1285612Sdelphij#! /usr/bin/env perl 2182007Sroberto# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. 3285612Sdelphij# 4285612Sdelphij# Licensed under the OpenSSL license (the "License"). You may not use 5285612Sdelphij# this file except in compliance with the License. You can obtain a copy 6285612Sdelphij# in the file LICENSE in the source distribution or at 7182007Sroberto# https://www.openssl.org/source/license.html 8285612Sdelphij 9316722Sdelphijuse strict; 10285612Sdelphijuse OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 11285612Sdelphijuse OpenSSL::Test::Utils; 12285612Sdelphijuse File::Temp qw(tempfile); 13285612Sdelphijuse TLSProxy::Proxy; 14316722Sdelphijuse checkhandshake qw(checkhandshake @handmessages @extensions); 15285612Sdelphij 16316722Sdelphijmy $test_name = "test_tls13messages"; 17316722Sdelphijsetup($test_name); 18285612Sdelphij 1954359Srobertoplan skip_all => "TLSProxy isn't usable on $^O" 20285612Sdelphij if $^O =~ /^(VMS)$/; 21285612Sdelphij 22285612Sdelphijplan skip_all => "$test_name needs the dynamic engine feature enabled" 23285612Sdelphij if disabled("engine") || disabled("dynamic-engine"); 24330567Sgordon 25182007Srobertoplan skip_all => "$test_name needs the sock feature enabled" 26285612Sdelphij if disabled("sock"); 27330567Sgordon 28330567Sgordonplan skip_all => "$test_name needs TLSv1.3 enabled" 29330567Sgordon if disabled("tls1_3"); 30330567Sgordon 31285612Sdelphij$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 32285612Sdelphij$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); 33182007Sroberto 34285612Sdelphij 35285612Sdelphij@handmessages = ( 36285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, 37285612Sdelphij checkhandshake::ALL_HANDSHAKES], 38285612Sdelphij [TLSProxy::Message::MT_SERVER_HELLO, 39285612Sdelphij checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 40285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, 41285612Sdelphij checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 42285612Sdelphij [TLSProxy::Message::MT_SERVER_HELLO, 43285612Sdelphij checkhandshake::ALL_HANDSHAKES], 44285612Sdelphij [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, 45285612Sdelphij checkhandshake::ALL_HANDSHAKES], 46285612Sdelphij [TLSProxy::Message::MT_CERTIFICATE_REQUEST, 47285612Sdelphij checkhandshake::CLIENT_AUTH_HANDSHAKE], 48285612Sdelphij [TLSProxy::Message::MT_CERTIFICATE, 49285612Sdelphij checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 50285612Sdelphij [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 51285612Sdelphij checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 52285612Sdelphij [TLSProxy::Message::MT_FINISHED, 53285612Sdelphij checkhandshake::ALL_HANDSHAKES], 54285612Sdelphij [TLSProxy::Message::MT_CERTIFICATE, 55285612Sdelphij checkhandshake::CLIENT_AUTH_HANDSHAKE], 56285612Sdelphij [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 57285612Sdelphij checkhandshake::CLIENT_AUTH_HANDSHAKE], 58285612Sdelphij [TLSProxy::Message::MT_FINISHED, 59285612Sdelphij checkhandshake::ALL_HANDSHAKES], 60285612Sdelphij [0, 0] 61285612Sdelphij); 62285612Sdelphij 63285612Sdelphij@extensions = ( 64285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 65285612Sdelphij TLSProxy::Message::CLIENT, 66285612Sdelphij checkhandshake::SERVER_NAME_CLI_EXTENSION], 67285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 68285612Sdelphij TLSProxy::Message::CLIENT, 69285612Sdelphij checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 70285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 71285612Sdelphij TLSProxy::Message::CLIENT, 72285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 73285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 74285612Sdelphij TLSProxy::Message::CLIENT, 75182007Sroberto checkhandshake::DEFAULT_EXTENSIONS], 7654359Sroberto [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 77285612Sdelphij TLSProxy::Message::CLIENT, 78285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 79182007Sroberto [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 80285612Sdelphij TLSProxy::Message::CLIENT, 81285612Sdelphij checkhandshake::ALPN_CLI_EXTENSION], 82182007Sroberto [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 83182007Sroberto TLSProxy::Message::CLIENT, 8454359Sroberto checkhandshake::SCT_CLI_EXTENSION], 85285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 86182007Sroberto TLSProxy::Message::CLIENT, 87285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 88285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 89182007Sroberto TLSProxy::Message::CLIENT, 90285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 91285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 92285612Sdelphij TLSProxy::Message::CLIENT, 9354359Sroberto checkhandshake::DEFAULT_EXTENSIONS], 94285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 9554359Sroberto TLSProxy::Message::CLIENT, 96285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 97285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 98182007Sroberto TLSProxy::Message::CLIENT, 99285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 100285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 101285612Sdelphij TLSProxy::Message::CLIENT, 102285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 103285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 104285612Sdelphij TLSProxy::Message::CLIENT, 105285612Sdelphij checkhandshake::PSK_CLI_EXTENSION], 106285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, 107285612Sdelphij TLSProxy::Message::CLIENT, 108285612Sdelphij checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], 109285612Sdelphij 110285612Sdelphij [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 111285612Sdelphij TLSProxy::Message::SERVER, 112285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 113285612Sdelphij [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 114285612Sdelphij TLSProxy::Message::SERVER, 115285612Sdelphij checkhandshake::KEY_SHARE_HRR_EXTENSION], 116285612Sdelphij 117285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 118285612Sdelphij TLSProxy::Message::CLIENT, 119285612Sdelphij checkhandshake::SERVER_NAME_CLI_EXTENSION], 120285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 121285612Sdelphij TLSProxy::Message::CLIENT, 122285612Sdelphij checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 123285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 124285612Sdelphij TLSProxy::Message::CLIENT, 125285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 126285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 127285612Sdelphij TLSProxy::Message::CLIENT, 128285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 129285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 130285612Sdelphij TLSProxy::Message::CLIENT, 131285612Sdelphij checkhandshake::DEFAULT_EXTENSIONS], 132285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 133285612Sdelphij TLSProxy::Message::CLIENT, 134285612Sdelphij checkhandshake::ALPN_CLI_EXTENSION], 135285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 136285612Sdelphij TLSProxy::Message::CLIENT, 137285612Sdelphij checkhandshake::SCT_CLI_EXTENSION], 138285612Sdelphij [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 139 TLSProxy::Message::CLIENT, 140 checkhandshake::DEFAULT_EXTENSIONS], 141 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 142 TLSProxy::Message::CLIENT, 143 checkhandshake::DEFAULT_EXTENSIONS], 144 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 145 TLSProxy::Message::CLIENT, 146 checkhandshake::DEFAULT_EXTENSIONS], 147 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 148 TLSProxy::Message::CLIENT, 149 checkhandshake::DEFAULT_EXTENSIONS], 150 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 151 TLSProxy::Message::CLIENT, 152 checkhandshake::DEFAULT_EXTENSIONS], 153 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 154 TLSProxy::Message::CLIENT, 155 checkhandshake::DEFAULT_EXTENSIONS], 156 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 157 TLSProxy::Message::CLIENT, 158 checkhandshake::PSK_CLI_EXTENSION], 159 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, 160 TLSProxy::Message::CLIENT, 161 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], 162 163 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 164 TLSProxy::Message::SERVER, 165 checkhandshake::DEFAULT_EXTENSIONS], 166 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 167 TLSProxy::Message::SERVER, 168 checkhandshake::DEFAULT_EXTENSIONS], 169 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, 170 TLSProxy::Message::SERVER, 171 checkhandshake::PSK_SRV_EXTENSION], 172 173 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME, 174 TLSProxy::Message::SERVER, 175 checkhandshake::SERVER_NAME_SRV_EXTENSION], 176 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN, 177 TLSProxy::Message::SERVER, 178 checkhandshake::ALPN_SRV_EXTENSION], 179 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 180 TLSProxy::Message::SERVER, 181 checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION], 182 183 [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS, 184 TLSProxy::Message::SERVER, 185 checkhandshake::DEFAULT_EXTENSIONS], 186 187 [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, 188 TLSProxy::Message::SERVER, 189 checkhandshake::STATUS_REQUEST_SRV_EXTENSION], 190 [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT, 191 TLSProxy::Message::SERVER, 192 checkhandshake::SCT_SRV_EXTENSION], 193 194 [0,0,0,0] 195); 196 197my $proxy = TLSProxy::Proxy->new( 198 undef, 199 cmdstr(app(["openssl"]), display => 1), 200 srctop_file("apps", "server.pem"), 201 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 202); 203 204#Test 1: Check we get all the right messages for a default handshake 205(undef, my $session) = tempfile(); 206$proxy->serverconnects(2); 207$proxy->clientflags("-sess_out ".$session); 208$proxy->sessionfile($session); 209$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 210plan tests => 17; 211checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 212 checkhandshake::DEFAULT_EXTENSIONS, 213 "Default handshake test"); 214 215#Test 2: Resumption handshake 216$proxy->clearClient(); 217$proxy->clientflags("-sess_in ".$session); 218$proxy->clientstart(); 219checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 220 (checkhandshake::DEFAULT_EXTENSIONS 221 | checkhandshake::PSK_CLI_EXTENSION 222 | checkhandshake::PSK_SRV_EXTENSION), 223 "Resumption handshake test"); 224 225SKIP: { 226 skip "No OCSP support in this OpenSSL build", 4 227 if disabled("ct") || disabled("ec") || disabled("ocsp"); 228 #Test 3: A status_request handshake (client request only) 229 $proxy->clear(); 230 $proxy->clientflags("-status"); 231 $proxy->start(); 232 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 233 checkhandshake::DEFAULT_EXTENSIONS 234 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION, 235 "status_request handshake test (client)"); 236 237 #Test 4: A status_request handshake (server support only) 238 $proxy->clear(); 239 $proxy->serverflags("-status_file " 240 .srctop_file("test", "recipes", "ocsp-response.der")); 241 $proxy->start(); 242 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 243 checkhandshake::DEFAULT_EXTENSIONS, 244 "status_request handshake test (server)"); 245 246 #Test 5: A status_request handshake (client and server) 247 $proxy->clear(); 248 $proxy->clientflags("-status"); 249 $proxy->serverflags("-status_file " 250 .srctop_file("test", "recipes", "ocsp-response.der")); 251 $proxy->start(); 252 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 253 checkhandshake::DEFAULT_EXTENSIONS 254 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 255 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 256 "status_request handshake test"); 257 258 #Test 6: A status_request handshake (client and server) with client auth 259 $proxy->clear(); 260 $proxy->clientflags("-status -enable_pha -cert " 261 .srctop_file("apps", "server.pem")); 262 $proxy->serverflags("-Verify 5 -status_file " 263 .srctop_file("test", "recipes", "ocsp-response.der")); 264 $proxy->start(); 265 checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, 266 checkhandshake::DEFAULT_EXTENSIONS 267 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 268 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION 269 | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, 270 "status_request handshake with client auth test"); 271} 272 273#Test 7: A client auth handshake 274$proxy->clear(); 275$proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem")); 276$proxy->serverflags("-Verify 5"); 277$proxy->start(); 278checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, 279 checkhandshake::DEFAULT_EXTENSIONS | 280 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, 281 "Client auth handshake test"); 282 283#Test 8: Server name handshake (no client request) 284$proxy->clear(); 285$proxy->clientflags("-noservername"); 286$proxy->start(); 287checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 288 checkhandshake::DEFAULT_EXTENSIONS 289 & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, 290 "Server name handshake test (client)"); 291 292#Test 9: Server name handshake (server support only) 293$proxy->clear(); 294$proxy->clientflags("-noservername"); 295$proxy->serverflags("-servername testhost"); 296$proxy->start(); 297checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 298 checkhandshake::DEFAULT_EXTENSIONS 299 & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, 300 "Server name handshake test (server)"); 301 302#Test 10: Server name handshake (client and server) 303$proxy->clear(); 304$proxy->clientflags("-servername testhost"); 305$proxy->serverflags("-servername testhost"); 306$proxy->start(); 307checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 308 checkhandshake::DEFAULT_EXTENSIONS 309 | checkhandshake::SERVER_NAME_SRV_EXTENSION, 310 "Server name handshake test"); 311 312#Test 11: ALPN handshake (client request only) 313$proxy->clear(); 314$proxy->clientflags("-alpn test"); 315$proxy->start(); 316checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 317 checkhandshake::DEFAULT_EXTENSIONS 318 | checkhandshake::ALPN_CLI_EXTENSION, 319 "ALPN handshake test (client)"); 320 321#Test 12: ALPN handshake (server support only) 322$proxy->clear(); 323$proxy->serverflags("-alpn test"); 324$proxy->start(); 325checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 326 checkhandshake::DEFAULT_EXTENSIONS, 327 "ALPN handshake test (server)"); 328 329#Test 13: ALPN handshake (client and server) 330$proxy->clear(); 331$proxy->clientflags("-alpn test"); 332$proxy->serverflags("-alpn test"); 333$proxy->start(); 334checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 335 checkhandshake::DEFAULT_EXTENSIONS 336 | checkhandshake::ALPN_CLI_EXTENSION 337 | checkhandshake::ALPN_SRV_EXTENSION, 338 "ALPN handshake test"); 339 340SKIP: { 341 skip "No CT, EC or OCSP support in this OpenSSL build", 1 342 if disabled("ct") || disabled("ec") || disabled("ocsp"); 343 344 #Test 14: SCT handshake (client request only) 345 $proxy->clear(); 346 #Note: -ct also sends status_request 347 $proxy->clientflags("-ct"); 348 $proxy->serverflags("-status_file " 349 .srctop_file("test", "recipes", "ocsp-response.der") 350 ." -serverinfo ".srctop_file("test", "serverinfo2.pem")); 351 $proxy->start(); 352 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 353 checkhandshake::DEFAULT_EXTENSIONS 354 | checkhandshake::SCT_CLI_EXTENSION 355 | checkhandshake::SCT_SRV_EXTENSION 356 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 357 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 358 "SCT handshake test"); 359} 360 361#Test 15: HRR Handshake 362$proxy->clear(); 363$proxy->serverflags("-curves P-256"); 364$proxy->start(); 365checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE, 366 checkhandshake::DEFAULT_EXTENSIONS 367 | checkhandshake::KEY_SHARE_HRR_EXTENSION, 368 "HRR handshake test"); 369 370#Test 16: Resumption handshake with HRR 371$proxy->clear(); 372$proxy->clientflags("-sess_in ".$session); 373$proxy->serverflags("-curves P-256"); 374$proxy->start(); 375checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 376 (checkhandshake::DEFAULT_EXTENSIONS 377 | checkhandshake::KEY_SHARE_HRR_EXTENSION 378 | checkhandshake::PSK_CLI_EXTENSION 379 | checkhandshake::PSK_SRV_EXTENSION), 380 "Resumption handshake with HRR test"); 381 382#Test 17: Acceptable but non preferred key_share 383$proxy->clear(); 384$proxy->clientflags("-curves P-256"); 385$proxy->start(); 386checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 387 checkhandshake::DEFAULT_EXTENSIONS 388 | checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION, 389 "Acceptable but non preferred key_share"); 390 391unlink $session; 392