1#! /usr/bin/env perl 2# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9use strict; 10use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 11use OpenSSL::Test::Utils; 12use File::Temp qw(tempfile); 13use TLSProxy::Proxy; 14use checkhandshake qw(checkhandshake @handmessages @extensions); 15 16my $test_name = "test_tls13messages"; 17setup($test_name); 18 19plan skip_all => "TLSProxy isn't usable on $^O" 20 if $^O =~ /^(VMS)$/; 21 22plan skip_all => "$test_name needs the dynamic engine feature enabled" 23 if disabled("engine") || disabled("dynamic-engine"); 24 25plan skip_all => "$test_name needs the sock feature enabled" 26 if disabled("sock"); 27 28plan skip_all => "$test_name needs TLSv1.3 enabled" 29 if disabled("tls1_3"); 30 31plan skip_all => "$test_name needs EC enabled" 32 if disabled("ec"); 33 34@handmessages = ( 35 [TLSProxy::Message::MT_CLIENT_HELLO, 36 checkhandshake::ALL_HANDSHAKES], 37 [TLSProxy::Message::MT_SERVER_HELLO, 38 checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 39 [TLSProxy::Message::MT_CLIENT_HELLO, 40 checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 41 [TLSProxy::Message::MT_SERVER_HELLO, 42 checkhandshake::ALL_HANDSHAKES], 43 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, 44 checkhandshake::ALL_HANDSHAKES], 45 [TLSProxy::Message::MT_CERTIFICATE_REQUEST, 46 checkhandshake::CLIENT_AUTH_HANDSHAKE], 47 [TLSProxy::Message::MT_CERTIFICATE, 48 checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 49 [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 50 checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 51 [TLSProxy::Message::MT_FINISHED, 52 checkhandshake::ALL_HANDSHAKES], 53 [TLSProxy::Message::MT_CERTIFICATE, 54 checkhandshake::CLIENT_AUTH_HANDSHAKE], 55 [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 56 checkhandshake::CLIENT_AUTH_HANDSHAKE], 57 [TLSProxy::Message::MT_FINISHED, 58 checkhandshake::ALL_HANDSHAKES], 59 [0, 0] 60); 61 62@extensions = ( 63 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 64 TLSProxy::Message::CLIENT, 65 checkhandshake::SERVER_NAME_CLI_EXTENSION], 66 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 67 TLSProxy::Message::CLIENT, 68 checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 69 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 70 TLSProxy::Message::CLIENT, 71 checkhandshake::DEFAULT_EXTENSIONS], 72 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 73 TLSProxy::Message::CLIENT, 74 checkhandshake::DEFAULT_EXTENSIONS], 75 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 76 TLSProxy::Message::CLIENT, 77 checkhandshake::DEFAULT_EXTENSIONS], 78 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 79 TLSProxy::Message::CLIENT, 80 checkhandshake::ALPN_CLI_EXTENSION], 81 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 82 TLSProxy::Message::CLIENT, 83 checkhandshake::SCT_CLI_EXTENSION], 84 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 85 TLSProxy::Message::CLIENT, 86 checkhandshake::DEFAULT_EXTENSIONS], 87 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 88 TLSProxy::Message::CLIENT, 89 checkhandshake::DEFAULT_EXTENSIONS], 90 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 91 TLSProxy::Message::CLIENT, 92 checkhandshake::DEFAULT_EXTENSIONS], 93 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 94 TLSProxy::Message::CLIENT, 95 checkhandshake::DEFAULT_EXTENSIONS], 96 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 97 TLSProxy::Message::CLIENT, 98 checkhandshake::DEFAULT_EXTENSIONS], 99 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 100 TLSProxy::Message::CLIENT, 101 checkhandshake::DEFAULT_EXTENSIONS], 102 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 103 TLSProxy::Message::CLIENT, 104 checkhandshake::PSK_CLI_EXTENSION], 105 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, 106 TLSProxy::Message::CLIENT, 107 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], 108 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, 109 TLSProxy::Message::CLIENT, 110 checkhandshake::DEFAULT_EXTENSIONS], 111 112 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 113 TLSProxy::Message::SERVER, 114 checkhandshake::DEFAULT_EXTENSIONS], 115 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 116 TLSProxy::Message::SERVER, 117 checkhandshake::KEY_SHARE_HRR_EXTENSION], 118 119 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 120 TLSProxy::Message::CLIENT, 121 checkhandshake::SERVER_NAME_CLI_EXTENSION], 122 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 123 TLSProxy::Message::CLIENT, 124 checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 125 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 126 TLSProxy::Message::CLIENT, 127 checkhandshake::DEFAULT_EXTENSIONS], 128 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 129 TLSProxy::Message::CLIENT, 130 checkhandshake::DEFAULT_EXTENSIONS], 131 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 132 TLSProxy::Message::CLIENT, 133 checkhandshake::DEFAULT_EXTENSIONS], 134 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 135 TLSProxy::Message::CLIENT, 136 checkhandshake::ALPN_CLI_EXTENSION], 137 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 138 TLSProxy::Message::CLIENT, 139 checkhandshake::SCT_CLI_EXTENSION], 140 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 141 TLSProxy::Message::CLIENT, 142 checkhandshake::DEFAULT_EXTENSIONS], 143 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 144 TLSProxy::Message::CLIENT, 145 checkhandshake::DEFAULT_EXTENSIONS], 146 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 147 TLSProxy::Message::CLIENT, 148 checkhandshake::DEFAULT_EXTENSIONS], 149 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 150 TLSProxy::Message::CLIENT, 151 checkhandshake::DEFAULT_EXTENSIONS], 152 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 153 TLSProxy::Message::CLIENT, 154 checkhandshake::DEFAULT_EXTENSIONS], 155 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 156 TLSProxy::Message::CLIENT, 157 checkhandshake::DEFAULT_EXTENSIONS], 158 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 159 TLSProxy::Message::CLIENT, 160 checkhandshake::PSK_CLI_EXTENSION], 161 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, 162 TLSProxy::Message::CLIENT, 163 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], 164 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, 165 TLSProxy::Message::CLIENT, 166 checkhandshake::DEFAULT_EXTENSIONS], 167 168 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 169 TLSProxy::Message::SERVER, 170 checkhandshake::DEFAULT_EXTENSIONS], 171 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 172 TLSProxy::Message::SERVER, 173 checkhandshake::DEFAULT_EXTENSIONS], 174 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, 175 TLSProxy::Message::SERVER, 176 checkhandshake::PSK_SRV_EXTENSION], 177 178 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME, 179 TLSProxy::Message::SERVER, 180 checkhandshake::SERVER_NAME_SRV_EXTENSION], 181 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN, 182 TLSProxy::Message::SERVER, 183 checkhandshake::ALPN_SRV_EXTENSION], 184 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 185 TLSProxy::Message::SERVER, 186 checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION], 187 188 [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS, 189 TLSProxy::Message::SERVER, 190 checkhandshake::DEFAULT_EXTENSIONS], 191 192 [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, 193 TLSProxy::Message::SERVER, 194 checkhandshake::STATUS_REQUEST_SRV_EXTENSION], 195 [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT, 196 TLSProxy::Message::SERVER, 197 checkhandshake::SCT_SRV_EXTENSION], 198 199 [0,0,0,0] 200); 201 202my $proxy = TLSProxy::Proxy->new( 203 undef, 204 cmdstr(app(["openssl"]), display => 1), 205 srctop_file("apps", "server.pem"), 206 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 207); 208 209#Test 1: Check we get all the right messages for a default handshake 210(undef, my $session) = tempfile(); 211$proxy->serverconnects(2); 212$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 213$proxy->clientflags("-no_rx_cert_comp -sess_out ".$session); 214$proxy->sessionfile($session); 215$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 216plan tests => 17; 217checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 218 checkhandshake::DEFAULT_EXTENSIONS, 219 "Default handshake test"); 220 221#Test 2: Resumption handshake 222$proxy->clearClient(); 223$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 224$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); 225$proxy->clientstart(); 226checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 227 (checkhandshake::DEFAULT_EXTENSIONS 228 | checkhandshake::PSK_CLI_EXTENSION 229 | checkhandshake::PSK_SRV_EXTENSION), 230 "Resumption handshake test"); 231 232SKIP: { 233 skip "No OCSP support in this OpenSSL build", 4 234 if disabled("ct") || disabled("ec") || disabled("ocsp"); 235 #Test 3: A status_request handshake (client request only) 236 $proxy->clear(); 237 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 238 $proxy->clientflags("-no_rx_cert_comp -status"); 239 $proxy->start(); 240 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 241 checkhandshake::DEFAULT_EXTENSIONS 242 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION, 243 "status_request handshake test (client)"); 244 245 #Test 4: A status_request handshake (server support only) 246 $proxy->clear(); 247 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 248 $proxy->clientflags("-no_rx_cert_comp"); 249 $proxy->serverflags("-no_rx_cert_comp -status_file " 250 .srctop_file("test", "recipes", "ocsp-response.der")); 251 $proxy->start(); 252 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 253 checkhandshake::DEFAULT_EXTENSIONS, 254 "status_request handshake test (server)"); 255 256 #Test 5: A status_request handshake (client and server) 257 $proxy->clear(); 258 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 259 $proxy->clientflags("-no_rx_cert_comp -status"); 260 $proxy->serverflags("-no_rx_cert_comp -status_file " 261 .srctop_file("test", "recipes", "ocsp-response.der")); 262 $proxy->start(); 263 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 264 checkhandshake::DEFAULT_EXTENSIONS 265 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 266 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 267 "status_request handshake test"); 268 269 #Test 6: A status_request handshake (client and server) with client auth 270 $proxy->clear(); 271 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 272 $proxy->clientflags("-no_rx_cert_comp -status -enable_pha -cert " 273 .srctop_file("apps", "server.pem")); 274 $proxy->serverflags("-no_rx_cert_comp -Verify 5 -status_file " 275 .srctop_file("test", "recipes", "ocsp-response.der")); 276 $proxy->start(); 277 checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, 278 checkhandshake::DEFAULT_EXTENSIONS 279 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 280 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION 281 | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, 282 "status_request handshake with client auth test"); 283} 284 285#Test 7: A client auth handshake 286$proxy->clear(); 287$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 288$proxy->clientflags("-no_rx_cert_comp -enable_pha -cert ".srctop_file("apps", "server.pem")); 289$proxy->serverflags("-no_rx_cert_comp -Verify 5"); 290$proxy->start(); 291checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, 292 checkhandshake::DEFAULT_EXTENSIONS | 293 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, 294 "Client auth handshake test"); 295 296#Test 8: Server name handshake (no client request) 297$proxy->clear(); 298$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 299$proxy->clientflags("-no_rx_cert_comp -noservername"); 300$proxy->start(); 301checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 302 checkhandshake::DEFAULT_EXTENSIONS 303 & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, 304 "Server name handshake test (client)"); 305 306#Test 9: Server name handshake (server support only) 307$proxy->clear(); 308$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 309$proxy->clientflags("-no_rx_cert_comp -noservername"); 310$proxy->serverflags("-no_rx_cert_comp -servername testhost"); 311$proxy->start(); 312checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 313 checkhandshake::DEFAULT_EXTENSIONS 314 & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, 315 "Server name handshake test (server)"); 316 317#Test 10: Server name handshake (client and server) 318$proxy->clear(); 319$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 320$proxy->clientflags("-no_rx_cert_comp -servername testhost"); 321$proxy->serverflags("-no_rx_cert_comp -servername testhost"); 322$proxy->start(); 323checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 324 checkhandshake::DEFAULT_EXTENSIONS 325 | checkhandshake::SERVER_NAME_SRV_EXTENSION, 326 "Server name handshake test"); 327 328#Test 11: ALPN handshake (client request only) 329$proxy->clear(); 330$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 331$proxy->clientflags("-no_rx_cert_comp -alpn test"); 332$proxy->start(); 333checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 334 checkhandshake::DEFAULT_EXTENSIONS 335 | checkhandshake::ALPN_CLI_EXTENSION, 336 "ALPN handshake test (client)"); 337 338#Test 12: ALPN handshake (server support only) 339$proxy->clear(); 340$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 341$proxy->clientflags("-no_rx_cert_comp"); 342$proxy->serverflags("-no_rx_cert_comp -alpn test"); 343$proxy->start(); 344checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 345 checkhandshake::DEFAULT_EXTENSIONS, 346 "ALPN handshake test (server)"); 347 348#Test 13: ALPN handshake (client and server) 349$proxy->clear(); 350$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 351$proxy->clientflags("-no_rx_cert_comp -alpn test"); 352$proxy->serverflags("-no_rx_cert_comp -alpn test"); 353$proxy->start(); 354checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 355 checkhandshake::DEFAULT_EXTENSIONS 356 | checkhandshake::ALPN_CLI_EXTENSION 357 | checkhandshake::ALPN_SRV_EXTENSION, 358 "ALPN handshake test"); 359 360SKIP: { 361 skip "No CT, EC or OCSP support in this OpenSSL build", 1 362 if disabled("ct") || disabled("ec") || disabled("ocsp"); 363 364 #Test 14: SCT handshake (client request only) 365 $proxy->clear(); 366 $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 367 #Note: -ct also sends status_request 368 $proxy->clientflags("-no_rx_cert_comp -ct"); 369 $proxy->serverflags("-no_rx_cert_comp -status_file " 370 .srctop_file("test", "recipes", "ocsp-response.der") 371 ." -serverinfo ".srctop_file("test", "serverinfo2.pem")); 372 $proxy->start(); 373 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 374 checkhandshake::DEFAULT_EXTENSIONS 375 | checkhandshake::SCT_CLI_EXTENSION 376 | checkhandshake::SCT_SRV_EXTENSION 377 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 378 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 379 "SCT handshake test"); 380} 381 382#Test 15: HRR Handshake 383$proxy->clear(); 384$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 385$proxy->clientflags("-no_rx_cert_comp"); 386$proxy->serverflags("-no_rx_cert_comp -curves P-384"); 387$proxy->start(); 388checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE, 389 checkhandshake::DEFAULT_EXTENSIONS 390 | checkhandshake::KEY_SHARE_HRR_EXTENSION, 391 "HRR handshake test"); 392 393#Test 16: Resumption handshake with HRR 394$proxy->clear(); 395$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 396$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); 397$proxy->serverflags("-no_rx_cert_comp -curves P-384"); 398$proxy->start(); 399checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 400 (checkhandshake::DEFAULT_EXTENSIONS 401 | checkhandshake::KEY_SHARE_HRR_EXTENSION 402 | checkhandshake::PSK_CLI_EXTENSION 403 | checkhandshake::PSK_SRV_EXTENSION), 404 "Resumption handshake with HRR test"); 405 406#Test 17: Acceptable but non preferred key_share 407$proxy->clear(); 408$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 409$proxy->clientflags("-no_rx_cert_comp -curves P-384"); 410$proxy->start(); 411checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 412 checkhandshake::DEFAULT_EXTENSIONS 413 | checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION, 414 "Acceptable but non preferred key_share"); 415 416unlink $session; 417