chore: update dependencies

reneleonhardt · reneleonhardt · commit 592c01b3efc1 · 2025-10-13T15:09:04.000+02:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: docker
+    directories:
+      - /
+      - docker_test
+    schedule:
+      interval: weekly
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,27 +10,27 @@ jobs:
       matrix:
         cc: [clang, gcc]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: build with ${{ matrix.cc }}
         run: |
           # Since ubuntu-latest does not ship with OpenSSL >= v3.5, dynamic linking will fail unless we build and install it.
-          git clone -b openssl-3.5 https://github.com/openssl/openssl
+          git clone -b openssl-3.6 https://github.com/openssl/openssl
           pushd openssl
           git fetch --tags
-          git checkout openssl-3.5.0
-          ./config --prefix=/opt/openssl35 shared
+          git checkout openssl-3.6.0
+          ./config --prefix=/opt/openssl36 shared
           make -j $(nproc --all)
           make install
           popd
 
-          make sslscan LDFLAGS=-L/opt/openssl35 CFLAGS=-I/opt/openssl35/include
+          make sslscan LDFLAGS=-L/opt/openssl36 CFLAGS=-I/opt/openssl36/include
           make static
         env:
           CC: ${{ matrix.cc }}
   build_mingw:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: install mingw-w64
         run: |
           sudo apt-get update -qq
diff --git a/docker_test.sh b/docker_test.sh
@@ -131,15 +131,15 @@ function run_test_8 {
 }
 
 
-# OpenSSL v3.5.0, TLSv1.3 only, with all supported groups.
+# OpenSSL v3.6.0, TLSv1.3 only, with all supported groups.
 function run_test_9 {
-    run_test $1 '9' "/openssl_v3.5.0/openssl s_server -accept 443 -key /etc/ssl/key_3072.pem -cert /etc/ssl/cert_3072.crt -tls1_3 -groups secp256r1:secp384r1:secp521r1:x25519:x448:brainpoolP256r1tls13:brainpoolP384r1tls13:brainpoolP512r1tls13:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192:MLKEM512:MLKEM768:MLKEM1024:SecP256r1MLKEM768:X25519MLKEM768:SecP384r1MLKEM1024" ""
+    run_test $1 '9' "/openssl_v3.6.0/openssl s_server -accept 443 -key /etc/ssl/key_3072.pem -cert /etc/ssl/cert_3072.crt -tls1_3 -groups secp256r1:secp384r1:secp521r1:x25519:x448:brainpoolP256r1tls13:brainpoolP384r1tls13:brainpoolP512r1tls13:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192:MLKEM512:MLKEM768:MLKEM1024:SecP256r1MLKEM768:X25519MLKEM768:SecP384r1MLKEM1024" ""
 }
 
 
-# GnuTLS v3.8.9, TLSv1.3 only, with all supported groups.
+# GnuTLS v3.8.10, TLSv1.3 only, with all supported groups.
 function run_test_10 {
-    run_test $1 '10' "/gnutls-3.8.9/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem --priority=NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+GROUP-SECP192R1:+GROUP-SECP224R1:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-X25519:+GROUP-GC256B:+GROUP-GC512A:+GROUP-X448:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE6144:+GROUP-FFDHE8192" ""
+    run_test $1 '10' "/gnutls-3.8.10/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem --priority=NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+GROUP-SECP192R1:+GROUP-SECP224R1:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-X25519:+GROUP-GC256B:+GROUP-GC512A:+GROUP-X448:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE6144:+GROUP-FFDHE8192" ""
 }
 
 
@@ -155,21 +155,21 @@ function run_test_12 {
 }
 
 
-# GnuTLS 3.6.11.1, default options.
+# GnuTLS 3.6.16, default options.
 function run_test_13 {
-    run_test $1 '13' "/gnutls-3.6.11.1/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""
+    run_test $1 '13' "/gnutls-3.6.16/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""
 }
 
 
 # GnuTLS with only TLSv1.2 and TLSv1.3, and secp521r1 and ffdhe8192 groups.
 function run_test_14 {
-    run_test $1 '14' "/gnutls-3.6.11.1/gnutls-serv -p 443 --priority=NORMAL:-VERS-TLS1.1:-VERS-TLS1.0:-GROUP-X25519:-GROUP-SECP256R1:-GROUP-SECP384R1:-GROUP-FFDHE2048:-GROUP-FFDHE3072:-GROUP-FFDHE4096:-GROUP-FFDHE6144 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""
+    run_test $1 '14' "/gnutls-3.6.16/gnutls-serv -p 443 --priority=NORMAL:-VERS-TLS1.1:-VERS-TLS1.0:-GROUP-X25519:-GROUP-SECP256R1:-GROUP-SECP384R1:-GROUP-FFDHE2048:-GROUP-FFDHE3072:-GROUP-FFDHE4096:-GROUP-FFDHE6144 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""
 }
 
 
 # GnuTLS with an ECDSA certificate (secp256r1 / NIST P-256).
 function run_test_15 {
-    run_test $1 '15' "/gnutls-3.6.11.1/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem" ""
+    run_test $1 '15' "/gnutls-3.6.16/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem" ""
 }
 
 
@@ -187,19 +187,19 @@ function run_test_17 {
 
 # TLSv1.2 with ECDSA-SHA1 signature only.
 function run_test_18 {
-    run_test $1 '18' "/gnutls-3.6.11.1/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NONE:-VERS-TLS1.0:-VERS-TLS1.1:+VERS-TLS1.2:-VERS-TLS1.3:+MAC-ALL:+GROUP-ALL:+SIGN-ECDSA-SHA1:+COMP-NULL:+CTYPE-SRV-ALL:+KX-ALL:+CHACHA20-POLY1305:+CAMELLIA-128-GCM:+AES-128-GCM" ""
+    run_test $1 '18' "/gnutls-3.6.16/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NONE:-VERS-TLS1.0:-VERS-TLS1.1:+VERS-TLS1.2:-VERS-TLS1.3:+MAC-ALL:+GROUP-ALL:+SIGN-ECDSA-SHA1:+COMP-NULL:+CTYPE-SRV-ALL:+KX-ALL:+CHACHA20-POLY1305:+CAMELLIA-128-GCM:+AES-128-GCM" ""
 }
 
 
 # Mbed TLS, default settings.
 function run_test_19 {
-    run_test $1 '19' "/mbedtls_v3.6.3.1/ssl_server2 server_port=443 crt_file=/etc/ssl/cert_3072.crt key_file=/etc/ssl/key_3072.pem" ""
+    run_test $1 '19' "/mbedtls_v3.6.4/ssl_server2 server_port=443 crt_file=/etc/ssl/cert_3072.crt key_file=/etc/ssl/key_3072.pem" ""
 }
 
 
 # Many unique algorithms only present in GnuTLS.
 function run_test_20 {
-    run_test $1 '20' "/gnutls-3.8.9/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NORMAL:+GOST28147-TC26Z-CFB:+GOST28147-CPA-CFB:+GOST28147-CPB-CFB:+GOST28147-CPC-CFB:+GOST28147-CPD-CFB:+AES-128-XTS:+AES-256-XTS:+AES-128-SIV:+AES-256-SIV:+AES-128-SIV-GCM:+AES-256-SIV-GCM:+GOST28147-TC26Z-CNT:+MAGMA-CTR-ACPKM:+KUZNYECHIK-CTR-ACPKM:+GOSTR341194:+STREEBOG-256:+STREEBOG-512:+VKO-GOST-12:+RSA-EXPORT:+GROUP-GC256B:+GROUP-GC512A:+SIGN-ECDSA-SHA3-224:+SIGN-ECDSA-SHA3-256:+SIGN-ECDSA-SHA3-384:+SIGN-ECDSA-SHA3-512:+SIGN-RSA-SHA3-224:+SIGN-RSA-SHA3-256:+SIGN-RSA-SHA3-384:+SIGN-RSA-SHA3-512:+SIGN-DSA-SHA3-224:+SIGN-DSA-SHA3-256:+SIGN-DSA-SHA3-384:+SIGN-DSA-SHA3-512:+SIGN-RSA-RAW:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:+SIGN-DSA-SHA384:+SIGN-DSA-SHA512" ""
+    run_test $1 '20' "/gnutls-3.8.10/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NORMAL:+GOST28147-TC26Z-CFB:+GOST28147-CPA-CFB:+GOST28147-CPB-CFB:+GOST28147-CPC-CFB:+GOST28147-CPD-CFB:+AES-128-XTS:+AES-256-XTS:+AES-128-SIV:+AES-256-SIV:+AES-128-SIV-GCM:+AES-256-SIV-GCM:+GOST28147-TC26Z-CNT:+MAGMA-CTR-ACPKM:+KUZNYECHIK-CTR-ACPKM:+GOSTR341194:+STREEBOG-256:+STREEBOG-512:+VKO-GOST-12:+RSA-EXPORT:+GROUP-GC256B:+GROUP-GC512A:+SIGN-ECDSA-SHA3-224:+SIGN-ECDSA-SHA3-256:+SIGN-ECDSA-SHA3-384:+SIGN-ECDSA-SHA3-512:+SIGN-RSA-SHA3-224:+SIGN-RSA-SHA3-256:+SIGN-RSA-SHA3-384:+SIGN-RSA-SHA3-512:+SIGN-DSA-SHA3-224:+SIGN-DSA-SHA3-256:+SIGN-DSA-SHA3-384:+SIGN-DSA-SHA3-512:+SIGN-RSA-RAW:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:+SIGN-DSA-SHA384:+SIGN-DSA-SHA512" ""
 }
 
 
diff --git a/docker_test/Dockerfile b/docker_test/Dockerfile
@@ -5,7 +5,9 @@ FROM ubuntu:24.04 AS builder
 COPY build_test_apps.sh /build/build_test_apps.sh
 
 # Update base image and install prerequisites for building.
-RUN apt update; apt install -y build-essential zlib1g zlib1g-dev nettle-dev git wget m4 pkg-config python3 python3-pip python3-virtualenv python3-venv
+RUN apt update && \
+    DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends build-essential zlib1g zlib1g-dev nettle-dev git wget m4 pkg-config python3 python3-pip python3-virtualenv python3-venv && \
+    rm -rf /var/lib/apt/lists/*
 
 # Build all applications.
 RUN /bin/bash /build/build_test_apps.sh
@@ -17,18 +19,18 @@ FROM ubuntu:24.04
 COPY --from=builder /build/libhogweed.so.5 /usr/lib/libhogweed.so.5
 COPY --from=builder /build/libnettle.so.7 /usr/lib/libnettle.so.7
 
-COPY --from=builder /build/gnutls-cli-v3.6.11.1 /gnutls-3.6.11.1/gnutls-cli
-COPY --from=builder /build/gnutls-serv-v3.6.11.1 /gnutls-3.6.11.1/gnutls-serv
+COPY --from=builder /build/gnutls-cli-v3.6.16 /gnutls-3.6.16/gnutls-cli
+COPY --from=builder /build/gnutls-serv-v3.6.16 /gnutls-3.6.16/gnutls-serv
 
-COPY --from=builder /build/gnutls-cli-v3.8.9 /gnutls-3.8.9/gnutls-cli
-COPY --from=builder /build/gnutls-serv-v3.8.9 /gnutls-3.8.9/gnutls-serv
+COPY --from=builder /build/gnutls-cli-v3.8.10 /gnutls-3.8.10/gnutls-cli
+COPY --from=builder /build/gnutls-serv-v3.8.10 /gnutls-3.8.10/gnutls-serv
 
 COPY --from=builder /build/openssl_prog_v1.0.0 /openssl_v1.0.0/openssl
 COPY --from=builder /build/openssl_prog_v1.0.2 /openssl_v1.0.2/openssl
 COPY --from=builder /build/openssl_prog_v1.1.1 /openssl_v1.1.1/openssl
-COPY --from=builder /build/openssl_prog_v3.5.0 /openssl_v3.5.0/openssl
+COPY --from=builder /build/openssl_prog_v3.6.0 /openssl_v3.6.0/openssl
 
-COPY --from=builder /build/mbedtls_ssl_server2_v3.6.3.1 /mbedtls_v3.6.3.1/ssl_server2
+COPY --from=builder /build/mbedtls_ssl_server2_v3.6.4 /mbedtls_v3.6.4/ssl_server2
 
 # Copy certificates, keys, and DH parameters.
 COPY *.pem /etc/ssl/
diff --git a/docker_test/build_test_apps.sh b/docker_test/build_test_apps.sh
@@ -25,14 +25,14 @@ fi
 
 # Compile all version of GnuTLS.
 function compile_gnutls_all {
-    compile_gnutls '3.6.11.1'
-    compile_gnutls '3.8.9'
+    compile_gnutls '3.6.16'
+    compile_gnutls '3.8.10'
 }
 
 
 # Compile all versions of Mbed TLS.
 function compile_mbedtls_all {
-    compile_mbedtls '3.6.3.1'
+    compile_mbedtls '3.6.4'
 }
 
 
@@ -41,7 +41,7 @@ function compile_openssl_all {
     compile_openssl '1.0.0'
     compile_openssl '1.0.2'
     compile_openssl '1.1.1'
-    compile_openssl '3.5.0'
+    compile_openssl '3.6.0'
 }
 
 
@@ -51,16 +51,16 @@ function compile_mbedtls {
 
     git_tag=
     output_dir=
-    if [[ $version == '3.6.3.1' ]]; then
-	git_tag="v3.6.3.1"
-        output_dir="mbedtls_v3.6.3.1_dir"
+    if [[ $version == '3.6.4' ]]; then
+	      git_tag="v3.6.4"
+        output_dir="mbedtls_v3.6.4_dir"
     else
 	echo -e "${REDB}Error: Mbed TLS v${version} is unknown!${CLR}"
 	exit 1
     fi
 
     echo -e "\n${YELLOWB}Downloading Mbed TLS v${version}...${CLR}\n"
-    git clone --depth 1 -b ${git_tag} https://github.com/Mbed-TLS/mbedtls ${output_dir}
+    git clone --depth 1 --recurse-submodules -b ${git_tag} https://github.com/Mbed-TLS/mbedtls ${output_dir}
 
     echo -e "\n${YELLOWB}Compiling Mbed TLS v${version}...${CLR}\n"
     pushd ${output_dir}
@@ -113,10 +113,10 @@ function compile_openssl {
 	git_tag="OpenSSL_1_1_1-stable"
 	compile_args="enable-weak-ssl-ciphers no-shared zlib"
 	output_dir="openssl_v1.1.1_dir"
-    elif [[ $version == '3.5.0' ]]; then
-	git_tag="openssl-3.5.0"
+    elif [[ $version == '3.6.0' ]]; then
+	git_tag="openssl-3.6.0"
 	compile_args="enable-weak-ssl-ciphers no-shared zlib"
-	output_dir="openssl_v3.5.0_dir"
+	output_dir="openssl_v3.6.0_dir"
     else
 	echo -e "${REDB}Error: OpenSSL v${version} is unknown!${CLR}"
 	exit 1
@@ -163,23 +163,23 @@ function compile_gnutls {
     nettle_version=
     compile_num_procs=${NUM_PROCS}
     compile_nettle=0
-    if [[ "${gnutls_version}" == "3.6.11.1" ]]; then
-	gnutls_url=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.11.1.tar.xz
-	gnutls_expected_sha256=fbba12f3db9a55dbf027e14111755817ec44b57eabec3e8089aac8ac6f533cf8
-	gnutls_filename=gnutls-3.6.11.1.tar.xz
-	gnutls_source_dir=gnutls-3.6.11.1
-	nettle_version=3.5.1
-	nettle_url=https://ftp.gnu.org/gnu/nettle/nettle-3.5.1.tar.gz
-	nettle_expected_sha256=75cca1998761b02e16f2db56da52992aef622bf55a3b45ec538bc2eedadc9419
-	nettle_filename=nettle-3.5.1.tar.gz
-	nettle_source_dir=nettle-3.5.1
-	compile_nettle=1
-    elif [[ "${gnutls_version}" == "3.8.9" ]]; then
+    if [[ "${gnutls_version}" == "3.6.16" ]]; then
+        gnutls_url=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.16.tar.xz
+        gnutls_expected_sha256=1b79b381ac283d8b054368b335c408fedcb9b7144e0c07f531e3537d4328f3b3
+        gnutls_filename=gnutls-3.6.16.tar.xz
+        gnutls_source_dir=gnutls-3.6.16
+        nettle_version=3.10.2
+        nettle_url=https://ftp.gnu.org/gnu/nettle/nettle-3.10.2.tar.gz
+        nettle_expected_sha256=fe9ff51cb1f2abb5e65a6b8c10a92da0ab5ab6eaf26e7fc2b675c45f1fb519b5
+        nettle_filename=nettle-3.10.2.tar.gz
+        nettle_source_dir=nettle-3.10.2
+        compile_nettle=1
+    elif [[ "${gnutls_version}" == "3.8.10" ]]; then
         echo "Using platform's nettle library."
-        gnutls_url=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.9.tar.xz
-	gnutls_expected_sha256=69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed
-	gnutls_filename=gnutls-3.8.9.tar.xz
-	gnutls_source_dir=gnutls-3.8.9
+        gnutls_url=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.10.tar.xz
+        gnutls_expected_sha256=db7fab7cce791e7727ebbef2334301c821d79a550ec55c9ef096b610b03eb6b7
+        gnutls_filename=gnutls-3.8.10.tar.xz
+        gnutls_source_dir=gnutls-3.8.10
     else
 	echo -e "${REDB}Error: GnuTLS v${gnutls_version} is unknown!${CLR}"
 	exit 1
@@ -262,7 +262,7 @@ function compile_gnutls {
 	exit 1
     fi
 
-    # Copy the gnutls-cli and gnutls-serv apps to the top-level docker building dir as, e.g. 'gnutls-cli-v3.6.11.1'.  Then we can delete the source code directory and move on.
+    # Copy the gnutls-cli and gnutls-serv apps to the top-level docker building dir as, e.g. 'gnutls-cli-v3.6.16'.  Then we can delete the source code directory and move on.
     cp "src/gnutls-cli" "/build/gnutls-cli-v${gnutls_version}"
     cp "src/gnutls-serv" "/build/gnutls-serv-v${gnutls_version}"
 

Original file line number	Diff line number	Diff line change
`@@ -131,15 +131,15 @@ function run_test_8 {`
`131`	`131`	`}`
`132`	`132`
`133`	`133`
`134`		`-# OpenSSL v3.5.0, TLSv1.3 only, with all supported groups.`
	`134`	`+# OpenSSL v3.6.0, TLSv1.3 only, with all supported groups.`
`135`	`135`	`function run_test_9 {`
`136`		`- run_test $1 '9' "/openssl_v3.5.0/openssl s_server -accept 443 -key /etc/ssl/key_3072.pem -cert /etc/ssl/cert_3072.crt -tls1_3 -groups secp256r1:secp384r1:secp521r1:x25519:x448:brainpoolP256r1tls13:brainpoolP384r1tls13:brainpoolP512r1tls13:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192:MLKEM512:MLKEM768:MLKEM1024:SecP256r1MLKEM768:X25519MLKEM768:SecP384r1MLKEM1024" ""`
	`136`	`+ run_test $1 '9' "/openssl_v3.6.0/openssl s_server -accept 443 -key /etc/ssl/key_3072.pem -cert /etc/ssl/cert_3072.crt -tls1_3 -groups secp256r1:secp384r1:secp521r1:x25519:x448:brainpoolP256r1tls13:brainpoolP384r1tls13:brainpoolP512r1tls13:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192:MLKEM512:MLKEM768:MLKEM1024:SecP256r1MLKEM768:X25519MLKEM768:SecP384r1MLKEM1024" ""`
`137`	`137`	`}`
`138`	`138`
`139`	`139`
`140`		`-# GnuTLS v3.8.9, TLSv1.3 only, with all supported groups.`
	`140`	`+# GnuTLS v3.8.10, TLSv1.3 only, with all supported groups.`
`141`	`141`	`function run_test_10 {`
`142`		`- run_test $1 '10' "/gnutls-3.8.9/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem --priority=NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+GROUP-SECP192R1:+GROUP-SECP224R1:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-X25519:+GROUP-GC256B:+GROUP-GC512A:+GROUP-X448:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE6144:+GROUP-FFDHE8192" ""`
	`142`	`+ run_test $1 '10' "/gnutls-3.8.10/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem --priority=NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+GROUP-SECP192R1:+GROUP-SECP224R1:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-X25519:+GROUP-GC256B:+GROUP-GC512A:+GROUP-X448:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE6144:+GROUP-FFDHE8192" ""`
`143`	`143`	`}`
`144`	`144`
`145`	`145`
`@@ -155,21 +155,21 @@ function run_test_12 {`
`155`	`155`	`}`
`156`	`156`
`157`	`157`
`158`		`-# GnuTLS 3.6.11.1, default options.`
	`158`	`+# GnuTLS 3.6.16, default options.`
`159`	`159`	`function run_test_13 {`
`160`		`- run_test $1 '13' "/gnutls-3.6.11.1/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""`
	`160`	`+ run_test $1 '13' "/gnutls-3.6.16/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""`
`161`	`161`	`}`
`162`	`162`
`163`	`163`
`164`	`164`	`# GnuTLS with only TLSv1.2 and TLSv1.3, and secp521r1 and ffdhe8192 groups.`
`165`	`165`	`function run_test_14 {`
`166`		`- run_test $1 '14' "/gnutls-3.6.11.1/gnutls-serv -p 443 --priority=NORMAL:-VERS-TLS1.1:-VERS-TLS1.0:-GROUP-X25519:-GROUP-SECP256R1:-GROUP-SECP384R1:-GROUP-FFDHE2048:-GROUP-FFDHE3072:-GROUP-FFDHE4096:-GROUP-FFDHE6144 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""`
	`166`	`+ run_test $1 '14' "/gnutls-3.6.16/gnutls-serv -p 443 --priority=NORMAL:-VERS-TLS1.1:-VERS-TLS1.0:-GROUP-X25519:-GROUP-SECP256R1:-GROUP-SECP384R1:-GROUP-FFDHE2048:-GROUP-FFDHE3072:-GROUP-FFDHE4096:-GROUP-FFDHE6144 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""`
`167`	`167`	`}`
`168`	`168`
`169`	`169`
`170`	`170`	`# GnuTLS with an ECDSA certificate (secp256r1 / NIST P-256).`
`171`	`171`	`function run_test_15 {`
`172`		`- run_test $1 '15' "/gnutls-3.6.11.1/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem" ""`
	`172`	`+ run_test $1 '15' "/gnutls-3.6.16/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem" ""`
`173`	`173`	`}`
`174`	`174`
`175`	`175`
`@@ -187,19 +187,19 @@ function run_test_17 {`
`187`	`187`
`188`	`188`	`# TLSv1.2 with ECDSA-SHA1 signature only.`
`189`	`189`	`function run_test_18 {`
`190`		`- run_test $1 '18' "/gnutls-3.6.11.1/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NONE:-VERS-TLS1.0:-VERS-TLS1.1:+VERS-TLS1.2:-VERS-TLS1.3:+MAC-ALL:+GROUP-ALL:+SIGN-ECDSA-SHA1:+COMP-NULL:+CTYPE-SRV-ALL:+KX-ALL:+CHACHA20-POLY1305:+CAMELLIA-128-GCM:+AES-128-GCM" ""`
	`190`	`+ run_test $1 '18' "/gnutls-3.6.16/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NONE:-VERS-TLS1.0:-VERS-TLS1.1:+VERS-TLS1.2:-VERS-TLS1.3:+MAC-ALL:+GROUP-ALL:+SIGN-ECDSA-SHA1:+COMP-NULL:+CTYPE-SRV-ALL:+KX-ALL:+CHACHA20-POLY1305:+CAMELLIA-128-GCM:+AES-128-GCM" ""`
`191`	`191`	`}`
`192`	`192`
`193`	`193`
`194`	`194`	`# Mbed TLS, default settings.`
`195`	`195`	`function run_test_19 {`
`196`		`- run_test $1 '19' "/mbedtls_v3.6.3.1/ssl_server2 server_port=443 crt_file=/etc/ssl/cert_3072.crt key_file=/etc/ssl/key_3072.pem" ""`
	`196`	`+ run_test $1 '19' "/mbedtls_v3.6.4/ssl_server2 server_port=443 crt_file=/etc/ssl/cert_3072.crt key_file=/etc/ssl/key_3072.pem" ""`
`197`	`197`	`}`
`198`	`198`
`199`	`199`
`200`	`200`	`# Many unique algorithms only present in GnuTLS.`
`201`	`201`	`function run_test_20 {`
`202`		- run_test $1 '20' "/gnutls-3.8.9/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NORMAL:+GOST28147-TC26Z-CFB:+GOST28147-CPA-CFB:+GOST28147-CPB-CFB:+GOST28147-CPC-CFB:+GOST28147-CPD-CFB:+AES-128-XTS:+AES-256-XTS:+AES-128-SIV:+AES-256-SIV:+AES-128-SIV-GCM:+AES-256-SIV-GCM:+GOST28147-TC26Z-CNT:+MAGMA-CTR-ACPKM:+KUZNYECHIK-CTR-ACPKM:+GOSTR341194:+STREEBOG-256:+STREEBOG-512:+VKO-GOST-12:+RSA-EXPORT:+GROUP-GC256B:+GROUP-GC512A:+SIGN-ECDSA-SHA3-224:+SIGN-ECDSA-SHA3-256:+SIGN-ECDSA-SHA3-384:+SIGN-ECDSA-SHA3-512:+SIGN-RSA-SHA3-224:+SIGN-RSA-SHA3-256:+SIGN-RSA-SHA3-384:+SIGN-RSA-SHA3-512:+SIGN-DSA-SHA3-224:+SIGN-DSA-SHA3-256:+SIGN-DSA-SHA3-384:+SIGN-DSA-SHA3-512:+SIGN-RSA-RAW:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:+SIGN-DSA-SHA384:+SIGN-DSA-SHA512" ""
	`202`	+ run_test $1 '20' "/gnutls-3.8.10/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NORMAL:+GOST28147-TC26Z-CFB:+GOST28147-CPA-CFB:+GOST28147-CPB-CFB:+GOST28147-CPC-CFB:+GOST28147-CPD-CFB:+AES-128-XTS:+AES-256-XTS:+AES-128-SIV:+AES-256-SIV:+AES-128-SIV-GCM:+AES-256-SIV-GCM:+GOST28147-TC26Z-CNT:+MAGMA-CTR-ACPKM:+KUZNYECHIK-CTR-ACPKM:+GOSTR341194:+STREEBOG-256:+STREEBOG-512:+VKO-GOST-12:+RSA-EXPORT:+GROUP-GC256B:+GROUP-GC512A:+SIGN-ECDSA-SHA3-224:+SIGN-ECDSA-SHA3-256:+SIGN-ECDSA-SHA3-384:+SIGN-ECDSA-SHA3-512:+SIGN-RSA-SHA3-224:+SIGN-RSA-SHA3-256:+SIGN-RSA-SHA3-384:+SIGN-RSA-SHA3-512:+SIGN-DSA-SHA3-224:+SIGN-DSA-SHA3-256:+SIGN-DSA-SHA3-384:+SIGN-DSA-SHA3-512:+SIGN-RSA-RAW:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:+SIGN-DSA-SHA384:+SIGN-DSA-SHA512" ""
`203`	`203`	`}`
`204`	`204`
`205`	`205`