TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

ssl-opt.sh: Use more diverse MTUs

Browse Source 
Do not use only power of 2 MTUs.
Use diverse MTUs in DTLS reassembly/
fragmenting/proxy tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2026-02-11 09:08:03 +01:00
parent 404daf5f6d
commit 82d549a297
1 changed files with 142 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
tests/ssl-opt.sh
View File

@@ -10942,7 +10942,7 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
"$G_SRV -u --mtu 128" \
"$G_SRV -u --mtu 109" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
@@ -10954,7 +10954,7 @@ requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
"$G_SRV -u --mtu 256" \
"$G_SRV -u --mtu 241" \
"$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
0 \
-c "found fragmented DTLS handshake message" \
@@ -10995,7 +10995,7 @@ requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: some fragmentation (gnutls client)" \
"$P_SRV debug_level=2 dtls=1 auth_mode=required" \
"$G_NEXT_CLI -u --mtu 256 --insecure 127.0.0.1 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" \
"$G_NEXT_CLI -u --mtu 211 --insecure 127.0.0.1 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" \
0 \
-s "found fragmented DTLS handshake message" \
-s "Certificate handshake message has been buffered and reassembled" \
@@ -11011,7 +11011,7 @@ requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation (gnutls client)" \
"$P_SRV debug_level=2 dtls=1" \
"$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \
"$G_NEXT_CLI -u --mtu 103 --insecure 127.0.0.1" \
0 \
-s "ClientHello handshake message has been buffered and reassembled" \
-S "error"
@@ -11020,7 +11020,7 @@ requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation, nbio (gnutls client)" \
"$P_SRV debug_level=2 dtls=1 nbio=2" \
"$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \
"$G_NEXT_CLI -u --mtu 103 --insecure 127.0.0.1" \
0 \
-s "ClientHello handshake message has been buffered and reassembled" \
-S "error"
@@ -11051,7 +11051,7 @@ run_test "DTLS reassembly: fragmentation (openssl server)" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
"$O_SRV -dtls -mtu 256" \
"$O_SRV -dtls -mtu 273" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
@@ -11084,7 +11084,7 @@ run_test "DTLS reassembly: some fragmentation (openssl client)" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, nbio (openssl client)" \
"$P_SRV debug_level=2 dtls=1 auth_mode=required nbio=2" \
"$O_NEXT_CLI -dtls -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
"$O_NEXT_CLI -dtls -mtu 269 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "found fragmented DTLS handshake message" \
-s "Certificate handshake message has been buffered and reassembled" \
@@ -11331,20 +11331,20 @@ run_test "DTLS fragmenting: server (MTU)" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_max_content_len 1024
requires_max_content_len 1038
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: both (MTU=1024)" \
-p "$P_PXY mtu=1024" \
run_test "DTLS fragmenting: both (MTU=1038)" \
-p "$P_PXY mtu=1038" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
mtu=1024" \
mtu=1038" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
mtu=1024" \
mtu=1038" \
0 \
-s "found fragmented DTLS handshake message" \
-c "found fragmented DTLS handshake message" \
@@ -11354,20 +11354,20 @@ run_test "DTLS fragmenting: both (MTU=1024)" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
requires_max_content_len 512
run_test "DTLS fragmenting: both (MTU=512)" \
-p "$P_PXY mtu=512" \
requires_max_content_len 509
run_test "DTLS fragmenting: both (MTU=509)" \
-p "$P_PXY mtu=509" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
mtu=512" \
mtu=509" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=2500-60000 \
mtu=512" \
mtu=509" \
0 \
-s "found fragmented DTLS handshake message" \
-c "found fragmented DTLS handshake message" \
@@ -11377,7 +11377,7 @@ run_test "DTLS fragmenting: both (MTU=512)" \
# maximum application data payload per record may be small with an MTU of 128.
# For example, with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, this maximum is
# 35 bytes. We therefore reduce the size of the client request and the server
# response in this test.
# response in this test and the two following tests.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_max_content_len 128
run_test "DTLS fragmenting: both (MTU=128)" \
@@ -11404,6 +11404,58 @@ run_test "DTLS fragmenting: both (MTU=128)" \
-c "fragmenting CertificateVerify handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_max_content_len 2048
run_test "DTLS fragmenting: both (MTU=107)" \
-p "$P_PXY mtu=107" \
"$P_SRV dtls=1 debug_level=5 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
response_size=8 \
hs_timeout=2500-60000 \
mtu=107" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
hs_timeout=2500-60000 \
mtu=107" \
0 \
-s "found fragmented DTLS handshake message" \
-s "fragmenting Certificate handshake message" \
-s "fragmenting ServerKeyExchange handshake message" \
-c "found fragmented DTLS handshake message" \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-c "fragmenting CertificateVerify handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_max_content_len 2048
run_test "DTLS fragmenting: both (MTU=133)" \
-p "$P_PXY mtu=133" \
"$P_SRV dtls=1 debug_level=5 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
response_size=8 \
hs_timeout=2500-60000 \
mtu=133" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
hs_timeout=2500-60000 \
mtu=133" \
0 \
-s "found fragmented DTLS handshake message" \
-s "fragmenting Certificate handshake message" \
-s "fragmenting ServerKeyExchange handshake message" \
-c "found fragmented DTLS handshake message" \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-c "fragmenting CertificateVerify handshake message" \
-C "error"
# Test for automatic MTU reduction on repeated resend.
# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
# The ratio of max/min timeout should ideally equal 4 to accept two
@@ -11780,12 +11832,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_gnutls
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=512, gnutls server, DTLS 1.2" \
run_test "DTLS fragmenting: MTU=501, gnutls server, DTLS 1.2" \
"$G_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \
mtu=501 force_version=dtls12" \
0 \
-c "fragmenting Certificate handshake message" \
-C "error"
@@ -11794,12 +11846,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_gnutls
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=128, gnutls server, DTLS 1.2" \
run_test "DTLS fragmenting: MTU=110, gnutls server, DTLS 1.2" \
"$G_NEXT_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
mtu=128 force_version=dtls12" \
request_size=35 \
mtu=110 force_version=dtls12" \
0 \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
@@ -11817,11 +11870,25 @@ requires_config_enabled MBEDTLS_RSA_C
requires_gnutls
requires_not_i686
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=512, gnutls client, DTLS 1.2" \
run_test "DTLS fragmenting: MTU=536, gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
mtu=512 force_version=dtls12" \
mtu=536 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting Certificate handshake message"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_gnutls
requires_not_i686
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=149, gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
mtu=149 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting Certificate handshake message"
@@ -11829,12 +11896,12 @@ run_test "DTLS fragmenting: MTU=512, gnutls client, DTLS 1.2" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=512, openssl server, DTLS 1.2" \
run_test "DTLS fragmenting: MTU=525, openssl server, DTLS 1.2" \
"$O_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \
mtu=525 force_version=dtls12" \
0 \
-c "fragmenting Certificate handshake message" \
-C "error"
@@ -11846,13 +11913,13 @@ run_test "DTLS fragmenting: MTU=512, openssl server, DTLS 1.2" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=128, openssl server, DTLS 1.2" \
run_test "DTLS fragmenting: MTU=130, openssl server, DTLS 1.2" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
mtu=128 force_version=dtls12" \
mtu=130 force_version=dtls12" \
0 \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
@@ -11870,6 +11937,18 @@ run_test "DTLS fragmenting: MTU=512, openssl client, DTLS 1.2" \
0 \
-s "fragmenting Certificate handshake message"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=131, openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
mtu=131 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
-s "fragmenting Certificate handshake message"
# interop tests for DTLS fragmentating with unreliable connection
#
# again we just want to test that the we fragment in a way that
@@ -11879,13 +11958,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=512, gnutls server, DTLS 1.2" \
run_test "DTLS fragmenting: 3d, MTU=434, gnutls server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
hs_timeout=250-60000 mtu=434 force_version=dtls12" \
0 \
-c "fragmenting Certificate handshake message" \
-C "error"
@@ -11895,13 +11974,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
client_needs_more_time 6
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=128, gnutls server, DTLS 1.2" \
run_test "DTLS fragmenting: 3d, MTU=103, gnutls server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=128 force_version=dtls12" \
request_size=35 \
hs_timeout=250-60000 mtu=103 force_version=dtls12" \
0 \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
@@ -11912,12 +11992,27 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=512, gnutls client, DTLS 1.2" \
run_test "DTLS fragmenting: 3d, MTU=614, gnutls client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
hs_timeout=250-60000 mtu=614 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting Certificate handshake message"
requires_gnutls_next
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=116, gnutls client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-60000 mtu=116 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting Certificate handshake message"
@@ -11929,13 +12024,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=512, openssl server, DTLS 1.2" \
run_test "DTLS fragmenting: 3d, MTU=541, openssl server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
hs_timeout=250-60000 mtu=541 force_version=dtls12" \
0 \
-c "fragmenting Certificate handshake message" \
-C "error"
@@ -11949,14 +12044,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=128, openssl server, DTLS 1.2" \
run_test "DTLS fragmenting: 3d, MTU=108, openssl server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
hs_timeout=250-60000 mtu=128 force_version=dtls12" \
hs_timeout=250-60000 mtu=108 force_version=dtls12" \
0 \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
@@ -13056,7 +13151,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_NEXT_SRV -dtls1_2 -mtu 256" \
"$O_NEXT_SRV -dtls1_2 -mtu 277" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \
0 \
-c "HTTP/1.0 200 OK" \
@@ -13068,7 +13163,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_NEXT_SRV -dtls1_2 -mtu 256" \
"$O_NEXT_SRV -dtls1_2 -mtu 268" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \
0 \
-c "HTTP/1.0 200 OK" \
@@ -13092,7 +13187,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl client, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 tickets=0" \
"$O_NEXT_CLI -dtls1_2 -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
"$O_NEXT_CLI -dtls1_2 -mtu 260 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "HTTP/1.0 200 OK" \
-s "found fragmented DTLS handshake message" \
@@ -13105,7 +13200,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl client, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
"$O_NEXT_CLI -dtls1_2 -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
"$O_NEXT_CLI -dtls1_2 -mtu 259 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "HTTP/1.0 200 OK" \
-s "found fragmented DTLS handshake message" \
@@ -13129,7 +13224,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \
"$G_NEXT_SRV -u --mtu 499" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \
0 \
-s "Extra-header:" \
@@ -13142,7 +13237,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \
"$G_NEXT_SRV -u --mtu 528" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \
0 \
-s "Extra-header:" \
@@ -13160,7 +13255,7 @@ run_test "DTLS proxy: 3d, gnutls client" \
0 \
-s "HTTP/1.0 200 OK"
# Set the MTU to 128 bytes. The ClientHello is not guaranteed to be surely
# Set the MTU to 131 bytes. The ClientHello is not guaranteed to be surely
# fragmented but it is very likely. For example, the ClientHello sent by the
# GnuTLS 3.7.2 client is 206 bytes in this test. We expect ClientHello
# fragmentation to remain the case across GnuTLS version updates. Avoid using a
@@ -13173,7 +13268,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls client, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2" \
"$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \
"$G_NEXT_CLI -u --mtu 131 --insecure 127.0.0.1" \
0 \
-s "HTTP/1.0 200 OK" \
-s "ClientHello handshake message has been buffered and reassembled"
@@ -13185,7 +13280,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls client, fragmentation, nbio=2" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 nbio=2" \
"$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \
"$G_NEXT_CLI -u --mtu 135 --insecure 127.0.0.1" \
0 \
-s "HTTP/1.0 200 OK" \
-s "ClientHello handshake message has been buffered and reassembled"