==> Building on electivire ==> Checking for remote environment... ==> Syncing package to remote host... sending incremental file list ./ .SRCINFO 1,042 100% 0.00kB/s 0:00:00 1,042 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=7/9) .nvchecker.toml 49 100% 47.85kB/s 0:00:00 49 100% 47.85kB/s 0:00:00 (xfr#2, to-chk=6/9) LICENSE 646 100% 630.86kB/s 0:00:00 646 100% 630.86kB/s 0:00:00 (xfr#3, to-chk=5/9) PKGBUILD 1,401 65% 1.34MB/s 0:00:00 2,141 100% 2.04MB/s 0:00:00 (xfr#4, to-chk=4/9) REUSE.toml 375 100% 366.21kB/s 0:00:00 375 100% 366.21kB/s 0:00:00 (xfr#5, to-chk=3/9) haskell-tls-2.0.6-14.log 575 100% 561.52kB/s 0:00:00 575 100% 561.52kB/s 0:00:00 (xfr#6, to-chk=2/9) LICENSES/ sent 1,431 bytes received 198 bytes 1,086.00 bytes/sec total size is 4,460 speedup is 2.74 ==> Patching arch to riscv64... ==> Running pkgctl build --arch riscv64 --repo extra on remote host... ==> WARNING: unsupported architecture: riscv64 ==> Building haskell-tls  -> repo: extra  -> arch: riscv64  -> worker: felix-1 ==> Building haskell-tls for [extra] (riscv64) ]2;🔵 Container arch-nspawn-924451 on electivire.felixc.at\[?25l:: Synchronizing package databases... core downloading... extra downloading... error: restricting filesystem access failed because landlock is not supported by the kernel! :: Starting full system upgrade... there is nothing to do [?25h==> Building in chroot for [extra] (riscv64)... ==> Synchronizing chroot copy [/var/lib/archbuild/extra-riscv64/root] -> [felix-1]...done ==> Making package: haskell-tls 2.0.6-14 (Mon Sep 1 04:16:37 2025) ==> Retrieving sources...  -> Found tls-2.0.6.tar.gz ==> Validating source files with sha512sums... tls-2.0.6.tar.gz ... Passed ]2;🔵 Container arch-nspawn-925485 on electivire.felixc.at\==> Making package: haskell-tls 2.0.6-14 (Sun Aug 31 20:16:47 2025) ==> Checking runtime dependencies... ==> Installing missing dependencies... [?25lresolving dependencies... looking for conflicting packages... warning: dependency cycle detected: warning: haskell-bifunctors will be installed before its haskell-assoc dependency Package (59) New Version Net Change Download Size extra/haskell-ansi-terminal 1.0.2-58 0.28 MiB extra/haskell-ansi-terminal-types 0.11.5-98 0.53 MiB extra/haskell-appar 0.1.8-15 0.13 MiB extra/haskell-asn1-parse 0.9.5-284 0.08 MiB extra/haskell-assoc 1.1.1-28.1 0.04 MiB extra/haskell-base-orphans 0.9.2-25 0.15 MiB extra/haskell-basement 0.0.16-3 6.04 MiB extra/haskell-bifunctors 5.6.2-12 3.06 MiB extra/haskell-byteorder 1.0.4-26 0.06 MiB extra/haskell-cborg 0.2.10.0-33 2.12 MiB 0.35 MiB extra/haskell-colour 2.3.6-308 0.87 MiB extra/haskell-comonad 5.0.9-73 0.60 MiB extra/haskell-data-default 0.7.1.2-14 0.01 MiB extra/haskell-data-default-instances-containers 0.1.0.2-4.2 0.02 MiB extra/haskell-data-default-instances-dlist 0.0.1.2-58 0.01 MiB extra/haskell-data-default-instances-old-locale 0.0.1-40.3 0.01 MiB extra/haskell-distributive 0.6.2.1-291 0.25 MiB extra/haskell-dlist 1.0-308 0.26 MiB extra/haskell-foldable1-classes-compat 0.1.1-20 0.59 MiB extra/haskell-half 0.3.3-19 0.21 MiB 0.05 MiB extra/haskell-hashable 1.4.4.0-136.1 0.70 MiB extra/haskell-hourglass 0.2.12-298 1.82 MiB extra/haskell-indexed-traversable 0.1.4-128 0.83 MiB extra/haskell-iproute 1.7.15-36 1.13 MiB extra/haskell-old-locale 1.0.0.7-32.1 0.13 MiB extra/haskell-old-time 1.1.0.4-4 0.44 MiB extra/haskell-optparse-applicative 0.18.1.0-77 1.62 MiB extra/haskell-os-string 2.0.7-74.1 1.07 MiB extra/haskell-pem 0.2.4-340 0.08 MiB extra/haskell-prettyprinter 1.7.1-264 1.49 MiB extra/haskell-prettyprinter-ansi-terminal 1.1.3-300 0.30 MiB extra/haskell-primitive 0.9.1.0-16 1.91 MiB extra/haskell-random 1.2.1.3-40 2.06 MiB extra/haskell-splitmix 0.1.1-2 0.19 MiB extra/haskell-strict 0.5-140 1.07 MiB extra/haskell-tagged 0.8.9-2.1 0.32 MiB extra/haskell-tasty 1.5-25 1.65 MiB extra/haskell-th-abstraction 0.5.0.0-1 0.98 MiB extra/haskell-these 1.2.1-81 0.63 MiB extra/haskell-transformers-compat 0.7.2-3.1 0.80 MiB extra/haskell-unordered-containers 0.2.20-109 2.08 MiB extra/haskell-vector 0.13.2.0-105.2 12.37 MiB extra/haskell-vector-stream 0.1.0.1-3.1 0.60 MiB extra/numactl 2.0.19-1 0.20 MiB extra/ghc-libs 9.4.8-1.3 139.60 MiB extra/haskell-asn1-encoding 0.9.6-285 0.49 MiB extra/haskell-asn1-types 0.3.4-263 0.47 MiB extra/haskell-async 2.2.5-154.1 0.38 MiB extra/haskell-base16-bytestring 1.0.2.0-132 0.08 MiB extra/haskell-cereal 0.5.8.3-3 1.74 MiB extra/haskell-crypton 1.0.2-12.1 10.93 MiB extra/haskell-crypton-x509 1.7.7-17 1.79 MiB extra/haskell-crypton-x509-store 1.6.10-28 0.15 MiB extra/haskell-crypton-x509-validation 1.6.14-4 0.36 MiB 0.08 MiB extra/haskell-data-default-class 0.1.2.0-26.1 0.07 MiB extra/haskell-memory 0.18.0-62 1.24 MiB extra/haskell-network 3.1.4.0-73 1.80 MiB extra/haskell-serialise 0.2.6.1-121 1.76 MiB 0.26 MiB extra/haskell-unix-time 0.4.17-21 0.19 MiB 0.05 MiB Total Download Size: 0.78 MiB Total Installed Size: 210.85 MiB :: Proceed with installation? [Y/n] :: Retrieving packages... haskell-cborg-0.2.10.0-33-riscv64 downloading... haskell-serialise-0.2.6.1-121-riscv64 downloading... haskell-crypton-x509-validation-1.6.14-4-riscv64 downloading... haskell-half-0.3.3-19-riscv64 downloading... haskell-unix-time-0.4.17-21-riscv64 downloading... error: restricting filesystem access failed because landlock is not supported by the kernel! checking keyring... checking package integrity... loading package files... checking for file conflicts... :: Processing package changes... installing numactl... installing ghc-libs... installing haskell-hourglass... installing haskell-basement... installing haskell-memory... installing haskell-asn1-types... installing haskell-asn1-encoding... installing haskell-os-string... installing haskell-hashable... installing haskell-async... installing haskell-base16-bytestring... installing haskell-cereal... installing haskell-crypton... installing haskell-asn1-parse... installing haskell-pem... installing haskell-crypton-x509... installing haskell-crypton-x509-store... installing haskell-data-default-class... installing haskell-data-default-instances-containers... installing haskell-dlist... installing haskell-data-default-instances-dlist... installing haskell-old-locale... installing haskell-data-default-instances-old-locale... installing haskell-data-default... installing haskell-appar... installing haskell-byteorder... installing haskell-network... installing haskell-iproute... installing haskell-crypton-x509-validation... installing haskell-half... installing haskell-primitive... installing haskell-cborg... installing haskell-base-orphans... installing haskell-tagged... installing haskell-distributive... installing haskell-foldable1-classes-compat... installing haskell-indexed-traversable... installing haskell-transformers-compat... installing haskell-comonad... installing haskell-th-abstraction... installing haskell-bifunctors... installing haskell-assoc... installing haskell-these... installing haskell-strict... installing haskell-unordered-containers... installing haskell-splitmix... installing haskell-random... installing haskell-colour... installing haskell-ansi-terminal-types... installing haskell-ansi-terminal... installing haskell-prettyprinter... installing haskell-prettyprinter-ansi-terminal... installing haskell-optparse-applicative... installing haskell-tasty... installing haskell-vector-stream... installing haskell-vector... installing haskell-serialise... installing haskell-old-time... installing haskell-unix-time... :: Running post-transaction hooks... (1/2) Arming ConditionNeedsUpdate... (2/2) Registering Haskell modules... [?25h==> Checking buildtime dependencies... ==> Installing missing dependencies... [?25lresolving dependencies... looking for conflicting packages... Package (15) New Version Net Change extra/haskell-call-stack 0.4.0-282.1 0.06 MiB extra/haskell-erf 2.0.0.0-26.1 0.06 MiB extra/haskell-hspec-core 2.11.0-12.1 3.34 MiB extra/haskell-hspec-expectations 0.8.3-137.1 0.16 MiB extra/haskell-hunit 1.6.2.0-324.1 0.38 MiB extra/haskell-lexer 1.1.2-1 1.10 MiB extra/haskell-quickcheck-io 0.2.0-861 0.07 MiB extra/haskell-tf-random 0.5-885.1 0.35 MiB core/libedit 20250104_3.1-1 0.25 MiB extra/llvm14 14.0.6-5 83.34 MiB extra/llvm14-libs 14.0.6-5 104.95 MiB extra/ghc 9.4.8-1.3 288.07 MiB extra/haskell-hspec 2.11.0-13.1 0.11 MiB extra/haskell-hspec-discover 2.11.0-2.1 0.28 MiB extra/haskell-quickcheck 2.14.3-207 3.71 MiB Total Installed Size: 486.23 MiB :: Proceed with installation? [Y/n] checking keyring... checking package integrity... loading package files... checking for file conflicts... :: Processing package changes... installing libedit... installing llvm14-libs... installing llvm14... installing ghc... installing haskell-erf... installing haskell-quickcheck... installing haskell-call-stack... installing haskell-hunit... installing haskell-hspec-expectations... installing haskell-lexer... installing haskell-quickcheck-io... installing haskell-tf-random... installing haskell-hspec-core... installing haskell-hspec-discover... installing haskell-hspec... :: Running post-transaction hooks... (1/2) Arming ConditionNeedsUpdate... (2/2) Registering Haskell modules... [?25h==> Retrieving sources...  -> Found tls-2.0.6.tar.gz ==> WARNING: Skipping all source file integrity checks. ==> Extracting sources...  -> Extracting tls-2.0.6.tar.gz with bsdtar ==> Starting build()... Configuring tls-2.0.6... Preprocessing library for tls-2.0.6.. Building library for tls-2.0.6.. [ 1 of 76] Compiling Network.TLS.Crypto.Types ( Network/TLS/Crypto/Types.hs, dist/build/Network/TLS/Crypto/Types.dyn_o ) [ 2 of 76] Compiling Network.TLS.ErrT ( Network/TLS/ErrT.hs, dist/build/Network/TLS/ErrT.dyn_o ) [ 3 of 76] Compiling Network.TLS.Imports ( Network/TLS/Imports.hs, dist/build/Network/TLS/Imports.dyn_o ) [ 4 of 76] Compiling Network.TLS.Backend ( Network/TLS/Backend.hs, dist/build/Network/TLS/Backend.dyn_o ) [ 5 of 76] Compiling Network.TLS.Measurement ( Network/TLS/Measurement.hs, dist/build/Network/TLS/Measurement.dyn_o ) [ 6 of 76] Compiling Network.TLS.RNG ( Network/TLS/RNG.hs, dist/build/Network/TLS/RNG.dyn_o ) [ 7 of 76] Compiling Network.TLS.Crypto.DH ( Network/TLS/Crypto/DH.hs, dist/build/Network/TLS/Crypto/DH.dyn_o ) [ 8 of 76] Compiling Network.TLS.Extra.FFDHE ( Network/TLS/Extra/FFDHE.hs, dist/build/Network/TLS/Extra/FFDHE.dyn_o ) [ 9 of 76] Compiling Network.TLS.Util ( Network/TLS/Util.hs, dist/build/Network/TLS/Util.dyn_o ) [10 of 76] Compiling Network.TLS.Util.ASN1 ( Network/TLS/Util/ASN1.hs, dist/build/Network/TLS/Util/ASN1.dyn_o ) [11 of 76] Compiling Network.TLS.Util.Serialization ( Network/TLS/Util/Serialization.hs, dist/build/Network/TLS/Util/Serialization.dyn_o ) [12 of 76] Compiling Network.TLS.Crypto.IES ( Network/TLS/Crypto/IES.hs, dist/build/Network/TLS/Crypto/IES.dyn_o ) [13 of 76] Compiling Network.TLS.Crypto ( Network/TLS/Crypto.hs, dist/build/Network/TLS/Crypto.dyn_o ) [14 of 76] Compiling Network.TLS.Types ( Network/TLS/Types.hs, dist/build/Network/TLS/Types.dyn_o ) [15 of 76] Compiling Network.TLS.Session ( Network/TLS/Session.hs, dist/build/Network/TLS/Session.dyn_o ) [16 of 76] Compiling Network.TLS.Compression ( Network/TLS/Compression.hs, dist/build/Network/TLS/Compression.dyn_o ) [17 of 76] Compiling Network.TLS.Struct ( Network/TLS/Struct.hs, dist/build/Network/TLS/Struct.dyn_o ) [18 of 76] Compiling Network.TLS.Struct13 ( Network/TLS/Struct13.hs, dist/build/Network/TLS/Struct13.dyn_o ) [19 of 76] Compiling Network.TLS.MAC ( Network/TLS/MAC.hs, dist/build/Network/TLS/MAC.dyn_o ) [20 of 76] Compiling Network.TLS.Cipher ( Network/TLS/Cipher.hs, dist/build/Network/TLS/Cipher.dyn_o ) [21 of 76] Compiling Network.TLS.Handshake.Control ( Network/TLS/Handshake/Control.hs, dist/build/Network/TLS/Handshake/Control.dyn_o ) [22 of 76] Compiling Network.TLS.Extra.Cipher ( Network/TLS/Extra/Cipher.hs, dist/build/Network/TLS/Extra/Cipher.dyn_o ) [23 of 76] Compiling Network.TLS.Extra ( Network/TLS/Extra.hs, dist/build/Network/TLS/Extra.dyn_o ) [24 of 76] Compiling Network.TLS.Wire ( Network/TLS/Wire.hs, dist/build/Network/TLS/Wire.dyn_o ) [25 of 76] Compiling Network.TLS.Packet ( Network/TLS/Packet.hs, dist/build/Network/TLS/Packet.dyn_o ) [26 of 76] Compiling Network.TLS.Record.State ( Network/TLS/Record/State.hs, dist/build/Network/TLS/Record/State.dyn_o ) [27 of 76] Compiling Network.TLS.Record.Types ( Network/TLS/Record/Types.hs, dist/build/Network/TLS/Record/Types.dyn_o ) [28 of 76] Compiling Network.TLS.Record.Engage ( Network/TLS/Record/Engage.hs, dist/build/Network/TLS/Record/Engage.dyn_o ) [29 of 76] Compiling Network.TLS.Record.Disengage ( Network/TLS/Record/Disengage.hs, dist/build/Network/TLS/Record/Disengage.dyn_o ) [30 of 76] Compiling Network.TLS.Record ( Network/TLS/Record.hs, dist/build/Network/TLS/Record.dyn_o ) [31 of 76] Compiling Network.TLS.Packet13 ( Network/TLS/Packet13.hs, dist/build/Network/TLS/Packet13.dyn_o ) [32 of 76] Compiling Network.TLS.Handshake.State ( Network/TLS/Handshake/State.hs, dist/build/Network/TLS/Handshake/State.dyn_o ) [33 of 76] Compiling Network.TLS.KeySchedule ( Network/TLS/KeySchedule.hs, dist/build/Network/TLS/KeySchedule.dyn_o ) [34 of 76] Compiling Network.TLS.Extension ( Network/TLS/Extension.hs, dist/build/Network/TLS/Extension.dyn_o ) [35 of 76] Compiling Network.TLS.State ( Network/TLS/State.hs, dist/build/Network/TLS/State.dyn_o ) [36 of 76] Compiling Network.TLS.X509 ( Network/TLS/X509.hs, dist/build/Network/TLS/X509.dyn_o ) [37 of 76] Compiling Network.TLS.Hooks ( Network/TLS/Hooks.hs, dist/build/Network/TLS/Hooks.dyn_o ) [38 of 76] Compiling Network.TLS.Credentials ( Network/TLS/Credentials.hs, dist/build/Network/TLS/Credentials.dyn_o ) [39 of 76] Compiling Network.TLS.Parameters ( Network/TLS/Parameters.hs, dist/build/Network/TLS/Parameters.dyn_o ) [40 of 76] Compiling Network.TLS.Context.Internal ( Network/TLS/Context/Internal.hs, dist/build/Network/TLS/Context/Internal.dyn_o ) [41 of 76] Compiling Network.TLS.Record.Writing ( Network/TLS/Record/Writing.hs, dist/build/Network/TLS/Record/Writing.dyn_o ) [42 of 76] Compiling Network.TLS.Record.Reading ( Network/TLS/Record/Reading.hs, dist/build/Network/TLS/Record/Reading.dyn_o ) [43 of 76] Compiling Network.TLS.Receiving ( Network/TLS/Receiving.hs, dist/build/Network/TLS/Receiving.dyn_o ) [44 of 76] Compiling Network.TLS.Handshake.State13 ( Network/TLS/Handshake/State13.hs, dist/build/Network/TLS/Handshake/State13.dyn_o ) [45 of 76] Compiling Network.TLS.Handshake.Random ( Network/TLS/Handshake/Random.hs, dist/build/Network/TLS/Handshake/Random.dyn_o ) [46 of 76] Compiling Network.TLS.Sending ( Network/TLS/Sending.hs, dist/build/Network/TLS/Sending.dyn_o ) [47 of 76] Compiling Network.TLS.IO ( Network/TLS/IO.hs, dist/build/Network/TLS/IO.dyn_o ) [48 of 76] Compiling Network.TLS.Handshake.Process ( Network/TLS/Handshake/Process.hs, dist/build/Network/TLS/Handshake/Process.dyn_o ) [49 of 76] Compiling Network.TLS.Handshake.Key ( Network/TLS/Handshake/Key.hs, dist/build/Network/TLS/Handshake/Key.dyn_o ) [50 of 76] Compiling Network.TLS.Handshake.Signature ( Network/TLS/Handshake/Signature.hs, dist/build/Network/TLS/Handshake/Signature.dyn_o ) [51 of 76] Compiling Network.TLS.Handshake.Common ( Network/TLS/Handshake/Common.hs, dist/build/Network/TLS/Handshake/Common.dyn_o ) [52 of 76] Compiling Network.TLS.Handshake.Server.ClientHello ( Network/TLS/Handshake/Server/ClientHello.hs, dist/build/Network/TLS/Handshake/Server/ClientHello.dyn_o ) [53 of 76] Compiling Network.TLS.Handshake.Certificate ( Network/TLS/Handshake/Certificate.hs, dist/build/Network/TLS/Handshake/Certificate.dyn_o ) Network/TLS/Handshake/Certificate.hs:10:1: warning: [-Wunused-imports] The import of ‘Control.Monad’ is redundant except perhaps to import instances from ‘Control.Monad’ To import instances alone, use: import Control.Monad() | 10 | import Control.Monad (unless) | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [54 of 76] Compiling Network.TLS.Handshake.Common13 ( Network/TLS/Handshake/Common13.hs, dist/build/Network/TLS/Handshake/Common13.dyn_o ) [55 of 76] Compiling Network.TLS.Handshake.Server.ClientHello13 ( Network/TLS/Handshake/Server/ClientHello13.hs, dist/build/Network/TLS/Handshake/Server/ClientHello13.dyn_o ) [56 of 76] Compiling Network.TLS.Handshake.Server.Common ( Network/TLS/Handshake/Server/Common.hs, dist/build/Network/TLS/Handshake/Server/Common.dyn_o ) Network/TLS/Handshake/Server/Common.hs:25:1: warning: [-Wunused-imports] The import of ‘Network.TLS.Imports’ is redundant except perhaps to import instances from ‘Network.TLS.Imports’ To import instances alone, use: import Network.TLS.Imports() | 25 | import Network.TLS.Imports | ^^^^^^^^^^^^^^^^^^^^^^^^^^ [57 of 76] Compiling Network.TLS.Handshake.Server.TLS13 ( Network/TLS/Handshake/Server/TLS13.hs, dist/build/Network/TLS/Handshake/Server/TLS13.dyn_o ) [58 of 76] Compiling Network.TLS.Handshake.Server.TLS12 ( Network/TLS/Handshake/Server/TLS12.hs, dist/build/Network/TLS/Handshake/Server/TLS12.dyn_o ) [59 of 76] Compiling Network.TLS.Handshake.Server.ServerHello13 ( Network/TLS/Handshake/Server/ServerHello13.hs, dist/build/Network/TLS/Handshake/Server/ServerHello13.dyn_o ) [60 of 76] Compiling Network.TLS.Handshake.Server.ServerHello12 ( Network/TLS/Handshake/Server/ServerHello12.hs, dist/build/Network/TLS/Handshake/Server/ServerHello12.dyn_o ) [61 of 76] Compiling Network.TLS.Handshake.Server.ClientHello12 ( Network/TLS/Handshake/Server/ClientHello12.hs, dist/build/Network/TLS/Handshake/Server/ClientHello12.dyn_o ) [62 of 76] Compiling Network.TLS.Handshake.Server ( Network/TLS/Handshake/Server.hs, dist/build/Network/TLS/Handshake/Server.dyn_o ) Network/TLS/Handshake/Server.hs:24:1: warning: [-Wunused-imports] The import of ‘Network.TLS.Imports’ is redundant except perhaps to import instances from ‘Network.TLS.Imports’ To import instances alone, use: import Network.TLS.Imports() | 24 | import Network.TLS.Imports | ^^^^^^^^^^^^^^^^^^^^^^^^^^ [63 of 76] Compiling Network.TLS.Handshake.Client.Common ( Network/TLS/Handshake/Client/Common.hs, dist/build/Network/TLS/Handshake/Client/Common.dyn_o ) [64 of 76] Compiling Network.TLS.Handshake.Client.TLS12 ( Network/TLS/Handshake/Client/TLS12.hs, dist/build/Network/TLS/Handshake/Client/TLS12.dyn_o ) [65 of 76] Compiling Network.TLS.Handshake.Client.ServerHello ( Network/TLS/Handshake/Client/ServerHello.hs, dist/build/Network/TLS/Handshake/Client/ServerHello.dyn_o ) [66 of 76] Compiling Network.TLS.Handshake.Client.TLS13 ( Network/TLS/Handshake/Client/TLS13.hs, dist/build/Network/TLS/Handshake/Client/TLS13.dyn_o ) [67 of 76] Compiling Network.TLS.Handshake.Client.ClientHello ( Network/TLS/Handshake/Client/ClientHello.hs, dist/build/Network/TLS/Handshake/Client/ClientHello.dyn_o ) [68 of 76] Compiling Network.TLS.Handshake.Client ( Network/TLS/Handshake/Client.hs, dist/build/Network/TLS/Handshake/Client.dyn_o ) [69 of 76] Compiling Network.TLS.PostHandshake ( Network/TLS/PostHandshake.hs, dist/build/Network/TLS/PostHandshake.dyn_o ) [70 of 76] Compiling Network.TLS.Handshake ( Network/TLS/Handshake.hs, dist/build/Network/TLS/Handshake.dyn_o ) [71 of 76] Compiling Network.TLS.Context ( Network/TLS/Context.hs, dist/build/Network/TLS/Context.dyn_o ) [72 of 76] Compiling Network.TLS.Record.Layer ( Network/TLS/Record/Layer.hs, dist/build/Network/TLS/Record/Layer.dyn_o ) [73 of 76] Compiling Network.TLS.Core ( Network/TLS/Core.hs, dist/build/Network/TLS/Core.dyn_o ) Network/TLS/Core.hs:31:1: warning: [-Wunused-imports] The import of ‘Control.Monad’ is redundant except perhaps to import instances from ‘Control.Monad’ To import instances alone, use: import Control.Monad() | 31 | import Control.Monad (unless, void, when) | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [74 of 76] Compiling Network.TLS.QUIC ( Network/TLS/QUIC.hs, dist/build/Network/TLS/QUIC.dyn_o ) [75 of 76] Compiling Network.TLS.Internal ( Network/TLS/Internal.hs, dist/build/Network/TLS/Internal.dyn_o ) [76 of 76] Compiling Network.TLS ( Network/TLS.hs, dist/build/Network/TLS.dyn_o ) Preprocessing test suite 'spec' for tls-2.0.6.. Building test suite 'spec' for tls-2.0.6.. [ 1 of 12] Compiling API ( test/API.hs, dist/build/spec/spec-tmp/API.dyn_o ) [ 2 of 12] Compiling CiphersSpec ( test/CiphersSpec.hs, dist/build/spec/spec-tmp/CiphersSpec.dyn_o ) [ 3 of 12] Compiling PipeChan ( test/PipeChan.hs, dist/build/spec/spec-tmp/PipeChan.dyn_o ) [ 4 of 12] Compiling PubKey ( test/PubKey.hs, dist/build/spec/spec-tmp/PubKey.dyn_o ) [ 5 of 12] Compiling Certificate ( test/Certificate.hs, dist/build/spec/spec-tmp/Certificate.dyn_o ) [ 6 of 12] Compiling Arbitrary ( test/Arbitrary.hs, dist/build/spec/spec-tmp/Arbitrary.dyn_o ) [ 7 of 12] Compiling EncodeSpec ( test/EncodeSpec.hs, dist/build/spec/spec-tmp/EncodeSpec.dyn_o ) [ 8 of 12] Compiling Run ( test/Run.hs, dist/build/spec/spec-tmp/Run.dyn_o ) [ 9 of 12] Compiling Session ( test/Session.hs, dist/build/spec/spec-tmp/Session.dyn_o ) [10 of 12] Compiling HandshakeSpec ( test/HandshakeSpec.hs, dist/build/spec/spec-tmp/HandshakeSpec.dyn_o ) [11 of 12] Compiling ThreadSpec ( test/ThreadSpec.hs, dist/build/spec/spec-tmp/ThreadSpec.dyn_o ) [12 of 12] Compiling Main ( test/Spec.hs, dist/build/spec/spec-tmp/Main.dyn_o ) [13 of 13] Linking dist/build/spec/spec Unregistering tls-2.0.6... ==> Starting check()... Running 1 test suites... Test suite spec: RUNNING... Ciphers ciphers can ecnrypt/decrypt [✔] +++ OK, passed 100 tests. Encode encoder/decoder can encode/decode Header [✔] +++ OK, passed 100 tests. can encode/decode Handshake [✔] +++ OK, passed 100 tests. can encode/decode Handshake13 [✔] +++ OK, passed 100 tests. Handshake pipe can setup a channel [✔] handshake C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]} can run TLS 1.2 [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.2,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,X25519,P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]} can run TLS 1.3 [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert13 [(AlertLevel_Fatal,DecryptError)]" " expected: handshake 13"), supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]} can update key for TLS 1.3 [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]} can prevent downgrade attack [✘] S: exception: HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256]} C: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureRSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureECDSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P384,X448,P256]} can negotiate hash and signature [✘] C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_8_SHA256,TLS_AES_128_CCM_8_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_8_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,X448,P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA384,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,X25519,P256]} C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_8_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureRSA),(HashSHA512,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureRSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519,X448]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureRSA),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureRSA),(HashSHA1,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]} C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_8_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd448),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureRSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,X448,P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,X448]} C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA),(HashSHA512,SignatureRSA),(HashSHA1,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert [(AlertLevel_Fatal,DecryptError)]" " expected: handshake"), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd448),(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA512,SignatureRSA),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd25519)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]} C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519]} C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448,P384]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert [(AlertLevel_Fatal,DecryptError)]" " expected: handshake"), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureEd25519),(HashSHA1,SignatureECDSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448,P384,X25519]} C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA512,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureECDSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert [(AlertLevel_Fatal,DecryptError)]" " expected: handshake"), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519,X448]} S: exception: HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,X25519,P256]} C: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256,P384]} C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureRSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd448),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,X448,P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureECDSA),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA1,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256]} C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA1,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,X448,P384,P256]} C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA1,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA256,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,X448,P256]} C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,P256,X25519,X448]} can negotiate cipher suite [✘] C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256,X25519]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]} can negotiate group [✘] can negotiate elliptic curve [✔] +++ OK, passed 100 tests. S: exception: HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA384,SignatureRSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd25519)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P384,P256]} C: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashSHA1,SignatureDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384,X25519,X448]} can fallback for certificate with cipher [✘] C: exception: HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac), supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P384,P256,X25519]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert13 [(AlertLevel_Fatal,BadRecordMac)]" " expected: handshake 13"), supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448,P384]} can fallback for certificate with hash and signature [✘] S: exception: HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac), supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_8_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureRSA),(HashSHA512,SignatureRSA),(HashSHA512,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256]} C: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_8_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA1,SignatureRSA),(HashSHA512,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384,X448]} can handle server key usage [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.2,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_8_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_8_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519,X448]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.2,TLS1.3,TLS1.3,TLS1.2,TLS1.2,TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.2], supportedCiphers = [TLS_AES_128_CCM_8_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_AES_128_CCM_8_SHA256,TLS_AES_128_CCM_8_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_8_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,X25519,P256]} can handle client key usage [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]} can authenticate client [✘] can receive client authentication failure [✔] +++ OK, passed 100 tests. C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.2,TLS1.2,TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.2,TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.2,TLS1.2,TLS1.3,TLS1.2,TLS1.2,TLS1.3,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.2,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.2,TLS1.3], supportedCiphers = [TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = AllowEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,P384]} can handle extended main secret [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.2,TLS1.2,TLS1.2,TLS1.3,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.2,TLS1.3,TLS1.3,TLS1.2,TLS1.2,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_AES_128_CCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA1,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = NoEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_AES_128_CCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_CHACHA20_POLY1305_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = NoEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,P256,X25519]} can resume with extended main secret [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]} can handle ALPN [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]} can handle SNI [✘] S: exception: HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac), supported: Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA512,SignatureRSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureECDSA),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = True, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,X448,P384,P256]} C: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureRSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256]} can re-negotiate with TLS 1.2 [✘] S: exception: HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac), supported: Supported {supportedVersions = [TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_AES_256_GCM_SHA384,TLS_AES_128_CCM_8_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256]} C: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384,X25519,X448]} can resume session with TLS 1.2 [✘] C: exception: HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError), supported: Supported {supportedVersions = [TLS1.2,TLS1.2,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,X25519,P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.2,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]} can resume session ticket with TLS 1.2 [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert13 [(AlertLevel_Fatal,DecryptError)]" " expected: handshake 13"), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519]} can handshake with TLS 1.3 Full [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert13 [(AlertLevel_Fatal,DecryptError)]" " expected: handshake 13"), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519]} can handshake with TLS 1.3 HRR [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519]} can handshake with TLS 1.3 PSK [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert13 [(AlertLevel_Fatal,DecryptError)]" " expected: handshake 13"), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519]} can handshake with TLS 1.3 PSK ticket [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert13 [(AlertLevel_Fatal,DecryptError)]" " expected: handshake 13"), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519]} can handshake with TLS 1.3 PSK -> HRR [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert13 [(AlertLevel_Fatal,DecryptError)]" " expected: handshake 13"), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519]} can handshake with TLS 1.3 0RTT [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert13 [(AlertLevel_Fatal,DecryptError)]" " expected: handshake 13"), supported: Supported {supportedVersions = [TLS1.3,TLS1.2], supportedCiphers = [TLS_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519]} can handshake with TLS 1.3 0RTT -> PSK [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.2,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519]} S: exception: HandshakeFailed (Error_Packet_unexpected "Alert13 [(AlertLevel_Fatal,DecryptError)]" " expected: handshake 13"), supported: Supported {supportedVersions = [TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]} can handshake with TLS 1.3 EE [✘] C: exception: HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac), supported: Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.3,TLS1.3,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,X25519,P256,P384]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.3,TLS1.3,TLS1.3], supportedCiphers = [TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM], supportedCompressions = [0], supportedHashSignatures = [(HashSHA512,SignatureECDSA),(HashSHA384,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,X448,P256,P384]} can handshake with TLS 1.3 EC groups [✘] C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.2,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [FFDHE4096,FFDHE3072,FFDHE2048]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [FFDHE4096,FFDHE3072,FFDHE2048]} can handshake with TLS 1.3 FFDHE groups [✘] S: exception: HandshakeFailed (Error_Protocol "verification failed" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.3], supportedCiphers = [TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,X448]} C: exception: Terminated True "received fatal error: DecryptError" (Error_Protocol "remote side fatal error" DecryptError), supported: Supported {supportedVersions = [TLS1.3,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519]} can handshake with TLS 1.3 Post-handshake auth [✘] Thread thread safety C: exception: HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError), supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]} S: exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]} can read/write concurrently [✘] Failures: test/HandshakeSpec.hs:31:9: 1) Handshake.handshake can run TLS 1.2 uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can run TLS 1.2/" test/HandshakeSpec.hs:32:9: 2) Handshake.handshake can run TLS 1.3 uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 18 tests) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.2,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can run TLS 1.3/" test/HandshakeSpec.hs:33:9: 3) Handshake.handshake can update key for TLS 1.3 uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can update key for TLS 1.3/" test/HandshakeSpec.hs:34:9: 4) Handshake.handshake can prevent downgrade attack uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can prevent downgrade attack/" test/HandshakeSpec.hs:35:9: 5) Handshake.handshake can negotiate hash and signature uncaught exception: TLSException HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac) (after 7 tests) ([(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureRSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureECDSA),(HashSHA256,SignatureECDSA)],[(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureRSA)]) To rerun use: --match "/Handshake/handshake/can negotiate hash and signature/" test/HandshakeSpec.hs:36:9: 6) Handshake.handshake can negotiate cipher suite uncaught exception: TLSException HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError) (after 20 tests and 11 shrinks) ([TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_128_CCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_CCM_SHA256],[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8]) To rerun use: --match "/Handshake/handshake/can negotiate cipher suite/" test/HandshakeSpec.hs:37:9: 7) Handshake.handshake can negotiate group uncaught exception: TLSException HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError) (after 4 tests) GGP [X448,P256,X25519] [P256,P384] To rerun use: --match "/Handshake/handshake/can negotiate group/" test/HandshakeSpec.hs:39:9: 8) Handshake.handshake can fallback for certificate with cipher uncaught exception: TLSException HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac) (after 4 tests) OC [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] [] To rerun use: --match "/Handshake/handshake/can fallback for certificate with cipher/" test/HandshakeSpec.hs:40:9: 9) Handshake.handshake can fallback for certificate with hash and signature uncaught exception: TLSException HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac) (after 19 tests) OHS [] [(HashIntrinsic,SignatureEd25519)] To rerun use: --match "/Handshake/handshake/can fallback for certificate with hash and signature/" test/HandshakeSpec.hs:43:9: 10) Handshake.handshake can handle server key usage uncaught exception: TLSException HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac) (after 24 tests) [KeyUsage_digitalSignature] To rerun use: --match "/Handshake/handshake/can handle server key usage/" test/HandshakeSpec.hs:44:9: 11) Handshake.handshake can handle client key usage uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 11 tests) [KeyUsage_digitalSignature] To rerun use: --match "/Handshake/handshake/can handle client key usage/" test/HandshakeSpec.hs:45:9: 12) Handshake.handshake can authenticate client uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can authenticate client/" test/HandshakeSpec.hs:47:9: 13) Handshake.handshake can handle extended main secret uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 3 tests) (RequireEMS,AllowEMS) To rerun use: --match "/Handshake/handshake/can handle extended main secret/" test/HandshakeSpec.hs:48:9: 14) Handshake.handshake can resume with extended main secret uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 3 tests) (CompatEMS (NoEMS,NoEMS),CompatEMS (NoEMS,NoEMS)) To rerun use: --match "/Handshake/handshake/can resume with extended main secret/" test/HandshakeSpec.hs:49:9: 15) Handshake.handshake can handle ALPN uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handle ALPN/" test/HandshakeSpec.hs:50:9: 16) Handshake.handshake can handle SNI uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handle SNI/" test/HandshakeSpec.hs:51:9: 17) Handshake.handshake can re-negotiate with TLS 1.2 uncaught exception: TLSException HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac) (after 19 tests) CSP12 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureRSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureRSA),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA512,SignatureRSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureECDSA),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,X448,P384,P256]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can re-negotiate with TLS 1.2/" test/HandshakeSpec.hs:52:9: 18) Handshake.handshake can resume session with TLS 1.2 uncaught exception: TLSException HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac) (after 9 tests) CSP12 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384,X25519,X448]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_AES_256_GCM_SHA384,TLS_AES_128_CCM_8_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can resume session with TLS 1.2/" test/HandshakeSpec.hs:53:9: 19) Handshake.handshake can resume session ticket with TLS 1.2 uncaught exception: TLSException HandshakeFailed (Error_Protocol "bad PubKeyALG_Ed448 signature for ecdhparams" DecryptError) (after 18 tests) CSP12 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.2,TLS1.2,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.2,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can resume session ticket with TLS 1.2/" test/HandshakeSpec.hs:54:9: 20) Handshake.handshake can handshake with TLS 1.3 Full uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 Full/" test/HandshakeSpec.hs:55:9: 21) Handshake.handshake can handshake with TLS 1.3 HRR uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 HRR/" test/HandshakeSpec.hs:56:9: 22) Handshake.handshake can handshake with TLS 1.3 PSK uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 PSK/" test/HandshakeSpec.hs:57:9: 23) Handshake.handshake can handshake with TLS 1.3 PSK ticket uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 PSK ticket/" test/HandshakeSpec.hs:58:9: 24) Handshake.handshake can handshake with TLS 1.3 PSK -> HRR uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 PSK -> HRR/" test/HandshakeSpec.hs:59:9: 25) Handshake.handshake can handshake with TLS 1.3 0RTT uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 0RTT/" test/HandshakeSpec.hs:60:9: 26) Handshake.handshake can handshake with TLS 1.3 0RTT -> PSK uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 0RTT -> PSK/" test/HandshakeSpec.hs:61:9: 27) Handshake.handshake can handshake with TLS 1.3 EE uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 18 tests) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.2,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 EE/" test/HandshakeSpec.hs:62:9: 28) Handshake.handshake can handshake with TLS 1.3 EC groups uncaught exception: TLSException HandshakeFailed (Error_Protocol "bad record mac on AEAD" BadRecordMac) (after 5 tests) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.3,TLS1.3,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA1,SignatureRSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X448,P256,X25519]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.3,TLS1.3,TLS1.3], supportedCiphers = [TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM], supportedCompressions = [0], supportedHashSignatures = [(HashSHA512,SignatureECDSA),(HashSHA384,SignatureRSA),(HashSHA1,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 EC groups/" test/HandshakeSpec.hs:63:9: 29) Handshake.handshake can handshake with TLS 1.3 FFDHE groups uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 18 tests) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3,TLS1.3,TLS1.2,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA512,SignatureECDSA),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P384,X25519,P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3,TLS1.2,TLS1.3,TLS1.3,TLS1.3,TLS1.2,TLS1.3,TLS1.2,TLS1.2], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_AES_256_GCM_SHA384], supportedCompressions = [0], supportedHashSignatures = [(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,P384]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 FFDHE groups/" test/HandshakeSpec.hs:64:9: 30) Handshake.handshake can handshake with TLS 1.3 Post-handshake auth uncaught exception: TLSException HandshakeFailed (Error_Protocol "verification failed" DecryptError) (after 2 tests) CSP13 (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3,TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashSHA384,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA256,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA256,SignatureECDSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X25519]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3,TLS1.3], supportedCiphers = [TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureECDSA),(HashSHA512,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Handshake/handshake/can handshake with TLS 1.3 Post-handshake auth/" test/ThreadSpec.hs:21:9: 31) Thread, thread safety, can read/write concurrently uncaught exception: TLSException HandshakeFailed (Error_Protocol "cannot verify CertificateVerify" DecryptError) (after 1 test) (ClientParams {clientUseMaxFragmentLength = Nothing, clientServerIdentification = ("",""), clientUseServerNameIndication = True, clientWantSessionResume = Nothing, clientShared = Shared, clientHooks = ClientHooks, clientSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_AES_128_CCM_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashSHA1,SignatureECDSA),(HashIntrinsic,SignatureEd25519),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA512,SignatureRSA),(HashSHA256,SignatureECDSA),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA384,SignatureECDSA),(HashSHA512,SignatureECDSA),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256]}, clientDebug = DebugParams, clientUseEarlyData = False},ServerParams {serverWantClientCert = False, serverCACertificates = [], serverDHEParams = Nothing, serverHooks = ServerHooks, serverShared = Shared, serverSupported = Supported {supportedVersions = [TLS1.3], supportedCiphers = [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256], supportedCompressions = [0], supportedHashSignatures = [(HashSHA1,SignatureECDSA),(HashSHA256,SignatureRSA),(HashSHA512,SignatureECDSA),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureECDSA),(HashSHA256,SignatureECDSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashIntrinsic,SignatureEd25519),(HashSHA384,SignatureRSA)], supportedSecureRenegotiation = True, supportedClientInitiatedRenegotiation = False, supportedExtendedMainSecret = RequireEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [P256,X448]}, serverDebug = DebugParams, serverEarlyDataSize = 0, serverTicketLifetime = 7200}) To rerun use: --match "/Thread/thread safety/can read/write concurrently/" Randomized with seed 1557658824 Finished in 15.9750 seconds 38 examples, 31 failures Test suite spec: FAIL Test suite logged to: dist/test/tls-2.0.6-spec.log 0 of 1 test suites (0 of 1 test cases) passed. ==> ERROR: A failure occurred in check().  Aborting... ==> ERROR: Build failed, check /var/lib/archbuild/extra-riscv64/felix-1/build [?25h[?25h[?25hreceiving incremental file list haskell-tls-2.0.6-14-riscv64-build.log haskell-tls-2.0.6-14-riscv64-check.log sent 62 bytes received 8,567 bytes 5,752.67 bytes/sec total size is 170,739 speedup is 19.79