diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index 6672dab6f..0b0667c85 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -445,6 +445,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \ @@ -462,6 +463,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \ @@ -479,6 +481,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \ @@ -497,6 +500,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \ @@ -928,6 +932,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \ @@ -945,6 +950,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \ @@ -962,6 +968,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \ @@ -980,6 +987,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \ @@ -1411,6 +1419,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \ @@ -1428,6 +1437,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \ @@ -1445,6 +1455,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \ @@ -1463,6 +1474,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \ @@ -1894,6 +1906,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \ @@ -1911,6 +1924,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \ @@ -1928,6 +1942,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \ @@ -1946,6 +1961,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \ @@ -2377,6 +2393,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \ @@ -2394,6 +2411,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \ @@ -2411,6 +2429,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \ @@ -2429,6 +2448,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \ @@ -5535,6 +5555,7 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -5553,6 +5574,7 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -5571,6 +5593,7 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -5589,6 +5612,7 @@ run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -6046,6 +6070,7 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -6064,6 +6089,7 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -6082,6 +6108,7 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -6100,6 +6127,7 @@ run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -6557,6 +6585,7 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -6575,6 +6604,7 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha25 requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -6593,6 +6623,7 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha38 requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -6611,6 +6642,7 @@ run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha51 requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -7068,6 +7100,7 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -7086,6 +7119,7 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -7104,6 +7138,7 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -7122,6 +7157,7 @@ run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -7579,6 +7615,7 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -7597,6 +7634,7 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -7615,6 +7653,7 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -7633,6 +7672,7 @@ run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -14156,6 +14196,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe8192" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe8192 -msg -tls1_3" \ @@ -14246,6 +14287,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe8192" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe8192 -msg -tls1_3" \ @@ -14336,6 +14378,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe8192" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe8192 -msg -tls1_3" \ @@ -14426,6 +14469,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe8192" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe8192 -msg -tls1_3" \ @@ -14516,6 +14560,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR x448 -> ffdhe8192" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe8192 -msg -tls1_3" \ @@ -14611,6 +14656,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR ffdhe2048 -> ffdhe8192" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:ffdhe8192 -msg -tls1_3" \ @@ -14627,6 +14673,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_ECDH_C requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp256r1" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-256 -msg -tls1_3" \ @@ -14643,6 +14690,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_ECDH_C requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp384r1" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-384 -msg -tls1_3" \ @@ -14659,6 +14707,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_ECDH_C requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp521r1" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-521 -msg -tls1_3" \ @@ -14675,6 +14724,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_ECDH_C requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x25519" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X25519 -msg -tls1_3" \ @@ -14691,6 +14741,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_ECDH_C requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x448" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X448 -msg -tls1_3" \ @@ -14706,6 +14757,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 run_test "TLS 1.3 O->m: HRR ffdhe8192 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:ffdhe2048 -msg -tls1_3" \ @@ -15510,6 +15562,7 @@ run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -15620,6 +15673,7 @@ run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -15730,6 +15784,7 @@ run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -15840,6 +15895,7 @@ run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -15950,6 +16006,7 @@ run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -16059,6 +16116,7 @@ run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \ requires_openssl_tls1_3 requires_openssl_3_x +client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index 99ee9c961..e664febb7 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -185,6 +185,11 @@ class OpenSSLBase(TLSProgram): if any(x in ffdh_groups for x in self._named_groups): ret.append('requires_openssl_3_x') + # ffdhe8192 has very long keys and requires intensive computation. + # The test may fail on CI when executor is just very loaded. Give a second chance. + if 'ffdhe8192' in self._named_groups: + ret.append('client_needs_more_time 2') + return ret