenharmony_ci -c "Reconnecting with saved session... ok" \ 194a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 195a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 196a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 197a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" 198a8e1175bSopenharmony_ci 199a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 200a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 201a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 202a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 203a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 204a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 205a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 206a8e1175bSopenharmony_cirequires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 207a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \ 208a8e1175bSopenharmony_ci "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 209a8e1175bSopenharmony_ci "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ 210a8e1175bSopenharmony_ci 0 \ 211a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 212a8e1175bSopenharmony_ci -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 213a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 214a8e1175bSopenharmony_ci -c "Reconnecting with saved session... ok" \ 215a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 216a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 217a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 218a8e1175bSopenharmony_ci -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" 219a8e1175bSopenharmony_ci 220a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 221a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 222a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 223a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 224a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 225a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 226a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 227a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption with early data" \ 228a8e1175bSopenharmony_ci "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 229a8e1175bSopenharmony_ci "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 230a8e1175bSopenharmony_ci 0 \ 231a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 232a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 233a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 234a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 235a8e1175bSopenharmony_ci -c "received max_early_data_size" \ 236a8e1175bSopenharmony_ci -c "NewSessionTicket: early_data(42) extension received." \ 237a8e1175bSopenharmony_ci -c "ClientHello: early_data(42) extension exists." \ 238a8e1175bSopenharmony_ci -c "EncryptedExtensions: early_data(42) extension received." \ 239a8e1175bSopenharmony_ci -c "bytes of early data written" \ 240a8e1175bSopenharmony_ci -C "0 bytes of early data written" \ 241a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 242a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 243a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" \ 244a8e1175bSopenharmony_ci -s "Sent max_early_data_size" \ 245a8e1175bSopenharmony_ci -s "NewSessionTicket: early_data(42) extension exists." \ 246a8e1175bSopenharmony_ci -s "ClientHello: early_data(42) extension exists." \ 247a8e1175bSopenharmony_ci -s "EncryptedExtensions: early_data(42) extension exists." \ 248a8e1175bSopenharmony_ci -s "early data bytes read" 249a8e1175bSopenharmony_ci 250a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 251a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 252a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 253a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 254a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 255a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 256a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 257a8e1175bSopenharmony_cirequires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 258a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \ 259a8e1175bSopenharmony_ci "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 260a8e1175bSopenharmony_ci "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ 261a8e1175bSopenharmony_ci 0 \ 262a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 263a8e1175bSopenharmony_ci -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 264a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 265a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 266a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 267a8e1175bSopenharmony_ci -c "received max_early_data_size" \ 268a8e1175bSopenharmony_ci -c "NewSessionTicket: early_data(42) extension received." \ 269a8e1175bSopenharmony_ci -c "ClientHello: early_data(42) extension exists." \ 270a8e1175bSopenharmony_ci -c "EncryptedExtensions: early_data(42) extension received." \ 271a8e1175bSopenharmony_ci -c "bytes of early data written" \ 272a8e1175bSopenharmony_ci -C "0 bytes of early data written" \ 273a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 274a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 275a8e1175bSopenharmony_ci -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ 276a8e1175bSopenharmony_ci -s "Sent max_early_data_size" \ 277a8e1175bSopenharmony_ci -s "NewSessionTicket: early_data(42) extension exists." \ 278a8e1175bSopenharmony_ci -s "ClientHello: early_data(42) extension exists." \ 279a8e1175bSopenharmony_ci -s "EncryptedExtensions: early_data(42) extension exists." \ 280a8e1175bSopenharmony_ci -s "early data bytes read" 281a8e1175bSopenharmony_ci 282a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 283a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 284a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 285a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 286a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 287a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 288a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 289a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \ 290a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 291a8e1175bSopenharmony_ci "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 292a8e1175bSopenharmony_ci 0 \ 293a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 294a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 295a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 296a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 297a8e1175bSopenharmony_ci -C "received max_early_data_size" \ 298a8e1175bSopenharmony_ci -C "NewSessionTicket: early_data(42) extension received." \ 299a8e1175bSopenharmony_ci -C "ClientHello: early_data(42) extension exists." \ 300a8e1175bSopenharmony_ci -C "EncryptedExtensions: early_data(42) extension received." \ 301a8e1175bSopenharmony_ci -c "0 bytes of early data written" \ 302a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 303a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 304a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" \ 305a8e1175bSopenharmony_ci -S "Sent max_early_data_size" \ 306a8e1175bSopenharmony_ci -S "NewSessionTicket: early_data(42) extension exists." \ 307a8e1175bSopenharmony_ci -S "ClientHello: early_data(42) extension exists." \ 308a8e1175bSopenharmony_ci -S "EncryptedExtensions: early_data(42) extension exists." \ 309a8e1175bSopenharmony_ci -S "early data bytes read" 310a8e1175bSopenharmony_ci 311a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 312a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 313a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 314a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 315a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 316a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 317a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 318a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \ 319a8e1175bSopenharmony_ci "$P_SRV debug_level=4 early_data=0 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 320a8e1175bSopenharmony_ci "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 321a8e1175bSopenharmony_ci 0 \ 322a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 323a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 324a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 325a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 326a8e1175bSopenharmony_ci -C "received max_early_data_size" \ 327a8e1175bSopenharmony_ci -C "NewSessionTicket: early_data(42) extension received." \ 328a8e1175bSopenharmony_ci -C "ClientHello: early_data(42) extension exists." \ 329a8e1175bSopenharmony_ci -C "EncryptedExtensions: early_data(42) extension received." \ 330a8e1175bSopenharmony_ci -c "0 bytes of early data written" \ 331a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 332a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 333a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" \ 334a8e1175bSopenharmony_ci -S "Sent max_early_data_size" \ 335a8e1175bSopenharmony_ci -S "NewSessionTicket: early_data(42) extension exists." \ 336a8e1175bSopenharmony_ci -S "ClientHello: early_data(42) extension exists." \ 337a8e1175bSopenharmony_ci -S "EncryptedExtensions: early_data(42) extension exists." \ 338a8e1175bSopenharmony_ci -S "early data bytes read" 339a8e1175bSopenharmony_ci 340a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 341a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 342a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 343a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 344a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 345a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 346a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 347a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \ 348a8e1175bSopenharmony_ci "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 349a8e1175bSopenharmony_ci "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 350a8e1175bSopenharmony_ci 0 \ 351a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 352a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 353a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 354a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 355a8e1175bSopenharmony_ci -c "received max_early_data_size" \ 356a8e1175bSopenharmony_ci -c "NewSessionTicket: early_data(42) extension received." \ 357a8e1175bSopenharmony_ci -C "ClientHello: early_data(42) extension exists." \ 358a8e1175bSopenharmony_ci -C "EncryptedExtensions: early_data(42) extension received." \ 359a8e1175bSopenharmony_ci -C "bytes of early data written" \ 360a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 361a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 362a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" \ 363a8e1175bSopenharmony_ci -s "Sent max_early_data_size" \ 364a8e1175bSopenharmony_ci -s "NewSessionTicket: early_data(42) extension exists." \ 365a8e1175bSopenharmony_ci -S "ClientHello: early_data(42) extension exists." \ 366a8e1175bSopenharmony_ci -S "EncryptedExtensions: early_data(42) extension exists." \ 367a8e1175bSopenharmony_ci -S "early data bytes read" 368a8e1175bSopenharmony_ci 369a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 370a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 371a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 372a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 373a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 374a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 375a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 376a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \ 377a8e1175bSopenharmony_ci "$P_SRV debug_level=4 early_data=1 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 378a8e1175bSopenharmony_ci "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ 379a8e1175bSopenharmony_ci 0 \ 380a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 381a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 382a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 383a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 384a8e1175bSopenharmony_ci -c "received max_early_data_size" \ 385a8e1175bSopenharmony_ci -c "NewSessionTicket: early_data(42) extension received." \ 386a8e1175bSopenharmony_ci -C "ClientHello: early_data(42) extension exists." \ 387a8e1175bSopenharmony_ci -C "EncryptedExtensions: early_data(42) extension received." \ 388a8e1175bSopenharmony_ci -C "bytes of early data written" \ 389a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 390a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 391a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" \ 392a8e1175bSopenharmony_ci -s "Sent max_early_data_size" \ 393a8e1175bSopenharmony_ci -s "NewSessionTicket: early_data(42) extension exists." \ 394a8e1175bSopenharmony_ci -S "ClientHello: early_data(42) extension exists." \ 395a8e1175bSopenharmony_ci -S "EncryptedExtensions: early_data(42) extension exists." \ 396a8e1175bSopenharmony_ci -S "early data bytes read" 397a8e1175bSopenharmony_ci 398a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 399a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 400a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 401a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 402a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 403a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 404a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 405a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \ 406a8e1175bSopenharmony_ci "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604801 tickets=1" \ 407a8e1175bSopenharmony_ci "$P_CLI reco_mode=1 reconnect=1" \ 408a8e1175bSopenharmony_ci 1 \ 409a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 410a8e1175bSopenharmony_ci -C "Saving session for reuse... ok" \ 411a8e1175bSopenharmony_ci -c "Reconnecting with saved session... failed" \ 412a8e1175bSopenharmony_ci -S "Protocol is TLSv1.3" \ 413a8e1175bSopenharmony_ci -S "key exchange mode: psk" \ 414a8e1175bSopenharmony_ci -S "Select PSK ciphersuite" \ 415a8e1175bSopenharmony_ci -s "Ticket lifetime (604801) is greater than 7 days." 416a8e1175bSopenharmony_ci 417a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 418a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 419a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 420a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 421a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 422a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 423a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 424a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \ 425a8e1175bSopenharmony_ci "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=0 tickets=1" \ 426a8e1175bSopenharmony_ci "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \ 427a8e1175bSopenharmony_ci 1 \ 428a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 429a8e1175bSopenharmony_ci -C "Saving session for reuse... ok" \ 430a8e1175bSopenharmony_ci -c "Discard new session ticket" \ 431a8e1175bSopenharmony_ci -c "Reconnecting with saved session... failed" \ 432a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 433a8e1175bSopenharmony_ci -S "key exchange mode: psk" \ 434a8e1175bSopenharmony_ci -S "Select PSK ciphersuite" 435a8e1175bSopenharmony_ci 436a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 437a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 438a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 439a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 440a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 441a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 442a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 443a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, servername check failed" \ 444a8e1175bSopenharmony_ci "$P_SRV debug_level=2 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 445a8e1175bSopenharmony_ci sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 446a8e1175bSopenharmony_ci "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \ 447a8e1175bSopenharmony_ci 1 \ 448a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 449a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 450a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 451a8e1175bSopenharmony_ci -c "Hostname mismatch the session ticket, disable session resumption." \ 452a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 453a8e1175bSopenharmony_ci -S "key exchange mode: psk" \ 454a8e1175bSopenharmony_ci -S "Select PSK ciphersuite" 455a8e1175bSopenharmony_ci 456a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 457a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 458a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 459a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 460a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 461a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 462a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 463a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \ 464a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=1" \ 465a8e1175bSopenharmony_ci "$P_CLI reco_mode=1 reconnect=1" \ 466a8e1175bSopenharmony_ci 0 \ 467a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 468a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 469a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 470a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 471a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 472a8e1175bSopenharmony_ci -S "key exchange mode: psk" \ 473a8e1175bSopenharmony_ci -s "ticket is not authentic" \ 474a8e1175bSopenharmony_ci -S "ticket is expired" \ 475a8e1175bSopenharmony_ci -S "Invalid ticket creation time" \ 476a8e1175bSopenharmony_ci -S "Ticket age exceeds limitation" \ 477a8e1175bSopenharmony_ci -S "Ticket age outside tolerance window" 478a8e1175bSopenharmony_ci 479a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 480a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 481a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 482a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 483a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 484a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 485a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 486a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, ticket expired." \ 487a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=2" \ 488a8e1175bSopenharmony_ci "$P_CLI reco_mode=1 reconnect=1" \ 489a8e1175bSopenharmony_ci 0 \ 490a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 491a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 492a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 493a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 494a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 495a8e1175bSopenharmony_ci -S "key exchange mode: psk" \ 496a8e1175bSopenharmony_ci -S "ticket is not authentic" \ 497a8e1175bSopenharmony_ci -s "ticket is expired" \ 498a8e1175bSopenharmony_ci -S "Invalid ticket creation time" \ 499a8e1175bSopenharmony_ci -S "Ticket age exceeds limitation" \ 500a8e1175bSopenharmony_ci -S "Ticket age outside tolerance window" 501a8e1175bSopenharmony_ci 502a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 503a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 504a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 505a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 506a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 507a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 508a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 509a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, invalid creation time." \ 510a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=3" \ 511a8e1175bSopenharmony_ci "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 512a8e1175bSopenharmony_ci 0 \ 513a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 514a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 515a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 516a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 517a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 518a8e1175bSopenharmony_ci -S "key exchange mode: psk" \ 519a8e1175bSopenharmony_ci -S "ticket is not authentic" \ 520a8e1175bSopenharmony_ci -S "ticket is expired" \ 521a8e1175bSopenharmony_ci -s "Invalid ticket creation time" \ 522a8e1175bSopenharmony_ci -S "Ticket age exceeds limitation" \ 523a8e1175bSopenharmony_ci -S "Ticket age outside tolerance window" 524a8e1175bSopenharmony_ci 525a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 526a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 527a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 528a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 529a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 530a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 531a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 532a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \ 533a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=4" \ 534a8e1175bSopenharmony_ci "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 535a8e1175bSopenharmony_ci 0 \ 536a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 537a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 538a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 539a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 540a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 541a8e1175bSopenharmony_ci -S "key exchange mode: psk" \ 542a8e1175bSopenharmony_ci -S "ticket is not authentic" \ 543a8e1175bSopenharmony_ci -S "ticket is expired" \ 544a8e1175bSopenharmony_ci -S "Invalid ticket creation time" \ 545a8e1175bSopenharmony_ci -s "Ticket age exceeds limitation" \ 546a8e1175bSopenharmony_ci -S "Ticket age outside tolerance window" 547a8e1175bSopenharmony_ci 548a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 549a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 550a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 551a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 552a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 553a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 554a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 555a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \ 556a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=5" \ 557a8e1175bSopenharmony_ci "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 558a8e1175bSopenharmony_ci 0 \ 559a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 560a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 561a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 562a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 563a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 564a8e1175bSopenharmony_ci -S "key exchange mode: psk" \ 565a8e1175bSopenharmony_ci -S "ticket is not authentic" \ 566a8e1175bSopenharmony_ci -S "ticket is expired" \ 567a8e1175bSopenharmony_ci -S "Invalid ticket creation time" \ 568a8e1175bSopenharmony_ci -S "Ticket age exceeds limitation" \ 569a8e1175bSopenharmony_ci -s "Ticket age outside tolerance window" 570a8e1175bSopenharmony_ci 571a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 572a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 573a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 574a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 575a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 576a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 577a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 578a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \ 579a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=8 dummy_ticket=6" \ 580a8e1175bSopenharmony_ci "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 581a8e1175bSopenharmony_ci 0 \ 582a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 583a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 584a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 585a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 586a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 587a8e1175bSopenharmony_ci -S "key exchange mode: psk" \ 588a8e1175bSopenharmony_ci -S "ticket is not authentic" \ 589a8e1175bSopenharmony_ci -S "ticket is expired" \ 590a8e1175bSopenharmony_ci -S "Invalid ticket creation time" \ 591a8e1175bSopenharmony_ci -S "Ticket age exceeds limitation" \ 592a8e1175bSopenharmony_ci -s "Ticket age outside tolerance window" 593a8e1175bSopenharmony_ci 594a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 595a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 596a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 597a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 598a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 599a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 600a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \ 601a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ 602a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 603a8e1175bSopenharmony_ci 0 \ 604a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 605a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 606a8e1175bSopenharmony_ci -S "key exchange mode: psk_ephemeral" \ 607a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 608a8e1175bSopenharmony_ci -s "found matched identity" \ 609a8e1175bSopenharmony_ci -s "No suitable PSK key exchange mode" \ 610a8e1175bSopenharmony_ci -s "No usable PSK or ticket" 611a8e1175bSopenharmony_ci 612a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 613a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 614a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 615a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 616a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 617a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 618a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \ 619a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ 620a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 621a8e1175bSopenharmony_ci 0 \ 622a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 623a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 624a8e1175bSopenharmony_ci -S "key exchange mode: psk_ephemeral" \ 625a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 626a8e1175bSopenharmony_ci -s "found matched identity" \ 627a8e1175bSopenharmony_ci -S "No suitable PSK key exchange mode" \ 628a8e1175bSopenharmony_ci -S "No usable PSK or ticket" 629a8e1175bSopenharmony_ci 630a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 631a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 632a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 633a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 634a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 635a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 636a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \ 637a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ 638a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 639a8e1175bSopenharmony_ci 0 \ 640a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 641a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 642a8e1175bSopenharmony_ci -S "key exchange mode: psk_ephemeral" \ 643a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 644a8e1175bSopenharmony_ci -s "found matched identity" \ 645a8e1175bSopenharmony_ci -s "No suitable PSK key exchange mode" \ 646a8e1175bSopenharmony_ci -s "No usable PSK or ticket" 647a8e1175bSopenharmony_ci 648a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 649a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 650a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 651a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 652a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 653a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 654a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \ 655a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ 656a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 657a8e1175bSopenharmony_ci 0 \ 658a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 659a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 660a8e1175bSopenharmony_ci -S "key exchange mode: psk_ephemeral" \ 661a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 662a8e1175bSopenharmony_ci -s "found matched identity" \ 663a8e1175bSopenharmony_ci -S "No suitable PSK key exchange mode" \ 664a8e1175bSopenharmony_ci -S "No usable PSK or ticket" 665a8e1175bSopenharmony_ci 666a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 667a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 668a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 669a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 670a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 671a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 672a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \ 673a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ 674a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 675a8e1175bSopenharmony_ci 0 \ 676a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 677a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 678a8e1175bSopenharmony_ci -S "key exchange mode: psk_ephemeral" \ 679a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 680a8e1175bSopenharmony_ci -s "found matched identity" \ 681a8e1175bSopenharmony_ci -s "No suitable PSK key exchange mode" \ 682a8e1175bSopenharmony_ci -s "No usable PSK or ticket" 683a8e1175bSopenharmony_ci 684a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 685a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 686a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 687a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 688a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 689a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 690a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \ 691a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ 692a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 693a8e1175bSopenharmony_ci 0 \ 694a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 695a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 696a8e1175bSopenharmony_ci -S "key exchange mode: psk_ephemeral" \ 697a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 698a8e1175bSopenharmony_ci -s "found matched identity" \ 699a8e1175bSopenharmony_ci -s "No suitable PSK key exchange mode" \ 700a8e1175bSopenharmony_ci -s "No usable PSK or ticket" 701a8e1175bSopenharmony_ci 702a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 703a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 704a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 705a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 706a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 707a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 708a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \ 709a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ 710a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 711a8e1175bSopenharmony_ci 0 \ 712a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 713a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 714a8e1175bSopenharmony_ci -s "key exchange mode: psk_ephemeral" \ 715a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 716a8e1175bSopenharmony_ci -s "found matched identity" \ 717a8e1175bSopenharmony_ci -S "No suitable PSK key exchange mode" \ 718a8e1175bSopenharmony_ci -S "No usable PSK or ticket" 719a8e1175bSopenharmony_ci 720a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 721a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 722a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 723a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 724a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 725a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 726a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \ 727a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ 728a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 729a8e1175bSopenharmony_ci 0 \ 730a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 731a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 732a8e1175bSopenharmony_ci -s "key exchange mode: psk_ephemeral" \ 733a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 734a8e1175bSopenharmony_ci -s "found matched identity" \ 735a8e1175bSopenharmony_ci -S "No suitable PSK key exchange mode" \ 736a8e1175bSopenharmony_ci -S "No usable PSK or ticket" 737a8e1175bSopenharmony_ci 738a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 739a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 740a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 741a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 742a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 743a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 744a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 745a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \ 746a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=7" \ 747a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 748a8e1175bSopenharmony_ci 0 \ 749a8e1175bSopenharmony_ci -c "Pre-configured PSK number = 1" \ 750a8e1175bSopenharmony_ci -S "sent selected_identity:" \ 751a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 752a8e1175bSopenharmony_ci -S "key exchange mode: psk_ephemeral" \ 753a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 754a8e1175bSopenharmony_ci -s "No suitable PSK key exchange mode" \ 755a8e1175bSopenharmony_ci -s "No usable PSK or ticket" 756a8e1175bSopenharmony_ci 757a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 758a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 759a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 760a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 761a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 762a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 763a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 764a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \ 765a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=8" \ 766a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 767a8e1175bSopenharmony_ci 0 \ 768a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 769a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 770a8e1175bSopenharmony_ci -S "key exchange mode: psk_ephemeral" \ 771a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 772a8e1175bSopenharmony_ci -s "found matched identity" \ 773a8e1175bSopenharmony_ci -S "No suitable PSK key exchange mode" \ 774a8e1175bSopenharmony_ci -S "No usable PSK or ticket" 775a8e1175bSopenharmony_ci 776a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 777a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 778a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 779a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 780a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 781a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 782a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 783a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \ 784a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=9" \ 785a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 786a8e1175bSopenharmony_ci 0 \ 787a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 788a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 789a8e1175bSopenharmony_ci -s "key exchange mode: psk_ephemeral" \ 790a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 791a8e1175bSopenharmony_ci -s "found matched identity" \ 792a8e1175bSopenharmony_ci -S "No suitable PSK key exchange mode" \ 793a8e1175bSopenharmony_ci -S "No usable PSK or ticket" 794a8e1175bSopenharmony_ci 795a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \ 796a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 797a8e1175bSopenharmony_ci MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 798a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C \ 799a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 800a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 801a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 802a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \ 803a8e1175bSopenharmony_ci "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key dummy_ticket=10" \ 804a8e1175bSopenharmony_ci "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 805a8e1175bSopenharmony_ci 0 \ 806a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 807a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 808a8e1175bSopenharmony_ci -s "key exchange mode: psk_ephemeral" \ 809a8e1175bSopenharmony_ci -S "key exchange mode: psk$" \ 810a8e1175bSopenharmony_ci -s "found matched identity" \ 811a8e1175bSopenharmony_ci -S "No suitable PSK key exchange mode" \ 812a8e1175bSopenharmony_ci -S "No usable PSK or ticket" 813a8e1175bSopenharmony_ci 814a8e1175bSopenharmony_cirequires_openssl_tls1_3_with_compatible_ephemeral 815a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 816a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 817a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 818a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 819a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 820a8e1175bSopenharmony_cirun_test "TLS 1.3 m->O: resumption" \ 821a8e1175bSopenharmony_ci "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 822a8e1175bSopenharmony_ci "$P_CLI reco_mode=1 reconnect=1" \ 823a8e1175bSopenharmony_ci 0 \ 824a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 825a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 826a8e1175bSopenharmony_ci -c "Reconnecting with saved session... ok" \ 827a8e1175bSopenharmony_ci -c "HTTP/1.0 200 ok" 828a8e1175bSopenharmony_ci 829a8e1175bSopenharmony_ci# No early data m->O tests for the time being. The option -early_data is needed 830a8e1175bSopenharmony_ci# to enable early data on OpenSSL server and it is not compatible with the 831a8e1175bSopenharmony_ci# -www option we usually use for testing with OpenSSL server (see 832a8e1175bSopenharmony_ci# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the 833a8e1175bSopenharmony_ci# ephemeral then ticket based scenario we use for early data testing the first 834a8e1175bSopenharmony_ci# handshake fails. The following skipped test is here to illustrate the kind 835a8e1175bSopenharmony_ci# of testing we would like to do. 836a8e1175bSopenharmony_ciskip_next_test 837a8e1175bSopenharmony_cirequires_openssl_tls1_3_with_compatible_ephemeral 838a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 839a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA \ 840a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 841a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 842a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 843a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 844a8e1175bSopenharmony_cirun_test "TLS 1.3 m->O: resumption with early data" \ 845a8e1175bSopenharmony_ci "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ 846a8e1175bSopenharmony_ci "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 847a8e1175bSopenharmony_ci 0 \ 848a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 849a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 850a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 851a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 852a8e1175bSopenharmony_ci -c "received max_early_data_size: 16384" \ 853a8e1175bSopenharmony_ci -c "NewSessionTicket: early_data(42) extension received." \ 854a8e1175bSopenharmony_ci -c "ClientHello: early_data(42) extension exists." \ 855a8e1175bSopenharmony_ci -c "EncryptedExtensions: early_data(42) extension received." \ 856a8e1175bSopenharmony_ci -c "bytes of early data written" \ 857a8e1175bSopenharmony_ci -s "decrypted early data with length:" 858a8e1175bSopenharmony_ci 859a8e1175bSopenharmony_cirequires_gnutls_tls1_3 860a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 861a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 862a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 863a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 864a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 865a8e1175bSopenharmony_cirun_test "TLS 1.3 m->G: resumption" \ 866a8e1175bSopenharmony_ci "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 867a8e1175bSopenharmony_ci "$P_CLI reco_mode=1 reconnect=1" \ 868a8e1175bSopenharmony_ci 0 \ 869a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 870a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 871a8e1175bSopenharmony_ci -c "Reconnecting with saved session... ok" \ 872a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" 873a8e1175bSopenharmony_ci 874a8e1175bSopenharmony_cirequires_gnutls_tls1_3 875a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_CLI_C \ 876a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 877a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 878a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 879a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 880a8e1175bSopenharmony_cirequires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 881a8e1175bSopenharmony_cirun_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \ 882a8e1175bSopenharmony_ci "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 883a8e1175bSopenharmony_ci "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ 884a8e1175bSopenharmony_ci 0 \ 885a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 886a8e1175bSopenharmony_ci -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 887a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 888a8e1175bSopenharmony_ci -c "Reconnecting with saved session... ok" \ 889a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" 890a8e1175bSopenharmony_ci 891a8e1175bSopenharmony_cirequires_gnutls_tls1_3 892a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 893a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA \ 894a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 895a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 896a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 897a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 898a8e1175bSopenharmony_cirun_test "TLS 1.3 m->G: resumption with early data" \ 899a8e1175bSopenharmony_ci "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 900a8e1175bSopenharmony_ci --earlydata --maxearlydata 16384" \ 901a8e1175bSopenharmony_ci "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 902a8e1175bSopenharmony_ci 0 \ 903a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 904a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 905a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 906a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 907a8e1175bSopenharmony_ci -c "received max_early_data_size: 16384" \ 908a8e1175bSopenharmony_ci -c "NewSessionTicket: early_data(42) extension received." \ 909a8e1175bSopenharmony_ci -c "ClientHello: early_data(42) extension exists." \ 910a8e1175bSopenharmony_ci -c "EncryptedExtensions: early_data(42) extension received." \ 911a8e1175bSopenharmony_ci -c "bytes of early data written" \ 912a8e1175bSopenharmony_ci -s "decrypted early data with length:" 913a8e1175bSopenharmony_ci 914a8e1175bSopenharmony_cirequires_gnutls_tls1_3 915a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 916a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA \ 917a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 918a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 919a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 920a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 921a8e1175bSopenharmony_cirequires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 922a8e1175bSopenharmony_cirun_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \ 923a8e1175bSopenharmony_ci "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 924a8e1175bSopenharmony_ci --earlydata --maxearlydata 16384" \ 925a8e1175bSopenharmony_ci "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ 926a8e1175bSopenharmony_ci 0 \ 927a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 928a8e1175bSopenharmony_ci -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 929a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 930a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 931a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 932a8e1175bSopenharmony_ci -c "received max_early_data_size: 16384" \ 933a8e1175bSopenharmony_ci -c "NewSessionTicket: early_data(42) extension received." \ 934a8e1175bSopenharmony_ci -c "ClientHello: early_data(42) extension exists." \ 935a8e1175bSopenharmony_ci -c "EncryptedExtensions: early_data(42) extension received." \ 936a8e1175bSopenharmony_ci -c "bytes of early data written" \ 937a8e1175bSopenharmony_ci -s "decrypted early data with length:" 938a8e1175bSopenharmony_ci 939a8e1175bSopenharmony_cirequires_gnutls_tls1_3 940a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 941a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA \ 942a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 943a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 944a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 945a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 946a8e1175bSopenharmony_cirun_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \ 947a8e1175bSopenharmony_ci "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ 948a8e1175bSopenharmony_ci "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ 949a8e1175bSopenharmony_ci 0 \ 950a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 951a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 952a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 953a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 954a8e1175bSopenharmony_ci -C "received max_early_data_size: 16384" \ 955a8e1175bSopenharmony_ci -C "NewSessionTicket: early_data(42) extension received." \ 956a8e1175bSopenharmony_ci 957a8e1175bSopenharmony_cirequires_gnutls_tls1_3 958a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 959a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA \ 960a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 961a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 962a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 963a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 964a8e1175bSopenharmony_cirun_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \ 965a8e1175bSopenharmony_ci "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 966a8e1175bSopenharmony_ci --earlydata --maxearlydata 16384" \ 967a8e1175bSopenharmony_ci "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ 968a8e1175bSopenharmony_ci 0 \ 969a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 970a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 971a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 972a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 973a8e1175bSopenharmony_ci -c "received max_early_data_size: 16384" \ 974a8e1175bSopenharmony_ci -c "NewSessionTicket: early_data(42) extension received." \ 975a8e1175bSopenharmony_ci -C "ClientHello: early_data(42) extension exists." \ 976a8e1175bSopenharmony_ci 977a8e1175bSopenharmony_cirequires_gnutls_tls1_3 978a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ 979a8e1175bSopenharmony_ci MBEDTLS_SSL_EARLY_DATA \ 980a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 981a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 982a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ 983a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 984a8e1175bSopenharmony_cirun_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \ 985a8e1175bSopenharmony_ci "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ 986a8e1175bSopenharmony_ci --earlydata --maxearlydata 16384" \ 987a8e1175bSopenharmony_ci "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ 988a8e1175bSopenharmony_ci 0 \ 989a8e1175bSopenharmony_ci -c "Protocol is TLSv1.3" \ 990a8e1175bSopenharmony_ci -c "Saving session for reuse... ok" \ 991a8e1175bSopenharmony_ci -c "Reconnecting with saved session" \ 992a8e1175bSopenharmony_ci -c "HTTP/1.0 200 OK" \ 993a8e1175bSopenharmony_ci -c "received max_early_data_size: 16384" \ 994a8e1175bSopenharmony_ci -c "NewSessionTicket: early_data(42) extension received." \ 995a8e1175bSopenharmony_ci -C "ClientHello: early_data(42) extension exists." \ 996a8e1175bSopenharmony_ci 997a8e1175bSopenharmony_cirequires_openssl_tls1_3_with_compatible_ephemeral 998a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ 999a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1000a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1001a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1002a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1003a8e1175bSopenharmony_ci# https://github.com/openssl/openssl/issues/10714 1004a8e1175bSopenharmony_ci# Until now, OpenSSL client does not support reconnect. 1005a8e1175bSopenharmony_ciskip_next_test 1006a8e1175bSopenharmony_cirun_test "TLS 1.3 O->m: resumption" \ 1007a8e1175bSopenharmony_ci "$P_SRV debug_level=2 tickets=1" \ 1008a8e1175bSopenharmony_ci "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \ 1009a8e1175bSopenharmony_ci 0 \ 1010a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 1011a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 1012a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" 1013a8e1175bSopenharmony_ci 1014a8e1175bSopenharmony_cirequires_gnutls_tls1_3 1015a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1016a8e1175bSopenharmony_ci MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1017a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1018a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1019a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1020a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1021a8e1175bSopenharmony_cirun_test "TLS 1.3 G->m: resumption" \ 1022a8e1175bSopenharmony_ci "$P_SRV debug_level=2 tickets=1" \ 1023a8e1175bSopenharmony_ci "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 1024a8e1175bSopenharmony_ci 0 \ 1025a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 1026a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 1027a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" 1028a8e1175bSopenharmony_ci 1029a8e1175bSopenharmony_cirequires_gnutls_tls1_3 1030a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1031a8e1175bSopenharmony_ci MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ 1032a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1033a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1034a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1035a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1036a8e1175bSopenharmony_cirequires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 1037a8e1175bSopenharmony_ci# Test the session resumption when the cipher suite for the original session is 1038a8e1175bSopenharmony_ci# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not 1039a8e1175bSopenharmony_ci# 256 bits long as with all the other TLS 1.3 cipher suites. 1040a8e1175bSopenharmony_cirun_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \ 1041a8e1175bSopenharmony_ci "$P_SRV debug_level=2 tickets=1" \ 1042a8e1175bSopenharmony_ci "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \ 1043a8e1175bSopenharmony_ci 0 \ 1044a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 1045a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 1046a8e1175bSopenharmony_ci -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" 1047a8e1175bSopenharmony_ci 1048a8e1175bSopenharmony_ciEARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) 1049a8e1175bSopenharmony_ciEARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) 1050a8e1175bSopenharmony_ci 1051a8e1175bSopenharmony_cirequires_gnutls_tls1_3 1052a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1053a8e1175bSopenharmony_ci MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1054a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1055a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1056a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1057a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1058a8e1175bSopenharmony_cirun_test "TLS 1.3 G->m: resumption with early data" \ 1059a8e1175bSopenharmony_ci "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1060a8e1175bSopenharmony_ci "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1061a8e1175bSopenharmony_ci --earlydata $EARLY_DATA_INPUT" \ 1062a8e1175bSopenharmony_ci 0 \ 1063a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 1064a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 1065a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" \ 1066a8e1175bSopenharmony_ci -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1067a8e1175bSopenharmony_ci -s "NewSessionTicket: early_data(42) extension exists." \ 1068a8e1175bSopenharmony_ci -s "ClientHello: early_data(42) extension exists." \ 1069a8e1175bSopenharmony_ci -s "EncryptedExtensions: early_data(42) extension exists." \ 1070a8e1175bSopenharmony_ci -s "$( head -1 $EARLY_DATA_INPUT )" \ 1071a8e1175bSopenharmony_ci -s "$( tail -1 $EARLY_DATA_INPUT )" \ 1072a8e1175bSopenharmony_ci -s "200 early data bytes read" \ 1073a8e1175bSopenharmony_ci -s "106 early data bytes read" 1074a8e1175bSopenharmony_ci 1075a8e1175bSopenharmony_cirequires_gnutls_tls1_3 1076a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1077a8e1175bSopenharmony_ci MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1078a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1079a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1080a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1081a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1082a8e1175bSopenharmony_cirequires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 1083a8e1175bSopenharmony_cirun_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \ 1084a8e1175bSopenharmony_ci "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1085a8e1175bSopenharmony_ci "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \ 1086a8e1175bSopenharmony_ci --earlydata $EARLY_DATA_INPUT" \ 1087a8e1175bSopenharmony_ci 0 \ 1088a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 1089a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 1090a8e1175bSopenharmony_ci -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ 1091a8e1175bSopenharmony_ci -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ 1092a8e1175bSopenharmony_ci -s "NewSessionTicket: early_data(42) extension exists." \ 1093a8e1175bSopenharmony_ci -s "ClientHello: early_data(42) extension exists." \ 1094a8e1175bSopenharmony_ci -s "EncryptedExtensions: early_data(42) extension exists." \ 1095a8e1175bSopenharmony_ci -s "$( head -1 $EARLY_DATA_INPUT )" \ 1096a8e1175bSopenharmony_ci -s "$( tail -1 $EARLY_DATA_INPUT )" \ 1097a8e1175bSopenharmony_ci -s "200 early data bytes read" \ 1098a8e1175bSopenharmony_ci -s "106 early data bytes read" 1099a8e1175bSopenharmony_ci 1100a8e1175bSopenharmony_ci# The Mbed TLS server does not allow early data for the ticket it sends but 1101a8e1175bSopenharmony_ci# the GnuTLS indicates early data anyway when resuming with the ticket and 1102a8e1175bSopenharmony_ci# sends early data. The Mbed TLS server does not expect early data in 1103a8e1175bSopenharmony_ci# association with the ticket thus it eventually fails the resumption 1104a8e1175bSopenharmony_ci# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 1105a8e1175bSopenharmony_ci# specification and thus its behavior may change in following versions. 1106a8e1175bSopenharmony_cirequires_gnutls_tls1_3 1107a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1108a8e1175bSopenharmony_ci MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1109a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1110a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1111a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1112a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1113a8e1175bSopenharmony_cirun_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \ 1114a8e1175bSopenharmony_ci "$P_SRV debug_level=4 tickets=1" \ 1115a8e1175bSopenharmony_ci "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1116a8e1175bSopenharmony_ci --earlydata $EARLY_DATA_INPUT" \ 1117a8e1175bSopenharmony_ci 1 \ 1118a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 1119a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 1120a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" \ 1121a8e1175bSopenharmony_ci -S "Sent max_early_data_size" \ 1122a8e1175bSopenharmony_ci -S "NewSessionTicket: early_data(42) extension exists." \ 1123a8e1175bSopenharmony_ci -s "ClientHello: early_data(42) extension exists." \ 1124a8e1175bSopenharmony_ci -s "EarlyData: rejected, feature disabled in server configuration." \ 1125a8e1175bSopenharmony_ci -S "EncryptedExtensions: early_data(42) extension exists." \ 1126a8e1175bSopenharmony_ci -s "EarlyData: deprotect and discard app data records" \ 1127a8e1175bSopenharmony_ci -s "EarlyData: Too much early data received" 1128a8e1175bSopenharmony_ci 1129a8e1175bSopenharmony_ci# The Mbed TLS server does not allow early data for the ticket it sends but 1130a8e1175bSopenharmony_ci# the GnuTLS indicates early data anyway when resuming with the ticket and 1131a8e1175bSopenharmony_ci# sends early data. The Mbed TLS server does not expect early data in 1132a8e1175bSopenharmony_ci# association with the ticket thus it eventually fails the resumption 1133a8e1175bSopenharmony_ci# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 1134a8e1175bSopenharmony_ci# specification and thus its behavior may change in following versions. 1135a8e1175bSopenharmony_cirequires_gnutls_tls1_3 1136a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1137a8e1175bSopenharmony_ci MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1138a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1139a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1140a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1141a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1142a8e1175bSopenharmony_cirun_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \ 1143a8e1175bSopenharmony_ci "$P_SRV debug_level=4 tickets=1 early_data=0" \ 1144a8e1175bSopenharmony_ci "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ 1145a8e1175bSopenharmony_ci --earlydata $EARLY_DATA_INPUT" \ 1146a8e1175bSopenharmony_ci 1 \ 1147a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 1148a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 1149a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" \ 1150a8e1175bSopenharmony_ci -S "Sent max_early_data_size" \ 1151a8e1175bSopenharmony_ci -S "NewSessionTicket: early_data(42) extension exists." \ 1152a8e1175bSopenharmony_ci -s "ClientHello: early_data(42) extension exists." \ 1153a8e1175bSopenharmony_ci -s "EarlyData: rejected, feature disabled in server configuration." \ 1154a8e1175bSopenharmony_ci -S "EncryptedExtensions: early_data(42) extension exists." \ 1155a8e1175bSopenharmony_ci -s "EarlyData: deprotect and discard app data records" \ 1156a8e1175bSopenharmony_ci -s "EarlyData: Too much early data received" 1157a8e1175bSopenharmony_ci 1158a8e1175bSopenharmony_cirequires_gnutls_tls1_3 1159a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ 1160a8e1175bSopenharmony_ci MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \ 1161a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 1162a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1163a8e1175bSopenharmony_cirequires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1164a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 1165a8e1175bSopenharmony_cirun_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \ 1166a8e1175bSopenharmony_ci "$P_SRV debug_level=4 tickets=1 early_data=1" \ 1167a8e1175bSopenharmony_ci "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 1168a8e1175bSopenharmony_ci 0 \ 1169a8e1175bSopenharmony_ci -s "Protocol is TLSv1.3" \ 1170a8e1175bSopenharmony_ci -s "key exchange mode: psk" \ 1171a8e1175bSopenharmony_ci -s "Select PSK ciphersuite" \ 1172a8e1175bSopenharmony_ci -s "Sent max_early_data_size" \ 1173a8e1175bSopenharmony_ci -s "NewSessionTicket: early_data(42) extension exists." \ 1174a8e1175bSopenharmony_ci -S "ClientHello: early_data(42) extension exists." \ 1175a8e1175bSopenharmony_ci -S "EncryptedExtensions: early_data(42) extension exists." 1176a8e1175bSopenharmony_ci 1177a8e1175bSopenharmony_cirequires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ 1178a8e1175bSopenharmony_ci MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ 1179a8e1175bSopenharmony_ci MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ 1180a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ 1181a8e1175bSopenharmony_ci MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 1182a8e1175bSopenharmony_cirun_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \ 1183a8e1175bSopenharmony_ci "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \ 1184a8e1175bSopenharmony_ci "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \ 1185a8e1175bSopenharmony_ci 0 \ 1186a8e1175bSopenharmony_ci -s "key exchange mode: ephemeral" \ 1187a8e1175bSopenharmony_ci -S "key exchange mode: psk" \ 1188a8e1175bSopenharmony_ci -s "found matched identity" \ 1189a8e1175bSopenharmony_ci -s "EarlyData: rejected, not a session resumption" \ 1190a8e1175bSopenharmony_ci -C "EncryptedExtensions: early_data(42) extension exists." 1191