Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server
TLS 1.3 server: Send dummy change_cipher_spec records
The internal CI PR-merge job ran successfully thus good to go.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 79d7ddd..ad7b8f0 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -647,6 +647,8 @@
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED,
MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO,
+ MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO,
+ MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST,
}
mbedtls_ssl_states;
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 4c9a177..d0b8a64 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2720,7 +2720,7 @@
if( ++ssl->cur_out_ctr[i - 1] != 0 )
break;
- /* The loop goes to its end iff the counter is wrapping */
+ /* The loop goes to its end if the counter is wrapping */
if( i == mbedtls_ssl_ep_len( ssl ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index bfb2204..ffbbbcf 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1261,11 +1261,6 @@
return( ret );
}
- mbedtls_ssl_set_outbound_transform( ssl,
- ssl->handshake->transform_handshake );
- MBEDTLS_SSL_DEBUG_MSG(
- 3, ( "switching to handshake transform for outbound data" ) );
-
return( ret );
}
@@ -1295,7 +1290,16 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_server_hello( ssl ) );
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+ /* The server sends a dummy change_cipher_spec record immediately
+ * after its first handshake message. This may either be after
+ * a ServerHello or a HelloRetryRequest.
+ */
+ mbedtls_ssl_handshake_set_state(
+ ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO );
+#else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
cleanup:
@@ -1360,7 +1364,16 @@
ssl->handshake->hello_retry_request_count++;
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+ /* The server sends a dummy change_cipher_spec record immediately
+ * after its first handshake message. This may either be after
+ * a ServerHello or a HelloRetryRequest.
+ */
+ mbedtls_ssl_handshake_set_state(
+ ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST );
+#else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello retry request" ) );
@@ -1421,6 +1434,11 @@
unsigned char *buf;
size_t buf_len, msg_len;
+ mbedtls_ssl_set_outbound_transform( ssl,
+ ssl->handshake->transform_handshake );
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ( "switching to handshake transform for outbound data" ) );
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
@@ -1748,6 +1766,23 @@
break;
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+ /*
+ * Injection of dummy-CCS's for middlebox compatibility
+ */
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+ case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST:
+ ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
+ if( ret == 0 )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+ break;
+
+ case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO:
+ ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
+ if( ret == 0 )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+ break;
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+
case MBEDTLS_SSL_SERVER_FINISHED:
ret = ssl_tls13_write_server_finished( ssl );
break;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0b6711c..afabb64 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -11499,6 +11499,35 @@
done
unset TEST_SUITE_NAME
+# Test 1.3 compatibility mode
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \
+ "$P_SRV debug_level=4 force_version=tls13 tickets=0" \
+ "$P_CLI debug_level=4" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -c "Protocol is TLSv1.3" \
+ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
+ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->m both with middlebox compat support" \
+ "$P_SRV debug_level=4 force_version=tls13 tickets=0" \
+ "$P_CLI debug_level=4" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -c "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
+
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@@ -11506,10 +11535,11 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \
"$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI debug_level=3" \
+ "$P_CLI debug_level=4" \
0 \
-c "Protocol is TLSv1.3" \
- -c "HTTP/1.0 200 ok"
+ -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
+ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -11518,10 +11548,22 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI debug_level=3" \
+ "$P_CLI debug_level=4" \
1 \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->O both with middlebox compat support" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI debug_level=4" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
+
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
@@ -11531,10 +11573,11 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
- "$P_CLI debug_level=3" \
+ "$P_CLI debug_level=4" \
0 \
-c "Protocol is TLSv1.3" \
- -c "HTTP/1.0 200 OK"
+ -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
+ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -11544,10 +11587,301 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 m->G server with middlebox compat support, not client" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
- "$P_CLI debug_level=3" \
+ "$P_CLI debug_level=4" \
1 \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->G both with middlebox compat support" \
+ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
+ "$P_CLI debug_level=4" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$O_NEXT_CLI -msg -debug -no_middlebox" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
+ -C "14 03 03 00 01"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 O->m server with middlebox compat support, not client" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$O_NEXT_CLI -msg -debug -no_middlebox" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 O->m both with middlebox compat support" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$O_NEXT_CLI -msg -debug" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
+ -c "14 03 03 00 01"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
+ -C "SSL 3.3 ChangeCipherSpec packet received"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 G->m server with middlebox compat support, not client" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
+ -c "SSL 3.3 ChangeCipherSpec packet received" \
+ -c "discarding change cipher spec in TLS1.3"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 G->m both with middlebox compat support" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
+ -c "SSL 3.3 ChangeCipherSpec packet received"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \
+ "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \
+ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -c "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \
+ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
+ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->m HRR both with middlebox compat support" \
+ "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \
+ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -c "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \
+ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \
+ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "received HelloRetryRequest message" \
+ -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
+ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \
+ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \
+ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
+ 1 \
+ -c "received HelloRetryRequest message" \
+ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->O HRR both with middlebox compat support" \
+ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \
+ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
+ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "received HelloRetryRequest message" \
+ -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
+ -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \
+ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
+ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
+ 1 \
+ -c "received HelloRetryRequest message" \
+ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3 m->G HRR both with middlebox compat support" \
+ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
+ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
+ "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
+ -C "14 03 03 00 01"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
+ "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 O->m HRR both with middlebox compat support" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
+ "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
+ -c "14 03 03 00 01"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
+ -C "SSL 3.3 ChangeCipherSpec packet received"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
+ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
+ -c "SSL 3.3 ChangeCipherSpec packet received" \
+ -c "discarding change cipher spec in TLS1.3"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
+ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ 0 \
+ -s "Protocol is TLSv1.3" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
+ -c "SSL 3.3 ChangeCipherSpec packet received"
+
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_MEMORY_DEBUG