RSA-PSK ciphersuites: only use under TLS1.2
When RSA-PSK ciphersuites are requested restrict the supported TLS versions to TLS1.2 or earlier. To test that, the tls12-server-kx-neg.c is ported to run under TLS1.3, and verify whether the negotiated version matches the expected.
With that testsuite it was found that under PSK ciphersuites we return an incorrect error code if we have no PSK credentials; that issue is fixed in this patchset.
Checklist
-
Code modified for feature -
Test suite updated with functionality tests
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md -
This feature/change has adequate documentation added -
No obvious mistakes in the code