diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 52ae002655..84b72e8b4c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,10 +13874,9 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -# To warrant that the handhake messages are large enough and need to be split +# To guarantee that the handhake messages are large enough and need to be split # into fragments, the tests require certificate authentication. The party in control -# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes) -# either from O_NEXT_SRV or test data. +# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ @@ -13897,9 +13896,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" -# Since the removal of the DHE-RSA key exchange, the default openssl server -# certificate does not match what is provided by the testing client. Those -# use-cases are out of scope for defregmentation testing, and should be skipped. +#The server uses an ECDSA cert, so make sure we have a compatible key exchange requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -14220,12 +14217,12 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" -# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14246,7 +14243,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14267,7 +14264,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14288,7 +14285,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14309,7 +14306,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14330,7 +14327,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14351,7 +14348,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14372,7 +14369,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14393,7 +14390,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ @@ -14404,7 +14401,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \