From 587cfe65ca3c82f65f60fd855c1f163652c4a4ba Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Thu, 8 Feb 2024 08:56:09 +0100
Subject: [PATCH] ssl-opt.sh: Establish TLS 1.2 then TLS 1.3 connection

Add a test where first we establish a
TLS 1.2 session, then a TLS 1.3 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tests/ssl-opt.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 26c5a796f..be4c6f70a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -11700,6 +11700,18 @@ run_test    "TLS 1.3: Default" \
             -s "ECDH/FFDH group: " \
             -s "selected signature algorithm ecdsa_secp256r1_sha256"
 
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+run_test    "Establish TLS 1.2 then TLS 1.3 session" \
+            "$P_SRV" \
+            "( $P_CLI force_version=tls12; \
+               $P_CLI force_version=tls13 )" \
+            0 \
+            -s "Protocol is TLSv1.2" \
+            -s "Protocol is TLSv1.3" \
+
 requires_openssl_tls1_3_with_compatible_ephemeral
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_CLI_C