From 70ed41754dd7dfe7a0de3e23ea89f7a63758648d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 20 Oct 2022 15:48:19 +0200 Subject: [PATCH] ssl-opt.sh: Simplify TLS 1.3 dependencies Simplify TLS 1.3 dependencies taking into account that MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED implies that MBEDTLS_SSL_PROTO_TLS1_3 is defined. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 509 ++++++++++++++++++----------------------------- 1 file changed, 198 insertions(+), 311 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8945bdf837..996cd1a4f6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6651,9 +6651,8 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ -c "! Usage does not match the keyUsage extension" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \ -cert data_files/server2.ku-ds_ke.crt" \ @@ -6664,9 +6663,8 @@ run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \ -c "Ciphersuite is" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ @@ -6677,9 +6675,8 @@ run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ -C "Ciphersuite is" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \ -cert data_files/server2.ku-ka.crt" \ @@ -6690,9 +6687,8 @@ run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ -C "Ciphersuite is" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.ku-ds.crt" \ @@ -6703,9 +6699,8 @@ run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ -c "Ciphersuite is" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.ku-ke.crt" \ @@ -6716,9 +6711,8 @@ run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ -C "Ciphersuite is" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.ku-ka.crt" \ @@ -6779,8 +6773,8 @@ run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ -S "Processing of the Certificate handshake message failed" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server2.key \ @@ -6791,8 +6785,8 @@ run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \ -S "Processing of the Certificate handshake message failed" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server2.key \ @@ -6802,8 +6796,8 @@ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ -S "Processing of the Certificate handshake message failed" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -6814,8 +6808,8 @@ run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ -S "Processing of the Certificate handshake message failed" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -6897,9 +6891,8 @@ run_test "extKeyUsage cli: codeSign -> fail" \ -C "Ciphersuite is TLS-" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-srv.crt" \ @@ -6910,9 +6903,8 @@ run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ -c "Ciphersuite is" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-srv_cli.crt" \ @@ -6923,9 +6915,8 @@ run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ -c "Ciphersuite is" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-cs_any.crt" \ @@ -6936,9 +6927,8 @@ run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ -c "Ciphersuite is" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli 1.3: codeSign -> fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ @@ -6996,8 +6986,8 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ -s "Processing of the Certificate handshake message failed" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -7007,8 +6997,8 @@ run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \ -S "Processing of the Certificate handshake message failed" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -7018,8 +7008,8 @@ run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \ -S "Processing of the Certificate handshake message failed" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -7029,8 +7019,8 @@ run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \ -S "Processing of the Certificate handshake message failed" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -11174,11 +11164,10 @@ run_test "TLS 1.3: Test gnutls tls1_3 feature" \ # TLS1.3 test cases requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: minimal feature sets - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=3" \ @@ -11208,11 +11197,10 @@ run_test "TLS 1.3: minimal feature sets - openssl" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: minimal feature sets - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=3" \ @@ -11242,12 +11230,11 @@ run_test "TLS 1.3: minimal feature sets - gnutls" \ -c "HTTP/1.0 200 OK" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_ALPN -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: alpn - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \ "$P_CLI debug_level=3 alpn=h2" \ @@ -11278,12 +11265,11 @@ run_test "TLS 1.3: alpn - openssl" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_ALPN -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: alpn - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \ "$P_CLI debug_level=3 alpn=h2" \ @@ -11314,7 +11300,6 @@ run_test "TLS 1.3: alpn - gnutls" \ -c "Application Layer Protocol is h2" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_ALPN @@ -11330,7 +11315,6 @@ run_test "TLS 1.3: server alpn - openssl" \ -s "Application Layer Protocol is h2" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_ALPN @@ -11428,11 +11412,10 @@ run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.2" \ -C "Protocol : TLSv1.2" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \ "$P_CLI debug_level=4 crt_file=none key_file=none" \ @@ -11445,11 +11428,10 @@ run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -11462,7 +11444,6 @@ run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -11477,7 +11458,6 @@ run_test "TLS 1.3: Client authentication, no server middlebox compat - openss requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -11492,11 +11472,10 @@ run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -11509,11 +11488,10 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -11525,11 +11503,10 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -11542,11 +11519,10 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -11558,11 +11534,10 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -11575,11 +11550,10 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -11591,12 +11565,11 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ @@ -11609,12 +11582,11 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ @@ -11626,12 +11598,11 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ @@ -11644,12 +11615,11 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ @@ -11661,12 +11631,11 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ @@ -11679,12 +11648,11 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ @@ -11696,12 +11664,11 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs ecdsa_secp256r1_sha256" \ @@ -11716,12 +11683,11 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - ope requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -11735,7 +11701,6 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - gnu # Test using an opaque private key for client authentication requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO @@ -11751,7 +11716,6 @@ run_test "TLS 1.3: Client authentication - opaque key, no server middlebox co requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO @@ -11767,12 +11731,11 @@ run_test "TLS 1.3: Client authentication - opaque key, no server middlebox co -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -11785,12 +11748,11 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -11802,12 +11764,11 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -11820,12 +11781,11 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -11837,12 +11797,11 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -11855,12 +11814,11 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -11872,13 +11830,12 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ @@ -11891,13 +11848,12 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ @@ -11909,13 +11865,12 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ @@ -11928,13 +11883,12 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ @@ -11946,13 +11900,12 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ @@ -11965,13 +11918,12 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ @@ -11983,13 +11935,12 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - -c "Protocol is TLSv1.3" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs ecdsa_secp256r1_sha256" \ @@ -12004,13 +11955,12 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_USE_PSA_CRYPTO -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -12022,12 +11972,11 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv -c "no suitable signature algorithm" \ -C "unkown pk type" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \ "$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4" \ @@ -12038,12 +11987,11 @@ run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \ -c "Protocol is TLSv1.3" \ -c "HTTP/1.0 200 ok" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_openssl_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4" \ @@ -12054,13 +12002,12 @@ run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ -c "Protocol is TLSv1.3" \ -c "HTTP/1.0 200 ok" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4" \ @@ -12071,13 +12018,12 @@ run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ -c "Protocol is TLSv1.3" \ -c "HTTP/1.0 200 OK" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \ "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4" \ @@ -12089,7 +12035,6 @@ run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \ -c "HTTP/1.0 200 OK" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -12106,11 +12051,10 @@ run_test "TLS 1.3: Server side check - openssl" \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_openssl_tls1_3 run_test "TLS 1.3: Server side check - openssl with client authentication" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug -cert data_files/server5.crt -key data_files/server5.key -tls1_3 -no_middlebox" \ @@ -12128,7 +12072,6 @@ run_test "TLS 1.3: Server side check - openssl with client authentication" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -12148,7 +12091,6 @@ run_test "TLS 1.3: Server side check - gnutls" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -12167,7 +12109,6 @@ run_test "TLS 1.3: Server side check - gnutls with client authentication" \ -s "=> parse client hello" \ -s "<= parse client hello" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12187,7 +12128,6 @@ run_test "TLS 1.3: Server side check - mbedtls" \ -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "HTTP/1.0 200 OK" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12205,7 +12145,6 @@ run_test "TLS 1.3: Server side check - mbedtls with client authentication" \ -s "=> parse client hello" \ -s "<= parse client hello" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12224,7 +12163,6 @@ run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" -s "=> parse client hello" \ -s "<= parse client hello" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12245,7 +12183,6 @@ run_test "TLS 1.3: Server side check - mbedtls with optional client authentic requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: server: HRR check - mbedtls" \ "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1" \ @@ -12260,7 +12197,6 @@ run_test "TLS 1.3: server: HRR check - mbedtls" \ -s "=> write hello retry request" \ -s "<= write hello retry request" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12273,11 +12209,10 @@ run_test "TLS 1.3: Server side check, no server certificate available" \ -s "No certificate available." requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - openssl with sni" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -12287,11 +12222,10 @@ run_test "TLS 1.3: Server side check - openssl with sni" \ -s "HTTP/1.0 200 OK" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - gnutls with sni" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -12300,12 +12234,11 @@ run_test "TLS 1.3: Server side check - gnutls with sni" \ -s "parse ServerName extension" \ -s "HTTP/1.0 200 OK" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - mbedtls with sni" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -12324,7 +12257,6 @@ done unset TEST_SUITE_NAME # Test 1.3 compatibility mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C @@ -12339,12 +12271,11 @@ run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 m->m both with middlebox compat support" \ "$P_SRV debug_level=4 force_version=tls13 tickets=0" \ "$P_CLI debug_level=4" \ @@ -12355,7 +12286,6 @@ run_test "TLS 1.3 m->m both with middlebox compat support" \ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12369,7 +12299,6 @@ run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12381,11 +12310,10 @@ run_test "TLS 1.3 m->O server with middlebox compat support, not client" \ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 m->O both with middlebox compat support" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4" \ @@ -12396,7 +12324,6 @@ run_test "TLS 1.3 m->O both with middlebox compat support" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12411,7 +12338,6 @@ run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12424,11 +12350,10 @@ run_test "TLS 1.3 m->G server with middlebox compat support, not client" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 m->G both with middlebox compat support" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4" \ @@ -12437,7 +12362,6 @@ run_test "TLS 1.3 m->G both with middlebox compat support" \ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C @@ -12451,11 +12375,10 @@ run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \ -C "14 03 03 00 01" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug -no_middlebox" \ @@ -12464,11 +12387,10 @@ run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 O->m both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug" \ @@ -12480,7 +12402,6 @@ run_test "TLS 1.3 O->m both with middlebox compat support" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C @@ -12496,11 +12417,10 @@ run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12513,11 +12433,10 @@ run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12526,7 +12445,6 @@ run_test "TLS 1.3 G->m both with middlebox compat support" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ -c "SSL 3.3 ChangeCipherSpec packet received" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C @@ -12542,12 +12460,11 @@ run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ @@ -12559,7 +12476,6 @@ run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12574,7 +12490,6 @@ run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12587,11 +12502,10 @@ run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ @@ -12602,7 +12516,6 @@ run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12618,7 +12531,6 @@ run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -12632,11 +12544,10 @@ run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ @@ -12645,7 +12556,6 @@ run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C @@ -12659,11 +12569,10 @@ run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" -C "14 03 03 00 01" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ @@ -12672,11 +12581,10 @@ run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ @@ -12688,7 +12596,6 @@ run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C @@ -12704,11 +12611,10 @@ run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12721,11 +12627,10 @@ run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12735,11 +12640,10 @@ run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ -c "SSL 3.3 ChangeCipherSpec packet received" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check signature algorithm order, m->O" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache @@ -12752,11 +12656,10 @@ run_test "TLS 1.3: Check signature algorithm order, m->O" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check signature algorithm order, m->G" \ "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key -d 4 @@ -12768,12 +12671,11 @@ run_test "TLS 1.3: Check signature algorithm order, m->G" \ -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ -c "HTTP/1.0 200 [Oo][Kk]" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check signature algorithm order, m->m" \ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key @@ -12789,11 +12691,10 @@ run_test "TLS 1.3: Check signature algorithm order, m->m" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check signature algorithm order, O->m" \ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key @@ -12808,11 +12709,10 @@ run_test "TLS 1.3: Check signature algorithm order, O->m" \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check signature algorithm order, G->m" \ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key @@ -12828,11 +12728,10 @@ run_test "TLS 1.3: Check signature algorithm order, G->m" \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key @@ -12845,11 +12744,10 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \ -S "ssl_tls13_pick_key_cert:check signature algorithm" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key @@ -12861,12 +12759,11 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \ 1 \ -S "ssl_tls13_pick_key_cert:check signature algorithm" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key @@ -12878,11 +12775,10 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ -S "ssl_tls13_pick_key_cert:check signature algorithm" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable certificate, G->m" \ "$P_SRV debug_level=4 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key @@ -12893,11 +12789,10 @@ run_test "TLS 1.3: Check server no suitable certificate, G->m" \ -s "ssl_tls13_pick_key_cert:no suitable certificate found" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable certificate, O->m" \ "$P_SRV debug_level=4 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key @@ -12907,12 +12802,11 @@ run_test "TLS 1.3: Check server no suitable certificate, O->m" \ 1 \ -s "ssl_tls13_pick_key_cert:no suitable certificate found" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check server no suitable certificate, m->m" \ "$P_SRV debug_level=4 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key @@ -12923,11 +12817,10 @@ run_test "TLS 1.3: Check server no suitable certificate, m->m" \ -s "ssl_tls13_pick_key_cert:no suitable certificate found" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check client no signature algorithm, m->O" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache @@ -12938,11 +12831,10 @@ run_test "TLS 1.3: Check client no signature algorithm, m->O" \ -c "no suitable signature algorithm" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check client no signature algorithm, m->G" \ "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key -d 4 @@ -12952,12 +12844,11 @@ run_test "TLS 1.3: Check client no signature algorithm, m->G" \ 1 \ -c "no suitable signature algorithm" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Check client no signature algorithm, m->m" \ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key @@ -12969,12 +12860,11 @@ run_test "TLS 1.3: Check client no signature algorithm, m->m" \ -c "no suitable signature algorithm" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \ "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 4" \ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ @@ -12986,12 +12876,11 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \ -c "HTTP/1.0 200 ok" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ @@ -13004,13 +12893,12 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ -s "This is a resumed session" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED # https://github.com/openssl/openssl/issues/10714 # Until now, OpenSSL client does not support reconnect. skip_next_test @@ -13023,13 +12911,12 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, O->m" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ @@ -13043,13 +12930,13 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ -s "key exchange mode: psk_ephemeral" \ -s "found pre_shared_key extension" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -13097,13 +12984,13 @@ run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \ -c "Protocol is TLSv1.2" \ -c "HTTP/1.0 200 [Oo][Kk]" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4 \ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -13121,13 +13008,13 @@ run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \ -s "key exchange mode: psk_ephemeral" \ -s "found pre_shared_key extension" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4 \ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \