DHE Speed Up

1. Modify all the test configuration files to disable the DHE prime test.
2. Add a test configuration that tests three cipher suites with the DHE prime test enabled.

tests/test-ed25519.conf

@@ -3,12 +3,14 @@
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/ed25519/server-ed25519.pem
 -k ./certs/ed25519/server-ed25519-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -A ./certs/ed25519/root-ed25519.pem
 -C
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
@@ -18,6 +20,7 @@
 -A ./certs/ed25519/client-ed25519.pem
 -V
 # Remove -V when CRL for ED25519 certificates available.
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
@@ -26,18 +29,21 @@
 -k ./certs/ed25519/client-ed25519-key.pem
 -A ./certs/ed25519/root-ed25519.pem
 -C
+-2
 
 # server TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -c ./certs/ed25519/server-ed25519.pem
 -k ./certs/ed25519/server-ed25519-key.pem
+-2
 
 # client TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -A ./certs/ed25519/root-ed25519.pem
 -C
+-2
 
 # Enable when CRL for ED25519 certificates available.
 # server TLSv1.3 TLS13-AES128-GCM-SHA256
@@ -48,6 +54,7 @@
 -A ./certs/ed25519/client-ed25519.pem
 -V
 # Remove -V when CRL for ED25519 certificates available.
+-2
 
 # client TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4
@@ -56,4 +63,5 @@
 -k ./certs/ed25519/client-ed25519-key.pem
 -A ./certs/ed25519/root-ed25519.pem
 -C
+-2
 

tests/test-enckeys.conf

@@ -1,40 +1,49 @@
 # server RSA encrypted key
 -v 3
 -k ./certs/server-keyEnc.pem
+-2
 
 # client RSA encrypted key
 -v 3
 -k ./certs/client-keyEnc.pem
+-2
 
 # server RSA encrypted key PKCS8
 -v 3
 -k ./certs/server-keyPkcs8Enc.pem
+-2
 
 # client RSA encrypted key
 -v 3
 -k ./certs/client-keyEnc.pem
+-2
 
 # server RSA encrypted key PKCS8 2
 -v 3
 -k ./certs/server-keyPkcs8Enc2.pem
+-2
 
 # client RSA encrypted key
 -v 3
 -k ./certs/client-keyEnc.pem
+-2
 
 # server RSA encrypted key PKCS8 12
 -v 3
 -k ./certs/server-keyPkcs8Enc12.pem
+-2
 
 # client RSA encrypted key
 -v 3
 -k ./certs/client-keyEnc.pem
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 PKCS8 encrypted key
 -v 3
 -l ECDHE-ECDSA-AES128-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-keyPkcs8Enc.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
 -v 3

tests/test-fails.conf

@@ -5,6 +5,7 @@
 -k ./certs/server-key.pem
 -c ./certs/test/server-badcnnull.pem
 -d
+-2
 
 # client bad certificate common name has null
 -v 3
@@ -13,6 +14,7 @@
 -A ./certs/test/server-badcnnull.pem
 -m
 -x
+-2
 
 # server bad certificate alternate name has null
 -v 3
@@ -20,6 +22,7 @@
 -k ./certs/server-key.pem
 -c ./certs/test/server-badaltnull.pem
 -d
+-2
 
 # client bad certificate alternate name has null
 -v 3
@@ -28,6 +31,7 @@
 -A ./certs/test/server-badaltnull.pem
 -m
 -x
+-2
 
 # server nomatch common name
 -v 3
@@ -35,6 +39,7 @@
 -k ./certs/server-key.pem
 -c ./certs/test/server-badcn.pem
 -d
+-2
 
 # client nomatch common name
 -v 3
@@ -43,6 +48,7 @@
 -A ./certs/test/server-badcn.pem
 -m
 -x
+-2
 
 # server nomatch alternate name
 -v 3
@@ -50,6 +56,7 @@
 -k ./certs/server-key.pem
 -c ./certs/test/server-badaltname.pem
 -d
+-2
 
 # client nomatch alternate name
 -v 3
@@ -58,47 +65,57 @@
 -A ./certs/test/server-badaltname.pem
 -m
 -x
+-2
 
 # server RSA no signer error
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
+-2
 
 # client RSA no signer error
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 -A ./certs/client-cert.pem
+-2
 
 # server ECC no signer error
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
+-2
 
 # client ECC no signer error
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -A ./certs/client-ecc-cert.pem
+-2
 
 # server RSA bad sig error
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 -c ./certs/test/server-cert-rsa-badsig.pem
+-2
 
 # client RSA bad sig error
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
+-2
 
 # server ECC bad sig error
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/test/server-cert-ecc-badsig.pem
+-2
 
 # client ECC bad sig error
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
+-2
 
 # server missing CN from alternate names list
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 -c ./certs/test/server-garbage.pem
+-2
 
 # client missing CN from alternate names list
 -v 3
@@ -106,44 +123,53 @@
 -h localhost
 -A ./certs/test/server-garbage.pem
 -m
+-2
 
 # Verify Callback Failure Tests
 # no error going into callback, return error
 # server
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
+-2
 
 # client verify should fail
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 -H verifyFail
+-2
 
 # server verify should fail
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 -H verifyFail
+-2
 
 # client
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
+-2
 
 # server
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
+-2
 
 # client verify should fail
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -H verifyFail
+-2
 
 # server verify should fail
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -H verifyFail
+-2
 
 # client
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
+-2
 
 # error going into callback, return error
 # server
@@ -151,17 +177,20 @@
 -l ECDHE-RSA-AES128-GCM-SHA256
 -c ./certs/test/server-cert-rsa-badsig.pem
 -k ./certs/server-key.pem
+-2
 
 # client verify should fail
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 -H verifyFail
+-2
 
 # server
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/test/server-cert-ecc-badsig.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client verify should fail
 -v 3

tests/test-maxfrag-dtls.conf

@@ -4,6 +4,7 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -11,28 +12,33 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 1
+-2
 
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 1
+-2
 
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 1
+-2
 
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -40,6 +46,7 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -47,28 +54,33 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 2
+-2
 
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 2
+-2
 
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 2
+-2
 
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -76,6 +88,7 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -83,28 +96,33 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 3
+-2
 
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 3
+-2
 
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 3
+-2
 
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -112,6 +130,7 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -119,28 +138,33 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 4
+-2
 
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 4
+-2
 
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 4
+-2
 
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -148,6 +172,7 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -155,28 +180,33 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 5
+-2
 
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 5
+-2
 
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 5
+-2
 
 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -184,6 +214,7 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -u
@@ -191,22 +222,26 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 6
+-2
 
 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 6
+-2
 
 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -u

tests/test-maxfrag.conf

@@ -3,175 +3,210 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 1
+-2
 
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 1
+-2
 
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 1
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 2
+-2
 
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 2
+-2
 
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 2
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 3
+-2
 
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 3
+-2
 
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 3
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 4
+-2
 
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 4
+-2
 
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 4
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 5
+-2
 
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 5
+-2
 
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 -F 5
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
 -F 6
+-2
 
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -F 6
+-2
 
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3

tests/test-psk-no-id.conf

@@ -3,263 +3,311 @@
 -I
 -v 3
 -l PSK-CHACHA20-POLY1305
+-2
 
 # No Hint client TLSv1.2 PSK-CHACHA20-POLY1305
 -s
 -v 3
 -l PSK-CHACHA20-POLY1305
+-2
 
 # No Hint server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
 -s
 -I
 -v 3
 -l DHE-PSK-CHACHA20-POLY1305
+-2
 
 # No Hint client TLSv1.2 DHE-PSK-CHACHA20-POLY1305
 -s
 -v 3
 -l DHE-PSK-CHACHA20-POLY1305
+-2
 
 # No Hint server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
 -s
 -I
 -v 3
 -l ECDHE-PSK-CHACHA20-POLY1305
+-2
 
 # No Hint client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
 -s
 -v 3
 -l ECDHE-PSK-CHACHA20-POLY1305
+-2
 
 # No Hint server TLSv1 ECDHE-PSK-AES128-SHA256
 -s
 -I
 -v 1
 -l ECDHE-PSK-AES128-SHA256
+-2
 
 # No Hint client TLSv1 ECDHE-PSK-AES128-SHA256
 -s
 -v 1
 -l ECDHE-PSK-AES128-SHA256
+-2
 
 # No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256
 -s
 -I
 -v 2
 -l ECDHE-PSK-AES128-SHA256
+-2
 
 # No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256
 -s
 -v 2
 -l ECDHE-PSK-AES128-SHA256
+-2
 
 # No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256
 -s
 -I
 -v 3
 -l ECDHE-PSK-AES128-SHA256
+-2
 
 # No Hint client TLSv1.2 ECDHE-PSK-AES128-SHA256
 -s
 -v 3
 -l ECDHE-PSK-AES128-SHA256
+-2
 
 # No Hint server TLSv1 ECDHE-PSK-NULL-SHA256
 -s
 -I
 -v 1
 -l ECDHE-PSK-NULL-SHA256
+-2
 
 # No Hint client TLSv1 ECDHE-PSK-NULL-SHA256
 -s
 -v 1
 -l ECDHE-PSK-NULL-SHA256
+-2
 
 # No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256
 -s
 -I
 -v 2
 -l ECDHE-PSK-NULL-SHA256
+-2
 
 # No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256
 -s
 -v 2
 -l ECDHE-PSK-NULL-SHA256
+-2
 
 # No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256
 -s
 -I
 -v 3
 -l ECDHE-PSK-NULL-SHA256
+-2
 
 # No Hint client TLSv1.2 ECDHE-PSK-NULL-SHA256
 -s
 -v 3
 -l ECDHE-PSK-NULL-SHA256
+-2
 
 # No Hint server TLSv1 PSK-AES128
 -s
 -I
 -v 1
 -l PSK-AES128-CBC-SHA
+-2
 
 # No Hint client TLSv1 PSK-AES128
 -s
 -v 1
 -l PSK-AES128-CBC-SHA
+-2
 
 # No Hint server TLSv1 PSK-AES256
 -s
 -I
 -v 1
 -l PSK-AES256-CBC-SHA
+-2
 
 # No Hint client TLSv1 PSK-AES256
 -s
 -v 1
 -l PSK-AES256-CBC-SHA
+-2
 
 # No Hint server TLSv1.1 PSK-AES128
 -s
 -I
 -v 2
 -l PSK-AES128-CBC-SHA
+-2
 
 # No Hint client TLSv1.1 PSK-AES128
 -s
 -v 2
 -l PSK-AES128-CBC-SHA
+-2
 
 # No Hint server TLSv1.1 PSK-AES256
 -s
 -I
 -v 2
 -l PSK-AES256-CBC-SHA
+-2
 
 # No Hint client TLSv1.1 PSK-AES256
 -s
 -v 2
 -l PSK-AES256-CBC-SHA
+-2
 
 # No Hint server TLSv1.2 PSK-AES128
 -s
 -I
 -v 3
 -l PSK-AES128-CBC-SHA
+-2
 
 # No Hint client TLSv1.2 PSK-AES128
 -s
 -v 3
 -l PSK-AES128-CBC-SHA
+-2
 
 # No Hint server TLSv1.2 PSK-AES256
 -s
 -I
 -v 3
 -l PSK-AES256-CBC-SHA
+-2
 
 # No Hint client TLSv1.2 PSK-AES256
 -s
 -v 3
 -l PSK-AES256-CBC-SHA
+-2
 
 # No Hint server TLSv1.0 PSK-AES128-SHA256
 -s
 -I
 -v 1
 -l PSK-AES128-CBC-SHA256
+-2
 
 # No Hint client TLSv1.0 PSK-AES128-SHA256
 -s
 -v 1
 -l PSK-AES128-CBC-SHA256
+-2
 
 # No Hint server TLSv1.1 PSK-AES128-SHA256
 -s
 -I
 -v 2
 -l PSK-AES128-CBC-SHA256
+-2
 
 # No Hint client TLSv1.1 PSK-AES128-SHA256
 -s
 -v 2
 -l PSK-AES128-CBC-SHA256
+-2
 
 # No Hint server TLSv1.2 PSK-AES128-SHA256
 -s
 -I
 -v 3
 -l PSK-AES128-CBC-SHA256
+-2
 
 # No Hint client TLSv1.2 PSK-AES128-SHA256
 -s
 -v 3
 -l PSK-AES128-CBC-SHA256
+-2
 
 # No Hint server TLSv1.0 PSK-AES256-SHA384
 -s
 -I
 -v 1
 -l PSK-AES256-CBC-SHA384
+-2
 
 # No Hint client TLSv1.0 PSK-AES256-SHA384
 -s
 -v 1
 -l PSK-AES256-CBC-SHA384
+-2
 
 # No Hint server TLSv1.1 PSK-AES256-SHA384
 -s
 -I
 -v 2
 -l PSK-AES256-CBC-SHA384
+-2
 
 # No Hint client TLSv1.1 PSK-AES256-SHA384
 -s
 -v 2
 -l PSK-AES256-CBC-SHA384
+-2
 
 # No Hint server TLSv1.2 PSK-AES256-SHA384
 -s
 -I
 -v 3
 -l PSK-AES256-CBC-SHA384
+-2
 
 # No Hint client TLSv1.2 PSK-AES256-SHA384
 -s
 -v 3
 -l PSK-AES256-CBC-SHA384
+-2
 
 # server TLSv1.2 PSK-AES128-GCM-SHA256
 -s
 -I
 -v 3
 -l PSK-AES128-GCM-SHA256
+-2
 
 # client TLSv1.2 PSK-AES128-GCM-SHA256
 -s
 -v 3
 -l PSK-AES128-GCM-SHA256
+-2
 
 # server TLSv1.2 PSK-AES256-GCM-SHA384
 -s
 -I
 -v 3
 -l PSK-AES256-GCM-SHA384
+-2
 
 # client TLSv1.2 PSK-AES256-GCM-SHA384
 -s
 -v 3
 -l PSK-AES256-GCM-SHA384
+-2
 
 # server TLSv1.3 AES128-GCM-SHA256
 -s
 -v 4
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # client TLSv1.3 AES128-GCM-SHA256
 -s
 -v 4
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # server TLSv1.3 accepting EarlyData using PSK
 -v 4
@@ -267,6 +315,7 @@
 -r
 -s
 -0
+-2
 
 # client TLSv1.3 sending EarlyData using PSK
 -v 4
@@ -274,12 +323,14 @@
 -r
 -s
 -0
+-2
 
 # server TLSv1.3 not accepting EarlyData using PSK
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
 -s
+-2
 
 # client TLSv1.3 sending EarlyData using PSK
 -v 4
@@ -287,6 +338,7 @@
 -r
 -s
 -0
+-2
 
 # server TLSv1.3 accepting EarlyData using PSK
 -v 4
@@ -294,6 +346,7 @@
 -r
 -s
 -0
+-2
 
 # client TLSv1.3 not sending EarlyData using PSK
 -v 4

tests/test-psk.conf

@@ -1,6 +1,7 @@
 # server - PSK plus certificates
 -j
 -l PSK-CHACHA20-POLY1305
+-2
 
 # client- standard PSK
 -s

tests/test-sig.conf

@@ -3,215 +3,254 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1 ECDHE-ECDSA-DES3
 -v 1
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1 ECDHE-ECDSA-AES128
 -v 1
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1 ECDHE-ECDSA-AES128
 -v 1
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/ca-ecc-cert.pem
+-2
 
 # server TLSv1 ECDHE-ECDSA-AES128
 -v 1
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1 ECDHE-ECDSA-AES128
 -v 1
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1 ECDHE-ECDSA-AES256
 -v 1
 -l ECDHE-ECDSA-AES256-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1 ECDHE-ECDSA-AES256
 -v 1
 -l ECDHE-ECDSA-AES256-SHA
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.1 ECDHE-ECDSA-DES3
 -v 2
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.1 ECDHE-ECDSA-DES3
 -v 2
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.1 ECDHE-ECDSA-AES128
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.1 ECDHE-ECDSA-AES128
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/ca-ecc-cert.pem
+-2
 
 # server TLSv1.1 ECDHE-ECDSA-AES128
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.1 ECDHE-ECDSA-AES128
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.1 ECDHE-ECDSA-AES256
 -v 2
 -l ECDHE-ECDSA-AES256-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.1 ECDHE-ECDSA-AES256
 -v 2
 -l ECDHE-ECDSA-AES256-SHA
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-DES3
 -v 3
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-DES3
 -v 3
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES128
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES128
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/ca-ecc-cert.pem
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-SHA256
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES256
 -v 3
 -l ECDHE-ECDSA-AES256-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES256
 -v 3
 -l ECDHE-ECDSA-AES256-SHA
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305
 -v 3
 -l ECDHE-ECDSA-CHACHA20-POLY1305
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
 -v 3
 -l ECDHE-ECDSA-CHACHA20-POLY1305
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256
 -v 3
 -l ECDH-ECDSA-AES128-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256
 -v 3
 -l ECDH-ECDSA-AES128-SHA256
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDH-ECDSA-AES256
 -v 3
 -l ECDH-ECDSA-AES256-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDH-ECDSA-AES256
 -v 3
 -l ECDH-ECDSA-AES256-SHA
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-privkey.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM
 -v 3
 -l ECDHE-ECDSA-AES128-CCM
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM
 -v 3
 -l ECDHE-ECDSA-AES128-CCM
 -A ./certs/ca-cert.pem
+-2
 
 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
 -v 3
 -l ECDHE-ECDSA-AES128-CCM-8
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
 -v 3

tests/test-tls13-down.conf

@@ -2,43 +2,55 @@
 # server TLSv1.3 downgrade
 #-v d
 #-l TLS13-CHACHA20-POLY1305-SHA256
+-2
 
 # client TLSv1.2
 #-v 3
+-2
 
 # server TLSv1.2
 -v 3
+-2
 
 # client TLSv1.3 downgrade
 -v d
+-2
 
 # server TLSv1.3 downgrade
 -v d
+-2
 
 # client TLSv1.3 downgrade
 -v d
+-2
 
 # server TLSv1.3 downgrade but don't and resume
 -v d
 -r
+-2
 
 # client TLSv1.3 downgrade but don't and resume
 -v d
 -r
+-2
 
 # server TLSv1.3 downgrade and resume
 -v d
 -r
+-2
 
 # client TLSv1.2 and resume
 -v 3
 -r
+-2
 
 # server TLSv1.2 and resume
 -v d
 -r
+-2
 
 # lcient TLSv1.3 downgrade and resume
 -v 3
 -r
+-2
 

tests/test-tls13-ecc.conf

@@ -3,55 +3,65 @@
 -l TLS13-CHACHA20-POLY1305-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256
 -v 4
 -l TLS13-CHACHA20-POLY1305-SHA256
 -A ./certs/ca-ecc-cert.pem
+-2
 
 # server TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -A ./certs/ca-ecc-cert.pem
+-2
 
 # server TLSv1.3 TLS13-AES256-GCM-SHA384
 -v 4
 -l TLS13-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.3 TLS13-AES256-GCM-SHA384
 -v 4
 -l TLS13-AES256-GCM-SHA384
 -A ./certs/ca-ecc-cert.pem
+-2
 
 # server TLSv1.3 TLS13-AES128-CCM-SHA256
 -v 4
 -l TLS13-AES128-CCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.3 TLS13-AES128-CCM-SHA256
 -v 4
 -l TLS13-AES128-CCM-SHA256
 -A ./certs/ca-ecc-cert.pem
+-2
 
 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256
 -v 4
 -l TLS13-AES128-CCM-8-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
+-2
 
 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256
 -v 4
 -l TLS13-AES128-CCM-8-SHA256
 -A ./certs/ca-ecc-cert.pem
+-2
 
 # server TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4
@@ -59,12 +69,14 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 -t
+-2
 
 # client TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -A ./certs/ca-ecc-cert.pem
 -t
+-2
 
 # server TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4
@@ -72,6 +84,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 -Y
+-2
 
 # client TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4

tests/test-tls13-psk.conf

@@ -3,28 +3,33 @@
 -s
 -l TLS13-AES128-GCM-SHA256
 -d
+-2
 
 # client TLSv1.3 PSK
 -v 4
 -s
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # server TLSv1.3 PSK
 -v 4
 -j
 -l TLS13-AES128-GCM-SHA256
 -d
+-2
 
 # client TLSv1.3 PSK
 -v 4
 -s
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # server TLSv1.3 PSK
 -v 4
 -j
 -l TLS13-AES128-GCM-SHA256
 -d
+-2
 
 # client TLSv1.3 not-PSK
 -v 4

tests/test-tls13.conf

@@ -1,193 +1,234 @@
 # server TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256
 -v 4
 -l TLS13-CHACHA20-POLY1305-SHA256
+-2
 
 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256
 -v 4
 -l TLS13-CHACHA20-POLY1305-SHA256
+-2
 
 # server TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # client TLSv1.3 TLS13-AES128-GCM-SHA256
 -v 4
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # server TLSv1.3 TLS13-AES256-GCM-SHA384
 -v 4
 -l TLS13-AES256-GCM-SHA384
+-2
 
 # client TLSv1.3 TLS13-AES256-GCM-SHA384
 -v 4
 -l TLS13-AES256-GCM-SHA384
+-2
 
 # server TLSv1.3 TLS13-AES128-CCM-SHA256
 -v 4
 -l TLS13-AES128-CCM-SHA256
+-2
 
 # client TLSv1.3 TLS13-AES128-CCM-SHA256
 -v 4
 -l TLS13-AES128-CCM-SHA256
+-2
 
 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256
 -v 4
 -l TLS13-AES128-CCM-8-SHA256
+-2
 
 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256
 -v 4
 -l TLS13-AES128-CCM-8-SHA256
+-2
 
 # server TLSv1.3 resumption
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
+-2
 
 # client TLSv1.3 resumption
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
+-2
 
 # server TLSv1.3 resumption - SHA384
 -v 4
 -l TLS13-AES256-GCM-SHA384
 -r
+-2
 
 # client TLSv1.3 resumption - SHA384
 -v 4
 -l TLS13-AES256-GCM-SHA384
 -r
+-2
 
 # server TLSv1.3 PSK without (EC)DHE
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
+-2
 
 # client TLSv1.3 PSK without (EC)DHE
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
 -K
+-2
 
 # server TLSv1.3 accepting EarlyData
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
 -0
+-2
 
 # client TLSv1.3 sending EarlyData
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
 -0
+-2
 
 # server TLSv1.3 not accepting EarlyData
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
+-2
 
 # client TLSv1.3 sending EarlyData
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
 -0
+-2
 
 # server TLSv1.3 accepting EarlyData
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
 -0
+-2
 
 # client TLSv1.3 not sending EarlyData
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -r
+-2
 
 # server TLSv1.3
 -v 4
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # client TLSv1.3 Fragments
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -F 1
+-2
 
 # server TLSv1.3
 -v 4
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -J
+-2
 
 # server TLSv1.3
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -J
+-2
 
 # client TLSv1.3 HelloRetryRequest with cookie
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -J
+-2
 
 # server TLSv1.3
 -v 4
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # client TLSv1.3 no client certificate
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -x
+-2
 
 # server TLSv1.3
 -v 4
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # client TLSv1.3 DH key exchange
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -y
+-2
 
 # server TLSv1.3
 -v 4
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # client TLSv1.3 ECC key exchange
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -Y
+-2
 
 # server TLSv1.3
 -v 4
 -l TLS13-AES128-GCM-SHA256
+-2
 
 # client TLSv1.3 ECC key exchange
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -Y
+-2
 
 # server TLSv1.3 multiple cipher suites
 -v 4
 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256
+-2
 
 # client TLSv1.3
 -v 4
+-2
 
 # server TLSv1.3 KeyUpdate
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -U
+-2
 
 # client TLSv1.3 KeyUpdate
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -I
+-2
 
 # server TLSv1.3 Post-Handshake Authentication
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -Q
+-2
 
 # client TLSv1.3 Post-Handshake Authentication
 -v 4