70-test_tls13messages.t revision 1.1
1 #! /usr/bin/env perl 2 # Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. 3 # 4 # Licensed under the Apache License 2.0 (the "License"). You may not use 5 # this file except in compliance with the License. You can obtain a copy 6 # in the file LICENSE in the source distribution or at 7 # https://www.openssl.org/source/license.html 8 9 use strict; 10 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 11 use OpenSSL::Test::Utils; 12 use File::Temp qw(tempfile); 13 use TLSProxy::Proxy; 14 use checkhandshake qw(checkhandshake @handmessages @extensions); 15 16 my $test_name = "test_tls13messages"; 17 setup($test_name); 18 19 plan skip_all => "TLSProxy isn't usable on $^O" 20 if $^O =~ /^(VMS)$/; 21 22 plan skip_all => "$test_name needs the dynamic engine feature enabled" 23 if disabled("engine") || disabled("dynamic-engine"); 24 25 plan skip_all => "$test_name needs the sock feature enabled" 26 if disabled("sock"); 27 28 plan skip_all => "$test_name needs TLSv1.3 enabled" 29 if disabled("tls1_3"); 30 31 plan skip_all => "$test_name needs EC enabled" 32 if disabled("ec"); 33 34 @handmessages = ( 35 [TLSProxy::Message::MT_CLIENT_HELLO, 36 checkhandshake::ALL_HANDSHAKES], 37 [TLSProxy::Message::MT_SERVER_HELLO, 38 checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 39 [TLSProxy::Message::MT_CLIENT_HELLO, 40 checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 41 [TLSProxy::Message::MT_SERVER_HELLO, 42 checkhandshake::ALL_HANDSHAKES], 43 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, 44 checkhandshake::ALL_HANDSHAKES], 45 [TLSProxy::Message::MT_CERTIFICATE_REQUEST, 46 checkhandshake::CLIENT_AUTH_HANDSHAKE], 47 [TLSProxy::Message::MT_CERTIFICATE, 48 checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 49 [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 50 checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 51 [TLSProxy::Message::MT_FINISHED, 52 checkhandshake::ALL_HANDSHAKES], 53 [TLSProxy::Message::MT_CERTIFICATE, 54 checkhandshake::CLIENT_AUTH_HANDSHAKE], 55 [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 56 checkhandshake::CLIENT_AUTH_HANDSHAKE], 57 [TLSProxy::Message::MT_FINISHED, 58 checkhandshake::ALL_HANDSHAKES], 59 [0, 0] 60 ); 61 62 @extensions = ( 63 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 64 TLSProxy::Message::CLIENT, 65 checkhandshake::SERVER_NAME_CLI_EXTENSION], 66 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 67 TLSProxy::Message::CLIENT, 68 checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 69 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 70 TLSProxy::Message::CLIENT, 71 checkhandshake::DEFAULT_EXTENSIONS], 72 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 73 TLSProxy::Message::CLIENT, 74 checkhandshake::DEFAULT_EXTENSIONS], 75 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 76 TLSProxy::Message::CLIENT, 77 checkhandshake::DEFAULT_EXTENSIONS], 78 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 79 TLSProxy::Message::CLIENT, 80 checkhandshake::ALPN_CLI_EXTENSION], 81 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 82 TLSProxy::Message::CLIENT, 83 checkhandshake::SCT_CLI_EXTENSION], 84 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 85 TLSProxy::Message::CLIENT, 86 checkhandshake::DEFAULT_EXTENSIONS], 87 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 88 TLSProxy::Message::CLIENT, 89 checkhandshake::DEFAULT_EXTENSIONS], 90 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 91 TLSProxy::Message::CLIENT, 92 checkhandshake::DEFAULT_EXTENSIONS], 93 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 94 TLSProxy::Message::CLIENT, 95 checkhandshake::DEFAULT_EXTENSIONS], 96 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 97 TLSProxy::Message::CLIENT, 98 checkhandshake::DEFAULT_EXTENSIONS], 99 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 100 TLSProxy::Message::CLIENT, 101 checkhandshake::DEFAULT_EXTENSIONS], 102 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 103 TLSProxy::Message::CLIENT, 104 checkhandshake::PSK_CLI_EXTENSION], 105 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, 106 TLSProxy::Message::CLIENT, 107 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], 108 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, 109 TLSProxy::Message::CLIENT, 110 checkhandshake::DEFAULT_EXTENSIONS], 111 112 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 113 TLSProxy::Message::SERVER, 114 checkhandshake::DEFAULT_EXTENSIONS], 115 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 116 TLSProxy::Message::SERVER, 117 checkhandshake::KEY_SHARE_HRR_EXTENSION], 118 119 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 120 TLSProxy::Message::CLIENT, 121 checkhandshake::SERVER_NAME_CLI_EXTENSION], 122 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 123 TLSProxy::Message::CLIENT, 124 checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 125 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 126 TLSProxy::Message::CLIENT, 127 checkhandshake::DEFAULT_EXTENSIONS], 128 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 129 TLSProxy::Message::CLIENT, 130 checkhandshake::DEFAULT_EXTENSIONS], 131 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 132 TLSProxy::Message::CLIENT, 133 checkhandshake::DEFAULT_EXTENSIONS], 134 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 135 TLSProxy::Message::CLIENT, 136 checkhandshake::ALPN_CLI_EXTENSION], 137 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 138 TLSProxy::Message::CLIENT, 139 checkhandshake::SCT_CLI_EXTENSION], 140 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 141 TLSProxy::Message::CLIENT, 142 checkhandshake::DEFAULT_EXTENSIONS], 143 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 144 TLSProxy::Message::CLIENT, 145 checkhandshake::DEFAULT_EXTENSIONS], 146 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 147 TLSProxy::Message::CLIENT, 148 checkhandshake::DEFAULT_EXTENSIONS], 149 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 150 TLSProxy::Message::CLIENT, 151 checkhandshake::DEFAULT_EXTENSIONS], 152 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 153 TLSProxy::Message::CLIENT, 154 checkhandshake::DEFAULT_EXTENSIONS], 155 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 156 TLSProxy::Message::CLIENT, 157 checkhandshake::DEFAULT_EXTENSIONS], 158 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 159 TLSProxy::Message::CLIENT, 160 checkhandshake::PSK_CLI_EXTENSION], 161 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, 162 TLSProxy::Message::CLIENT, 163 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], 164 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, 165 TLSProxy::Message::CLIENT, 166 checkhandshake::DEFAULT_EXTENSIONS], 167 168 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 169 TLSProxy::Message::SERVER, 170 checkhandshake::DEFAULT_EXTENSIONS], 171 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 172 TLSProxy::Message::SERVER, 173 checkhandshake::DEFAULT_EXTENSIONS], 174 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, 175 TLSProxy::Message::SERVER, 176 checkhandshake::PSK_SRV_EXTENSION], 177 178 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME, 179 TLSProxy::Message::SERVER, 180 checkhandshake::SERVER_NAME_SRV_EXTENSION], 181 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN, 182 TLSProxy::Message::SERVER, 183 checkhandshake::ALPN_SRV_EXTENSION], 184 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 185 TLSProxy::Message::SERVER, 186 checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION], 187 188 [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS, 189 TLSProxy::Message::SERVER, 190 checkhandshake::DEFAULT_EXTENSIONS], 191 192 [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, 193 TLSProxy::Message::SERVER, 194 checkhandshake::STATUS_REQUEST_SRV_EXTENSION], 195 [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT, 196 TLSProxy::Message::SERVER, 197 checkhandshake::SCT_SRV_EXTENSION], 198 199 [0,0,0,0] 200 ); 201 202 my $proxy = TLSProxy::Proxy->new( 203 undef, 204 cmdstr(app(["openssl"]), display => 1), 205 srctop_file("apps", "server.pem"), 206 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 207 ); 208 209 #Test 1: Check we get all the right messages for a default handshake 210 (undef, my $session) = tempfile(); 211 $proxy->serverconnects(2); 212 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 213 $proxy->clientflags("-no_rx_cert_comp -sess_out ".$session); 214 $proxy->sessionfile($session); 215 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 216 plan tests => 17; 217 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 218 checkhandshake::DEFAULT_EXTENSIONS, 219 "Default handshake test"); 220 221 #Test 2: Resumption handshake 222 $proxy->clearClient(); 223 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 224 $proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); 225 $proxy->clientstart(); 226 checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 227 (checkhandshake::DEFAULT_EXTENSIONS 228 | checkhandshake::PSK_CLI_EXTENSION 229 | checkhandshake::PSK_SRV_EXTENSION), 230 "Resumption handshake test"); 231 232 SKIP: { 233 skip "No OCSP support in this OpenSSL build", 4 234 if disabled("ct") || disabled("ec") || disabled("ocsp"); 235 #Test 3: A status_request handshake (client request only) 236 $proxy->clear(); 237 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 238 $proxy->clientflags("-no_rx_cert_comp -status"); 239 $proxy->start(); 240 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 241 checkhandshake::DEFAULT_EXTENSIONS 242 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION, 243 "status_request handshake test (client)"); 244 245 #Test 4: A status_request handshake (server support only) 246 $proxy->clear(); 247 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 248 $proxy->clientflags("-no_rx_cert_comp"); 249 $proxy->serverflags("-no_rx_cert_comp -status_file " 250 .srctop_file("test", "recipes", "ocsp-response.der")); 251 $proxy->start(); 252 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 253 checkhandshake::DEFAULT_EXTENSIONS, 254 "status_request handshake test (server)"); 255 256 #Test 5: A status_request handshake (client and server) 257 $proxy->clear(); 258 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 259 $proxy->clientflags("-no_rx_cert_comp -status"); 260 $proxy->serverflags("-no_rx_cert_comp -status_file " 261 .srctop_file("test", "recipes", "ocsp-response.der")); 262 $proxy->start(); 263 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 264 checkhandshake::DEFAULT_EXTENSIONS 265 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 266 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 267 "status_request handshake test"); 268 269 #Test 6: A status_request handshake (client and server) with client auth 270 $proxy->clear(); 271 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 272 $proxy->clientflags("-no_rx_cert_comp -status -enable_pha -cert " 273 .srctop_file("apps", "server.pem")); 274 $proxy->serverflags("-no_rx_cert_comp -Verify 5 -status_file " 275 .srctop_file("test", "recipes", "ocsp-response.der")); 276 $proxy->start(); 277 checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, 278 checkhandshake::DEFAULT_EXTENSIONS 279 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 280 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION 281 | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, 282 "status_request handshake with client auth test"); 283 } 284 285 #Test 7: A client auth handshake 286 $proxy->clear(); 287 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 288 $proxy->clientflags("-no_rx_cert_comp -enable_pha -cert ".srctop_file("apps", "server.pem")); 289 $proxy->serverflags("-no_rx_cert_comp -Verify 5"); 290 $proxy->start(); 291 checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, 292 checkhandshake::DEFAULT_EXTENSIONS | 293 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, 294 "Client auth handshake test"); 295 296 #Test 8: Server name handshake (no client request) 297 $proxy->clear(); 298 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 299 $proxy->clientflags("-no_rx_cert_comp -noservername"); 300 $proxy->start(); 301 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 302 checkhandshake::DEFAULT_EXTENSIONS 303 & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, 304 "Server name handshake test (client)"); 305 306 #Test 9: Server name handshake (server support only) 307 $proxy->clear(); 308 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 309 $proxy->clientflags("-no_rx_cert_comp -noservername"); 310 $proxy->serverflags("-no_rx_cert_comp -servername testhost"); 311 $proxy->start(); 312 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 313 checkhandshake::DEFAULT_EXTENSIONS 314 & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, 315 "Server name handshake test (server)"); 316 317 #Test 10: Server name handshake (client and server) 318 $proxy->clear(); 319 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 320 $proxy->clientflags("-no_rx_cert_comp -servername testhost"); 321 $proxy->serverflags("-no_rx_cert_comp -servername testhost"); 322 $proxy->start(); 323 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 324 checkhandshake::DEFAULT_EXTENSIONS 325 | checkhandshake::SERVER_NAME_SRV_EXTENSION, 326 "Server name handshake test"); 327 328 #Test 11: ALPN handshake (client request only) 329 $proxy->clear(); 330 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 331 $proxy->clientflags("-no_rx_cert_comp -alpn test"); 332 $proxy->start(); 333 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 334 checkhandshake::DEFAULT_EXTENSIONS 335 | checkhandshake::ALPN_CLI_EXTENSION, 336 "ALPN handshake test (client)"); 337 338 #Test 12: ALPN handshake (server support only) 339 $proxy->clear(); 340 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 341 $proxy->clientflags("-no_rx_cert_comp"); 342 $proxy->serverflags("-no_rx_cert_comp -alpn test"); 343 $proxy->start(); 344 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 345 checkhandshake::DEFAULT_EXTENSIONS, 346 "ALPN handshake test (server)"); 347 348 #Test 13: ALPN handshake (client and server) 349 $proxy->clear(); 350 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 351 $proxy->clientflags("-no_rx_cert_comp -alpn test"); 352 $proxy->serverflags("-no_rx_cert_comp -alpn test"); 353 $proxy->start(); 354 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 355 checkhandshake::DEFAULT_EXTENSIONS 356 | checkhandshake::ALPN_CLI_EXTENSION 357 | checkhandshake::ALPN_SRV_EXTENSION, 358 "ALPN handshake test"); 359 360 SKIP: { 361 skip "No CT, EC or OCSP support in this OpenSSL build", 1 362 if disabled("ct") || disabled("ec") || disabled("ocsp"); 363 364 #Test 14: SCT handshake (client request only) 365 $proxy->clear(); 366 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 367 #Note: -ct also sends status_request 368 $proxy->clientflags("-no_rx_cert_comp -ct"); 369 $proxy->serverflags("-no_rx_cert_comp -status_file " 370 .srctop_file("test", "recipes", "ocsp-response.der") 371 ." -serverinfo ".srctop_file("test", "serverinfo2.pem")); 372 $proxy->start(); 373 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 374 checkhandshake::DEFAULT_EXTENSIONS 375 | checkhandshake::SCT_CLI_EXTENSION 376 | checkhandshake::SCT_SRV_EXTENSION 377 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 378 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 379 "SCT handshake test"); 380 } 381 382 #Test 15: HRR Handshake 383 $proxy->clear(); 384 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 385 $proxy->clientflags("-no_rx_cert_comp"); 386 $proxy->serverflags("-no_rx_cert_comp -curves P-384"); 387 $proxy->start(); 388 checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE, 389 checkhandshake::DEFAULT_EXTENSIONS 390 | checkhandshake::KEY_SHARE_HRR_EXTENSION, 391 "HRR handshake test"); 392 393 #Test 16: Resumption handshake with HRR 394 $proxy->clear(); 395 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 396 $proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); 397 $proxy->serverflags("-no_rx_cert_comp -curves P-384"); 398 $proxy->start(); 399 checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 400 (checkhandshake::DEFAULT_EXTENSIONS 401 | checkhandshake::KEY_SHARE_HRR_EXTENSION 402 | checkhandshake::PSK_CLI_EXTENSION 403 | checkhandshake::PSK_SRV_EXTENSION), 404 "Resumption handshake with HRR test"); 405 406 #Test 17: Acceptable but non preferred key_share 407 $proxy->clear(); 408 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 409 $proxy->clientflags("-no_rx_cert_comp -curves P-384"); 410 $proxy->start(); 411 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 412 checkhandshake::DEFAULT_EXTENSIONS 413 | checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION, 414 "Acceptable but non preferred key_share"); 415 416 unlink $session; 417
Indexes created Sat Feb 28 05:31:39 UTC 2026