TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

ssl-opt.sh: Use more diverse MTUs

Browse Source 
Do not use only power of 2 MTUs.
Use diverse MTUs in DTLS reassembly/
fragmenting/proxy tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2026-02-11 09:08:03 +01:00
parent 3ddc63d74e
commit 814f5da61a
1 changed files with 142 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
tests/ssl-opt.sh
View File

@@ -9931,7 +9931,7 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \
requires_gnutls requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
"$G_SRV -u --mtu 128" \ "$G_SRV -u --mtu 109" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \ 0 \
-c "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \
@@ -9943,7 +9943,7 @@ requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
"$G_SRV -u --mtu 256" \ "$G_SRV -u --mtu 241" \
"$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
0 \ 0 \
-c "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \
@@ -9984,7 +9984,7 @@ requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: some fragmentation (gnutls client)" \ run_test "DTLS reassembly: some fragmentation (gnutls client)" \
"$P_SRV debug_level=2 dtls=1 auth_mode=required" \ "$P_SRV debug_level=2 dtls=1 auth_mode=required" \
"$G_NEXT_CLI -u --mtu 256 --insecure 127.0.0.1 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" \ "$G_NEXT_CLI -u --mtu 211 --insecure 127.0.0.1 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" \
0 \ 0 \
-s "found fragmented DTLS handshake message" \ -s "found fragmented DTLS handshake message" \
-s "Certificate handshake message has been buffered and reassembled" \ -s "Certificate handshake message has been buffered and reassembled" \
@@ -10000,7 +10000,7 @@ requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation (gnutls client)" \ run_test "DTLS reassembly: more fragmentation (gnutls client)" \
"$P_SRV debug_level=2 dtls=1" \ "$P_SRV debug_level=2 dtls=1" \
"$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ "$G_NEXT_CLI -u --mtu 103 --insecure 127.0.0.1" \
0 \ 0 \
-s "ClientHello handshake message has been buffered and reassembled" \ -s "ClientHello handshake message has been buffered and reassembled" \
-S "error" -S "error"
@@ -10009,7 +10009,7 @@ requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation, nbio (gnutls client)" \ run_test "DTLS reassembly: more fragmentation, nbio (gnutls client)" \
"$P_SRV debug_level=2 dtls=1 nbio=2" \ "$P_SRV debug_level=2 dtls=1 nbio=2" \
"$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ "$G_NEXT_CLI -u --mtu 103 --insecure 127.0.0.1" \
0 \ 0 \
-s "ClientHello handshake message has been buffered and reassembled" \ -s "ClientHello handshake message has been buffered and reassembled" \
-S "error" -S "error"
@@ -10040,7 +10040,7 @@ run_test "DTLS reassembly: fragmentation (openssl server)" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
"$O_SRV -dtls -mtu 256" \ "$O_SRV -dtls -mtu 273" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \ 0 \
-c "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \
@@ -10073,7 +10073,7 @@ run_test "DTLS reassembly: some fragmentation (openssl client)" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, nbio (openssl client)" \ run_test "DTLS reassembly: fragmentation, nbio (openssl client)" \
"$P_SRV debug_level=2 dtls=1 auth_mode=required nbio=2" \ "$P_SRV debug_level=2 dtls=1 auth_mode=required nbio=2" \
"$O_NEXT_CLI -dtls -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$O_NEXT_CLI -dtls -mtu 269 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \ 0 \
-s "found fragmented DTLS handshake message" \ -s "found fragmented DTLS handshake message" \
-s "Certificate handshake message has been buffered and reassembled" \ -s "Certificate handshake message has been buffered and reassembled" \
@@ -10320,20 +10320,20 @@ run_test "DTLS fragmenting: server (MTU)" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 1024 requires_max_content_len 1038
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: both (MTU=1024)" \ run_test "DTLS fragmenting: both (MTU=1038)" \
-p "$P_PXY mtu=1024" \ -p "$P_PXY mtu=1038" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \ hs_timeout=2500-60000 \
mtu=1024" \ mtu=1038" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \ hs_timeout=2500-60000 \
mtu=1024" \ mtu=1038" \
0 \ 0 \
-s "found fragmented DTLS handshake message" \ -s "found fragmented DTLS handshake message" \
-c "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \
@@ -10343,20 +10343,20 @@ run_test "DTLS fragmenting: both (MTU=1024)" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256 requires_hash_alg SHA_256
requires_max_content_len 512 requires_max_content_len 509
run_test "DTLS fragmenting: both (MTU=512)" \ run_test "DTLS fragmenting: both (MTU=509)" \
-p "$P_PXY mtu=512" \ -p "$P_PXY mtu=509" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \ hs_timeout=2500-60000 \
mtu=512" \ mtu=509" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=2500-60000 \ hs_timeout=2500-60000 \
mtu=512" \ mtu=509" \
0 \ 0 \
-s "found fragmented DTLS handshake message" \ -s "found fragmented DTLS handshake message" \
-c "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \
@@ -10366,7 +10366,7 @@ run_test "DTLS fragmenting: both (MTU=512)" \
# maximum application data payload per record may be small with an MTU of 128. # maximum application data payload per record may be small with an MTU of 128.
# For example, with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, this maximum is # For example, with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, this maximum is
# 35 bytes. We therefore reduce the size of the client request and the server # 35 bytes. We therefore reduce the size of the client request and the server
# response in this test. # response in this test and the two following tests.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_max_content_len 128 requires_max_content_len 128
run_test "DTLS fragmenting: both (MTU=128)" \ run_test "DTLS fragmenting: both (MTU=128)" \
@@ -10393,6 +10393,58 @@ run_test "DTLS fragmenting: both (MTU=128)" \
-c "fragmenting CertificateVerify handshake message" \ -c "fragmenting CertificateVerify handshake message" \
-C "error" -C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_max_content_len 2048
run_test "DTLS fragmenting: both (MTU=107)" \
-p "$P_PXY mtu=107" \
"$P_SRV dtls=1 debug_level=5 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
response_size=8 \
hs_timeout=2500-60000 \
mtu=107" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
hs_timeout=2500-60000 \
mtu=107" \
0 \
-s "found fragmented DTLS handshake message" \
-s "fragmenting Certificate handshake message" \
-s "fragmenting ServerKeyExchange handshake message" \
-c "found fragmented DTLS handshake message" \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-c "fragmenting CertificateVerify handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_max_content_len 2048
run_test "DTLS fragmenting: both (MTU=133)" \
-p "$P_PXY mtu=133" \
"$P_SRV dtls=1 debug_level=5 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
response_size=8 \
hs_timeout=2500-60000 \
mtu=133" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
hs_timeout=2500-60000 \
mtu=133" \
0 \
-s "found fragmented DTLS handshake message" \
-s "fragmenting Certificate handshake message" \
-s "fragmenting ServerKeyExchange handshake message" \
-c "found fragmented DTLS handshake message" \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-c "fragmenting CertificateVerify handshake message" \
-C "error"
# Test for automatic MTU reduction on repeated resend. # Test for automatic MTU reduction on repeated resend.
# Forcing ciphersuite for this test to fit the MTU of 508 with full config. # Forcing ciphersuite for this test to fit the MTU of 508 with full config.
# The ratio of max/min timeout should ideally equal 4 to accept two # The ratio of max/min timeout should ideally equal 4 to accept two
@@ -10769,12 +10821,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_gnutls requires_gnutls
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=512, gnutls server, DTLS 1.2" \ run_test "DTLS fragmenting: MTU=501, gnutls server, DTLS 1.2" \
"$G_SRV -u" \ "$G_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \ mtu=501 force_version=dtls12" \
0 \ 0 \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
-C "error" -C "error"
@@ -10783,12 +10835,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_gnutls requires_gnutls
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=128, gnutls server, DTLS 1.2" \ run_test "DTLS fragmenting: MTU=110, gnutls server, DTLS 1.2" \
"$G_NEXT_SRV -u" \ "$G_NEXT_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
mtu=128 force_version=dtls12" \ request_size=35 \
mtu=110 force_version=dtls12" \
0 \ 0 \
-c "fragmenting ClientHello handshake message" \ -c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
@@ -10806,11 +10859,25 @@ requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_gnutls requires_gnutls
requires_not_i686 requires_not_i686
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=512, gnutls client, DTLS 1.2" \ run_test "DTLS fragmenting: MTU=536, gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \ "$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \ key_file=$DATA_FILES_PATH/server7.key \
mtu=512 force_version=dtls12" \ mtu=536 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting Certificate handshake message"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_gnutls
requires_not_i686
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=149, gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
mtu=149 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \ "$G_CLI -u --insecure 127.0.0.1" \
0 \ 0 \
-s "fragmenting Certificate handshake message" -s "fragmenting Certificate handshake message"
@@ -10818,12 +10885,12 @@ run_test "DTLS fragmenting: MTU=512, gnutls client, DTLS 1.2" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=512, openssl server, DTLS 1.2" \ run_test "DTLS fragmenting: MTU=525, openssl server, DTLS 1.2" \
"$O_SRV -dtls1_2 -verify 10" \ "$O_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \ mtu=525 force_version=dtls12" \
0 \ 0 \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
-C "error" -C "error"
@@ -10835,13 +10902,13 @@ run_test "DTLS fragmenting: MTU=512, openssl server, DTLS 1.2" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=128, openssl server, DTLS 1.2" \ run_test "DTLS fragmenting: MTU=130, openssl server, DTLS 1.2" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \ "$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \ request_size=8 \
mtu=128 force_version=dtls12" \ mtu=130 force_version=dtls12" \
0 \ 0 \
-c "fragmenting ClientHello handshake message" \ -c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
@@ -10859,6 +10926,18 @@ run_test "DTLS fragmenting: MTU=512, openssl client, DTLS 1.2" \
0 \ 0 \
-s "fragmenting Certificate handshake message" -s "fragmenting Certificate handshake message"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=131, openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
mtu=131 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
-s "fragmenting Certificate handshake message"
# interop tests for DTLS fragmentating with unreliable connection # interop tests for DTLS fragmentating with unreliable connection
# #
# again we just want to test that the we fragment in a way that # again we just want to test that the we fragment in a way that
@@ -10868,13 +10947,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4 client_needs_more_time 4
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=512, gnutls server, DTLS 1.2" \ run_test "DTLS fragmenting: 3d, MTU=434, gnutls server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \ "$G_NEXT_SRV -u" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \ hs_timeout=250-60000 mtu=434 force_version=dtls12" \
0 \ 0 \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
-C "error" -C "error"
@@ -10884,13 +10963,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 6 client_needs_more_time 6
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=128, gnutls server, DTLS 1.2" \ run_test "DTLS fragmenting: 3d, MTU=103, gnutls server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \ "$G_NEXT_SRV -u" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=128 force_version=dtls12" \ request_size=35 \
hs_timeout=250-60000 mtu=103 force_version=dtls12" \
0 \ 0 \
-c "fragmenting ClientHello handshake message" \ -c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
@@ -10901,12 +10981,27 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4 client_needs_more_time 4
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=512, gnutls client, DTLS 1.2" \ run_test "DTLS fragmenting: 3d, MTU=614, gnutls client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \ "$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \ hs_timeout=250-60000 mtu=614 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting Certificate handshake message"
requires_gnutls_next
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=116, gnutls client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-60000 mtu=116 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \ "$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \ 0 \
-s "fragmenting Certificate handshake message" -s "fragmenting Certificate handshake message"
@@ -10918,13 +11013,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4 client_needs_more_time 4
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=512, openssl server, DTLS 1.2" \ run_test "DTLS fragmenting: 3d, MTU=541, openssl server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \ "$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \ hs_timeout=250-60000 mtu=541 force_version=dtls12" \
0 \ 0 \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
-C "error" -C "error"
@@ -10938,14 +11033,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4 client_needs_more_time 4
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=128, openssl server, DTLS 1.2" \ run_test "DTLS fragmenting: 3d, MTU=108, openssl server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \ "$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \ request_size=8 \
hs_timeout=250-60000 mtu=128 force_version=dtls12" \ hs_timeout=250-60000 mtu=108 force_version=dtls12" \
0 \ 0 \
-c "fragmenting ClientHello handshake message" \ -c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
@@ -12045,7 +12140,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation" \ run_test "DTLS proxy: 3d, openssl server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_NEXT_SRV -dtls1_2 -mtu 256" \ "$O_NEXT_SRV -dtls1_2 -mtu 277" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \
0 \ 0 \
-c "HTTP/1.0 200 OK" \ -c "HTTP/1.0 200 OK" \
@@ -12057,7 +12152,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_NEXT_SRV -dtls1_2 -mtu 256" \ "$O_NEXT_SRV -dtls1_2 -mtu 268" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \
0 \ 0 \
-c "HTTP/1.0 200 OK" \ -c "HTTP/1.0 200 OK" \
@@ -12081,7 +12176,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl client, fragmentation" \ run_test "DTLS proxy: 3d, openssl client, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 tickets=0" \ "$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 tickets=0" \
"$O_NEXT_CLI -dtls1_2 -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$O_NEXT_CLI -dtls1_2 -mtu 260 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \ 0 \
-s "HTTP/1.0 200 OK" \ -s "HTTP/1.0 200 OK" \
-s "found fragmented DTLS handshake message" \ -s "found fragmented DTLS handshake message" \
@@ -12094,7 +12189,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl client, fragmentation, nbio" \ run_test "DTLS proxy: 3d, openssl client, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ "$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
"$O_NEXT_CLI -dtls1_2 -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$O_NEXT_CLI -dtls1_2 -mtu 259 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \ 0 \
-s "HTTP/1.0 200 OK" \ -s "HTTP/1.0 200 OK" \
-s "found fragmented DTLS handshake message" \ -s "found fragmented DTLS handshake message" \
@@ -12118,7 +12213,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \ "$G_NEXT_SRV -u --mtu 499" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \
0 \ 0 \
-s "Extra-header:" \ -s "Extra-header:" \
@@ -12131,7 +12226,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \ "$G_NEXT_SRV -u --mtu 528" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \
0 \ 0 \
-s "Extra-header:" \ -s "Extra-header:" \
@@ -12149,7 +12244,7 @@ run_test "DTLS proxy: 3d, gnutls client" \
0 \ 0 \
-s "HTTP/1.0 200 OK" -s "HTTP/1.0 200 OK"
# Set the MTU to 128 bytes. The ClientHello is not guaranteed to be surely # Set the MTU to 131 bytes. The ClientHello is not guaranteed to be surely
# fragmented but it is very likely. For example, the ClientHello sent by the # fragmented but it is very likely. For example, the ClientHello sent by the
# GnuTLS 3.7.2 client is 206 bytes in this test. We expect ClientHello # GnuTLS 3.7.2 client is 206 bytes in this test. We expect ClientHello
# fragmentation to remain the case across GnuTLS version updates. Avoid using a # fragmentation to remain the case across GnuTLS version updates. Avoid using a
@@ -12162,7 +12257,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls client, fragmentation" \ run_test "DTLS proxy: 3d, gnutls client, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2" \
"$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ "$G_NEXT_CLI -u --mtu 131 --insecure 127.0.0.1" \
0 \ 0 \
-s "HTTP/1.0 200 OK" \ -s "HTTP/1.0 200 OK" \
-s "ClientHello handshake message has been buffered and reassembled" -s "ClientHello handshake message has been buffered and reassembled"
@@ -12174,7 +12269,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls client, fragmentation, nbio=2" \ run_test "DTLS proxy: 3d, gnutls client, fragmentation, nbio=2" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 nbio=2" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 nbio=2" \
"$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ "$G_NEXT_CLI -u --mtu 135 --insecure 127.0.0.1" \
0 \ 0 \
-s "HTTP/1.0 200 OK" \ -s "HTTP/1.0 200 OK" \
-s "ClientHello handshake message has been buffered and reassembled" -s "ClientHello handshake message has been buffered and reassembled"