wolfssl/tests/test-tls13-down.conf

# THIS TEST IS BROKEN
# server TLSv1.3 downgrade
#-v d
#-l TLS13-CHACHA20-POLY1305-SHA256

# client TLSv1.2
#-v 3

# server TLSv1.2
-v 3

# client TLSv1.3 downgrade
-v d

# server TLSv1.3 downgrade
-v d

# client TLSv1.3 downgrade
-v d

# server TLSv1.3 downgrade but don't and resume
-v d
-r

# client TLSv1.3 downgrade but don't and resume
-v d
-r

# server TLSv1.3 downgrade and resume
-v d
-r

# client TLSv1.2 and resume
-v 3
-r

# server TLSv1.2 and resume
-v d
-r

# cient TLSv1.3 downgrade and resume
-v 3
-r

# server TLSv1.3
-v 4
-l TLS13-AES128-GCM-SHA256
-H exitWithRet

# client TLSv1.2, should fail
-v 3
-H exitWithRet

# server TLSv1.2 
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
-H exitWithRet

# client TLSv1.3, should fail
-v 4
-H exitWithRet

# server TLSv1.2 
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
-H exitWithRet

# client
# enable downgrade
# minimum downgradable TLSv 1.3
# expect to be failure
-7 4
-v d
-H exitWithRet

# server
# enable downgrade
# minimum downgradable TLSv 1.3
-7 4
-v d
-l TLS13-AES128-GCM-SHA256

# client
# enable downgrade
# minimum downgradable TLSv 1.3
-7 4
-v d

# server
# enable downgrade
# minimum downgradable TLSv 1.2
-7 3
-v d
-l ECDHE-RSA-AES256-GCM-SHA384

# client TLSv 1.2
-v 3

# server
# enable downgrade
# minimum downgradable TLSv 1.3
# expect to be failure
-7 4
-v d
-l TLS13-AES128-GCM-SHA256
-H exitWithRet

# client TLSv 1.2
-v 3
-H exitWithRet

# server TLSv1.2 - PSK
-v 3
-s
-l ECDHE-PSK-AES128-GCM-SHA256

# client TLS PSK multiversion, allow downgrade
-v d
-7 3
-s
-l ECDHE-PSK-AES128-GCM-SHA256