Update TLS 1.3 HelloRetryRequest, add CipherCipherSpec

Use same handshake type of ServerHello, add ChangeCipherSpec, compatible with OpeNSSL
2026-05-29 19:56:16 +08:00 · 2026-05-24 20:17:43 +08:00
parent 020896dbd0
commit 828a93e907
6 changed files with 1276 additions and 1491 deletions
--- a/tools/tls13_server.c
+++ b/tools/tls13_server.c
@@ -151,7 +151,7 @@ static const char *help =
 "\n"
 "    /usr/local/bin/openssl s_server -accept 4430 -cert p256signcert.pem -cert_chain p256cacert.pem -key p256signkey.exp \\\n"
 "       -tls1_3 -ciphersuites TLS_AES_128_GCM_SHA256 -named_curve prime256v1 \\\n"
-"       -trace -keylogfile sslkeys.log\n"
+"       -trace\n"
 "\n"
 "    /usr/local/bin/openssl s_client -connect 127.0.0.1:4430 -tls1_3 -CAfile p256rootcacert.pem -groups prime256v1 -trace\n"
 "\n"
@@ -364,18 +364,12 @@ int tls13_server_main(int argc , char **argv)
 		} else if (!strcmp(*argv, "-cert")) {
 			if (--argc < 1) goto bad;
 			certfile = *(++argv);
-
-			error_print();
-
 			if (certfiles_cnt >= sizeof(certfiles)/sizeof(certfiles[0])) {
 				error_print();
 				return -1;
 			}
 			certfiles[certfiles_cnt++] = certfile;

-
-			fprintf(stderr, "111certfiles_cnt = %zu\n", certfiles_cnt);
-
 		} else if (!strcmp(*argv, "-key")) {
 			if (--argc < 1) goto bad;
 			keyfile = *(++argv);