testcompat-openssl: remove hand-written parallelism

Previously, the test used to launch multiple tests in background and
then join them using shell primitives.  That approach makes the test
slower as it cannot benefit from the automake's parallel test harness,
as well as it makes diagnostic harder because the lines in the log
file mix up.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

13 files changed, 1610 insertions, 972 deletions

diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am
index 264d670baf..e85fd61340 100644
--- a/tests/suite/Makefile.am
+++ b/tests/suite/Makefile.am
@@ -43,7 +43,15 @@ scripts_to_test = chain.sh \
 	testcompat-polarssl-serv.sh \
 	testcompat-polarssl-serv-compat.sh \
 	testcompat-polarssl-serv-no-etm.sh \
-	testcompat-openssl.sh \
+	testcompat-openssl-cli.sh \
+	testcompat-openssl-cli-compat.sh \
+	testcompat-openssl-cli-no-etm.sh \
+	testcompat-openssl-serv.sh \
+	testcompat-openssl-serv-compat.sh \
+	testcompat-openssl-serv-no-etm.sh \
+	testcompat-openssl-serv-no-tickets.sh \
+	testcompat-openssl-serv-no-safe-renegotiation.sh \
+	testcompat-openssl-serv-safe-renegotiation.sh \
 	testrandom.sh tls-fuzzer/tls-fuzzer-nocert.sh \
 	tls-fuzzer/tls-fuzzer-cert.sh tls-fuzzer/tls-fuzzer-alpn.sh \
 	tls-fuzzer/tls-fuzzer-nocert-tls13.sh tls-fuzzer/tls-fuzzer-psk.sh \
diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl
deleted file mode 100755
index bc5a602d17..0000000000
--- a/tests/suite/testcompat-main-openssl
+++ /dev/null
@@ -1,970 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2016, Free Software Foundation, Inc.
-# Copyright (c) 2012-2016, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice,
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-: ${SERV=../../src/gnutls-serv${EXEEXT}}
-: ${CLI=../../src/gnutls-cli${EXEEXT}}
-unset RETCODE
-
-if ! test -x "${CLI}"; then
-	exit 77
-fi
-
-if ! test -z "${VALGRIND}"; then
-	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
-fi
-
-if test "${WINDIR}" != ""; then
-	exit 77
-fi
-
-. "${srcdir}/../scripts/common.sh"
-
-: ${PORT=${RPORT}}
-
-: ${OPENSSL=openssl}
-SIGALGS=RSA+SHA1:RSA+SHA256
-
-echo "Compatibility checks using "`${OPENSSL} version`
-${OPENSSL} version|grep -e '1\.[0-9]\..' >/dev/null 2>&1
-if test $? != 0; then
-	echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
-	exit 77
-fi
-
-. "${srcdir}/testcompat-common"
-
-${OPENSSL} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1
-HAVE_X25519=$?
-
-test $HAVE_X25519 != 0 && echo "Disabling interop tests for x25519"
-
-${OPENSSL} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1
-NO_TLS1_2=$?
-
-test $NO_TLS1_2 != 0 && echo "Disabling interop tests for TLS 1.2"
-
-${OPENSSL} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1
-if test $? = 0;then
-	NO_DH_PARAMS=0
-else
-	NO_DH_PARAMS=1
-fi
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e DHE-DSS >/dev/null 2>&1
-NO_DSS=$?
-
-if test $NO_DSS != 0;then
-	echo "Disabling interop tests for DSS ciphersuites"
-else
-	DSA_PARAMS="-dkey ${DSA_KEY} -dcert ${DSA_CERT}"
-	SIGALGS="$SIGALGS:DSA+SHA1:DSA+SHA256"
-fi
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1
-NO_CAMELLIA=$?
-
-test $NO_CAMELLIA != 0 && echo "Disabling interop tests for Camellia ciphersuites"
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e RC4 >/dev/null 2>&1
-NO_RC4=$?
-
-test $NO_RC4 != 0 && echo "Disabling interop tests for RC4 ciphersuites"
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1
-NO_3DES=$?
-
-test $NO_3DES != 0 && echo "Disabling interop tests for 3DES ciphersuites"
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1
-NO_NULL=$?
-
-test $NO_NULL != 0 && echo "Disabling interop tests for NULL ciphersuites"
-
-${OPENSSL} ecparam -list_curves 2>&1|grep -e prime192v1 >/dev/null 2>&1
-NO_PRIME192v1=$?
-
-test $NO_PRIME192v1 != 0 && echo "Disabling interop tests for prime192v1 ecparam"
-
-if test "${NO_DH_PARAMS}" = 0;then
-	OPENSSL_DH_PARAMS_OPT=""
-else
-	OPENSSL_DH_PARAMS_OPT="-dhparam \"${DH_PARAMS}\""
-fi
-
-${OPENSSL} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1
-HAVE_NOT_SSL3=$?
-
-if test $HAVE_NOT_SSL3 = 0;then
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -key "${RSA_KEY}" -cert "${RSA_CERT}" >/dev/null 2>&1
-	PID=$!
-	wait_server ${PID}
-
-	${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 </dev/null 2>&1 | grep "\:error\:" && \
-		HAVE_NOT_SSL3=1
-	kill ${PID}
-	wait
-fi
-
-test $HAVE_NOT_SSL3 != 0 && echo "Disabling interop tests for SSL 3.0"
-
-
-echo "#################################################"
-echo "# Client mode tests (gnutls cli-openssl server) #"
-echo "#################################################"
-
-run_client_suite() {
-	ADD=$1
-	PREFIX=""
-	if ! test -z "${ADD}"; then
-		PREFIX="$(echo $ADD|sed 's/://g'): "
-	fi
-
-	if test "${HAVE_NOT_SSL3}" != 1 && test "${ENABLE_SSL3}" = 1; then
-		# It seems debian disabled SSL 3.0 completely on openssl
-
-		eval "${GETPORT}"
-		launch_bare_server "$OPENSSL" s_server -cipher ALL -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-		PID=$!
-		wait_server ${PID}
-
-		# Test SSL 3.0 with RSA ciphersuite
-		echo "${PREFIX}Checking SSL 3.0 with RSA..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		# Test SSL 3.0 with DHE-RSA ciphersuite
-		echo "${PREFIX}Checking SSL 3.0 with DHE-RSA..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		if test "${NO_DSS}" = 0; then
-			# Test SSL 3.0 with DHE-DSS ciphersuite
-			echo "${PREFIX}Checking SSL 3.0 with DHE-DSS..."
-			${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-				fail ${PID} "Failed"
-		fi
-
-		kill ${PID}
-		wait
-
-		if test "${NO_RC4}" != 1; then
-			eval "${GETPORT}"
-			launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-SHA >/dev/null
-			PID=$!
-			wait_server ${PID}
-
-			echo "${PREFIX}Checking SSL 3.0 with RSA-RC4-SHA..."
-			${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
-				fail ${PID} "Failed"
-
-			kill ${PID}
-			wait
-		fi
-	fi
-
-	if test "${NO_NULL}" = 0; then
-		#-cipher RSA-NULL
-		eval "${GETPORT}"
-		launch_bare_server "$OPENSSL" s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-		PID=$!
-		wait_server ${PID}
-
-		# Test TLS 1.0 with RSA-NULL ciphersuite
-		echo "${PREFIX}Checking TLS 1.0 with RSA-NULL..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-	fi
-
-	#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -cipher "ALL:@SECLEVEL=1" -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-	PID=$!
-	wait_server ${PID}
-
-	# Test TLS 1.0 with RSA ciphersuite
-	if test "${NO_3DES}" != 1; then
-		echo "${PREFIX}Checking TLS 1.0 with RSA and 3DES-CBC..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-	fi
-
-	echo "${PREFIX}Checking TLS 1.0 with RSA and AES-128-CBC..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	echo "${PREFIX}Checking TLS 1.0 with RSA and AES-256-CBC..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	if test "${NO_CAMELLIA}" != 1; then
-		echo "${PREFIX}Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		echo "${PREFIX}Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-	fi
-
-	if test "${NO_DSS}" = 0; then
-		# Test TLS 1.0 with DHE-DSS ciphersuite
-		echo "${PREFIX}Checking TLS 1.0 with DHE-DSS..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-	fi
-
-	# Test TLS 1.0 with DHE-RSA ciphersuite
-	echo "${PREFIX}Checking TLS 1.0 with DHE-RSA..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	# Test TLS 1.0 with DHE-RSA ciphersuite
-	echo "${PREFIX}Checking TLS 1.0 with ECDHE-RSA..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	if test "${FIPS_CURVES}" != 1 && test "${NO_PRIME192v1}" != 1; then
-		eval "${GETPORT}"
-		launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve prime192v1 -CAfile "${CA_CERT}" >/dev/null
-		PID=$!
-		wait_server ${PID}
-
-		# Test TLS 1.2 with ECDHE-ECDSA ciphersuite
-		echo "${PREFIX}Checking TLS 1.0 with ECDHE-RSA (SECP192R1)..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-SECP192R1${ADD}" --insecure </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-
-		#-cipher ECDHE-ECDSA-AES128-SHA
-		eval "${GETPORT}"
-		launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-		PID=$!
-		wait_server ${PID}
-
-		# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-		echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-	fi
-
-	#-cipher ECDHE-ECDSA-AES128-SHA
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-	PID=$!
-	wait_server ${PID}
-
-	# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-	echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	#-cipher ECDHE-ECDSA-AES128-SHA
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-	PID=$!
-	wait_server ${PID}
-
-	# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-	echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	#-cipher PSK
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher 'PSK:@SECLEVEL=1' -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
-	PID=$!
-	wait_server ${PID}
-
-	echo "${PREFIX}Checking TLS 1.0 with PSK..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	if test ${NO_TLS1_2} = 0; then
-		# Tests requiring openssl 1.0.1 - TLS 1.2
-		#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
-		eval "${GETPORT}"
-		launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-		PID=$!
-		wait_server ${PID}
-
-		echo "${PREFIX}Checking TLS 1.2 with RSA and AES-128-GCM..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		echo "${PREFIX}Checking TLS 1.2 with RSA and AES-256-GCM..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		echo "${PREFIX}Checking TLS 1.2 with DHE-RSA..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		if test "${NO_DSS}" = 0; then
-			echo "${PREFIX}Checking TLS 1.2 with DHE-DSS..."
-			${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-				fail ${PID} "Failed"
-		fi
-
-		echo "${PREFIX}Checking TLS 1.2 with ECDHE-RSA..."
-		"${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-
-		if test "${HAVE_X25519}" = 0; then
-			eval "${GETPORT}"
-			launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -curves X25519 -CAfile "${CA_CERT}" >/dev/null
-			PID=$!
-			wait_server ${PID}
-
-			echo "${PREFIX}Checking TLS 1.2 with ECDHE-RSA (X25519)..."
-			${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --insecure --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" </dev/null >/dev/null || \
-				fail ${PID} "Failed"
-
-			kill ${PID}
-			wait
-		fi
-
-		if test "${FIPS_CURVES}" != 1; then
-			#-cipher ECDHE-ECDSA-AES128-SHA
-			eval "${GETPORT}"
-			launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-			PID=$!
-			wait_server ${PID}
-
-			echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
-			${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
-				fail ${PID} "Failed"
-
-			kill ${PID}
-			wait
-		fi
-
-		#-cipher ECDHE-ECDSA-AES128-SHA
-		eval "${GETPORT}"
-		launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-		PID=$!
-		wait_server ${PID}
-
-		echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-
-		if test "${FIPS_CURVES}" != 1; then
-			#-cipher ECDHE-ECDSA-AES128-SHA
-			eval "${GETPORT}"
-			launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-			PID=$!
-			wait_server ${PID}
-
-			echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
-			${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
-				fail ${PID} "Failed"
-
-			kill ${PID}
-			wait
-		fi #FIPS_CURVES
-	fi #NO_TLS1_2
-
-	#-cipher PSK
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
-	PID=$!
-	wait_server ${PID}
-
-	echo "${PREFIX}Checking TLS 1.2 with PSK..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-	PID=$!
-	wait_udp_server ${PID}
-
-	# Test DTLS 1.0 with RSA ciphersuite
-	echo "${PREFIX}Checking DTLS 1.0 with RSA..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-	PID=$!
-	wait_udp_server ${PID}
-
-	# Test DTLS 1.0 with DHE-RSA ciphersuite
-	echo "${PREFIX}Checking DTLS 1.0 with DHE-RSA..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	if test "${NO_DSS}" = 0; then
-		eval "${GETPORT}"
-		launch_bare_server "$OPENSSL" s_server -cipher "ALL:@SECLEVEL=1" -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-		PID=$!
-		wait_udp_server ${PID}
-
-		# Test DTLS 1.0 with DHE-DSS ciphersuite
-		echo "${PREFIX}Checking DTLS 1.0 with DHE-DSS..."
-		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-	fi
-
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-	PID=$!
-	wait_udp_server ${PID}
-
-	echo "${PREFIX}Checking DTLS 1.2 with AES-CBC..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-	PID=$!
-	wait_udp_server ${PID}
-
-	# Test DTLS 1.2 with RSA ciphersuite
-	echo "${PREFIX}Checking DTLS 1.2 with RSA..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	eval "${GETPORT}"
-	launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-	PID=$!
-	wait_udp_server ${PID}
-
-	echo "${PREFIX}Checking DTLS 1.2 with ECDHE-RSA..."
-	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+GROUP-ALL:+MAC-ALL:+VERS-DTLS1.2:+ECDHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-}
-
-WAITPID=""
-for mod in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
-	run_client_suite $mod &
-	WAITPID="$WAITPID $!"
-done
-
-for i in "$WAITPID";do
-	wait $i
-	test $? != 0 && exit 1
-done
-
-echo "${PREFIX}Client mode tests were successfully completed"
-echo "${PREFIX}"
-echo "${PREFIX}###############################################"
-echo "${PREFIX}# Server mode tests (gnutls server-openssl cli#"
-echo "${PREFIX}###############################################"
-SERV="${SERV} -q"
-
-# Note that openssl s_client does not return error code on failure
-
-run_server_suite() {
-	ADD=$1
-	PREFIX=""
-	if ! test -z "${ADD}"; then
-		PREFIX="$(echo $ADD|sed 's/://g'): "
-	fi
-
-	if test "${HAVE_NOT_SSL3}" != 1 && test "${ENABLE_SSL3}" = 1; then
-
-		echo "${PREFIX}Check SSL 3.0 with RSA ciphersuite"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+SHA1:+ARCFOUR-128:+3DES-CBC:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-		PID=$!
-		wait_server ${PID}
-
-		${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		if test "${NO_RC4}" != 1; then
-			echo "${PREFIX}Check SSL 3.0 with RSA-RC4-SHA ciphersuite"
-			${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-SHA </dev/null 2>&1 | grep "\:error\:" && \
-				fail ${PID} "Failed"
-		fi
-
-		kill ${PID}
-		wait
-
-		echo "${PREFIX}Check SSL 3.0 with DHE-RSA ciphersuite"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-		PID=$!
-		wait_server ${PID}
-
-		${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-
-		if test "${NO_DSS}" = 0; then
-			echo "${PREFIX}Check SSL 3.0 with DHE-DSS ciphersuite"
-			eval "${GETPORT}"
-			launch_server --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
-			PID=$!
-			wait_server ${PID}
-
-			${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-				fail ${PID} "Failed"
-
-			kill ${PID}
-			wait
-		fi
-	fi
-
-	#TLS 1.0
-
-	# This test was disabled because it doesn't work as expected with openssl 1.0.0d
-	#echo "${PREFIX}Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
-	#launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-	#PID=$!
-	#wait_server ${PID}
-	#
-	#${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-	#	fail ${PID} "Failed"
-	#
-	#kill ${PID}
-	#wait
-
-	if test "${NO_NULL}" = 0; then
-		echo "${PREFIX}Check TLS 1.0 with RSA-NULL ciphersuite"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-		PID=$!
-		wait_server ${PID}
-
-		${OPENSSL} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-	fi
-
-	echo "${PREFIX}Check TLS 1.0 with DHE-RSA ciphersuite"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-	PID=$!
-	wait_server ${PID}
-
-	${OPENSSL} s_client -cipher DHE:@SECLEVEL=1 -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	if test "${NO_DSS}" = 0; then
-		echo "${PREFIX}Check TLS 1.0 with DHE-DSS ciphersuite"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
-		PID=$!
-		wait_server ${PID}
-
-		${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -sigalgs "$SIGALGS" -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-	fi
-
-	echo "${PREFIX}Check TLS 1.0 with ECDHE-RSA ciphersuite"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-	PID=$!
-	wait_server ${PID}
-
-	#-cipher ECDHE-RSA-AES128-SHA
-	${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	if test "${FIPS_CURVES}" != 1; then
-		echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
-		PID=$!
-		wait_server ${PID}
-
-		#-cipher ECDHE-ECDSA-AES128-SHA
-		${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-	fi
-
-	echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
-	PID=$!
-	wait_server ${PID}
-
-	#-cipher ECDHE-ECDSA-AES128-SHA
-	${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
-	PID=$!
-	wait_server ${PID}
-
-	#-cipher ECDHE-ECDSA-AES128-SHA
-	${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	if test "${FIPS_CURVES}" != 1; then
-		echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
-		PID=$!
-		wait_server ${PID}
-
-		#-cipher ECDHE-ECDSA-AES128-SHA
-		${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-	fi
-
-	echo "${PREFIX}Check TLS 1.0 with PSK ciphersuite"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-	PID=$!
-	wait_server ${PID}
-
-	#-cipher PSK-AES128-SHA
-	${OPENSSL} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	if test ${NO_TLS1_2} = 0; then
-		# test resumption
-		echo "${PREFIX}Check TLS 1.2 with resumption"
-		eval "${GETPORT}"
-		launch_server --priority "NORMAL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-		PID=$!
-		wait_server ${PID}
-
-		${OPENSSL} s_client -host localhost -reconnect -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-
-		echo "${PREFIX}Check TLS 1.2 with DHE-RSA ciphersuite"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-		PID=$!
-		wait_server ${PID}
-
-		${OPENSSL} s_client -cipher DHE -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-
-		if test "${NO_DSS}" = 0; then
-			echo "${PREFIX}Check TLS 1.2 with DHE-DSS ciphersuite"
-			eval "${GETPORT}"
-			launch_server --priority "NONE:+CIPHER-ALL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
-			PID=$!
-			wait_server ${PID}
-
-			${OPENSSL} s_client -cipher DHE -host localhost -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-				fail ${PID} "Failed"
-
-			kill ${PID}
-			wait
-		fi
-
-		echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-		PID=$!
-		wait_server ${PID}
-
-		#-cipher ECDHE-RSA-AES128-SHA
-		${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-
-		if test "${HAVE_X22519}" = 0; then
-			echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite (X25519)"
-			eval "${GETPORT}"
-			launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-			PID=$!
-			wait_server ${PID}
-
-			${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-				fail ${PID} "Failed"
-
-			kill ${PID}
-			wait
-		fi
-
-		if test "${FIPS_CURVES}" != 1; then
-			echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-			eval "${GETPORT}"
-			launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
-			PID=$!
-			wait_server ${PID}
-
-			#-cipher ECDHE-ECDSA-AES128-SHA
-			${OPENSSL} s_client -host localhost -cipher 'ALL:@SECLEVEL=1' -tls1_2 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-				fail ${PID} "Failed"
-
-			kill ${PID}
-			wait
-		fi
-
-		echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
-		PID=$!
-		wait_server ${PID}
-
-		#-cipher ECDHE-ECDSA-AES128-SHA
-		${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-
-		echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
-		PID=$!
-		wait_server ${PID}
-
-		#-cipher ECDHE-ECDSA-AES128-SHA
-		${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-
-		if test "${FIPS_CURVES}" != 1; then
-			echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-			eval "${GETPORT}"
-			launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
-			PID=$!
-			wait_server ${PID}
-
-			#-cipher ECDHE-ECDSA-AES128-SHA
-			${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-				fail ${PID} "Failed"
-
-			kill ${PID}
-			wait
-		fi
-
-		echo "${PREFIX}Check TLS 1.2 with PSK ciphersuite"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-		PID=$!
-		wait_server ${PID}
-
-		#-cipher PSK-AES128-SHA
-		${OPENSSL} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-
-	fi #NO_TLS1_2
-
-	# DTLS
-	echo "${PREFIX}Check DTLS 1.0 with RSA ciphersuite"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-	PID=$!
-	wait_udp_server ${PID}
-
-	${OPENSSL} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-
-	echo "${PREFIX}Check DTLS 1.0 with DHE-RSA ciphersuite"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-	PID=$!
-	wait_udp_server ${PID}
-
-
-	${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	if test "${NO_DSS}" = 0; then
-		echo "${PREFIX}Check DTLS 1.0 with DHE-DSS ciphersuite"
-		eval "${GETPORT}"
-		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
-		PID=$!
-		wait_udp_server ${PID}
-
-
-		${OPENSSL} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-			fail ${PID} "Failed"
-
-		kill ${PID}
-		wait
-	fi
-
-	echo "${PREFIX}Check DTLS 1.2 with AES-CBC"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-	PID=$!
-	wait_udp_server ${PID}
-
-	${OPENSSL} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	echo "${PREFIX}Check DTLS 1.2 with RSA ciphersuite"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-	PID=$!
-	wait_udp_server ${PID}
-
-	${OPENSSL} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-
-	echo "${PREFIX}Check DTLS 1.2 with DHE-RSA ciphersuite"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-	PID=$!
-	wait_udp_server ${PID}
-
-
-	${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-	echo "${PREFIX}Check DTLS 1.2 with ECDHE-RSA"
-	eval "${GETPORT}"
-	launch_server --priority "NONE:+GROUP-ALL:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+ECDHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-	PID=$!
-	wait_udp_server ${PID}
-
-
-	${OPENSSL} s_client -cipher ECDHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-		fail ${PID} "Failed"
-
-	kill ${PID}
-	wait
-
-}
-
-WAITPID=""
-for mod in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" ":%SAFE_RENEGOTIATION"; do
-	run_server_suite $mod &
-	WAITPID="$WAITPID $!"
-done
-
-for i in "$WAITPID";do
-	wait $i
-	test $? != 0 && exit 1
-done
-
-exit 0
diff --git a/tests/suite/testcompat-openssl-cli-common.sh b/tests/suite/testcompat-openssl-cli-common.sh
new file mode 100755
index 0000000000..8f0418647d
--- /dev/null
+++ b/tests/suite/testcompat-openssl-cli-common.sh
@@ -0,0 +1,512 @@
+#!/bin/sh
+
+# Copyright (c) 2010-2016, Free Software Foundation, Inc.
+# Copyright (c) 2012-2016, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+: ${srcdir=.}
+: ${SERV=../../src/gnutls-serv${EXEEXT}}
+: ${CLI=../../src/gnutls-cli${EXEEXT}}
+unset RETCODE
+
+if ! test -x "${CLI}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+if test "${WINDIR}" != ""; then
+	exit 77
+fi
+
+. "${srcdir}/../scripts/common.sh"
+
+: ${PORT=${RPORT}}
+
+: ${OPENSSL=openssl}
+SIGALGS=RSA+SHA1:RSA+SHA256
+
+echo "Compatibility checks using "`${OPENSSL} version`
+${OPENSSL} version|grep -e '1\.[0-9]\..' >/dev/null 2>&1
+if test $? != 0; then
+	echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
+	exit 77
+fi
+
+. "${srcdir}/testcompat-common"
+
+${OPENSSL} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1
+HAVE_X25519=$?
+
+test $HAVE_X25519 != 0 && echo "Disabling interop tests for x25519"
+
+${OPENSSL} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1
+NO_TLS1_2=$?
+
+test $NO_TLS1_2 != 0 && echo "Disabling interop tests for TLS 1.2"
+
+${OPENSSL} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1
+if test $? = 0;then
+	NO_DH_PARAMS=0
+else
+	NO_DH_PARAMS=1
+fi
+
+${OPENSSL} ciphers -v ALL 2>&1|grep -e DHE-DSS >/dev/null 2>&1
+NO_DSS=$?
+
+if test $NO_DSS != 0;then
+	echo "Disabling interop tests for DSS ciphersuites"
+else
+	DSA_PARAMS="-dkey ${DSA_KEY} -dcert ${DSA_CERT}"
+	SIGALGS="$SIGALGS:DSA+SHA1:DSA+SHA256"
+fi
+
+${OPENSSL} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1
+NO_CAMELLIA=$?
+
+test $NO_CAMELLIA != 0 && echo "Disabling interop tests for Camellia ciphersuites"
+
+${OPENSSL} ciphers -v ALL 2>&1|grep -e RC4 >/dev/null 2>&1
+NO_RC4=$?
+
+test $NO_RC4 != 0 && echo "Disabling interop tests for RC4 ciphersuites"
+
+${OPENSSL} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1
+NO_3DES=$?
+
+test $NO_3DES != 0 && echo "Disabling interop tests for 3DES ciphersuites"
+
+${OPENSSL} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1
+NO_NULL=$?
+
+test $NO_NULL != 0 && echo "Disabling interop tests for NULL ciphersuites"
+
+${OPENSSL} ecparam -list_curves 2>&1|grep -e prime192v1 >/dev/null 2>&1
+NO_PRIME192v1=$?
+
+test $NO_PRIME192v1 != 0 && echo "Disabling interop tests for prime192v1 ecparam"
+
+if test "${NO_DH_PARAMS}" = 0;then
+	OPENSSL_DH_PARAMS_OPT=""
+else
+	OPENSSL_DH_PARAMS_OPT="-dhparam \"${DH_PARAMS}\""
+fi
+
+${OPENSSL} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1
+HAVE_NOT_SSL3=$?
+
+if test $HAVE_NOT_SSL3 = 0;then
+	eval "${GETPORT}"
+	launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -key "${RSA_KEY}" -cert "${RSA_CERT}" >/dev/null 2>&1
+	PID=$!
+	wait_server ${PID}
+
+	${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 </dev/null 2>&1 | grep "\:error\:" && \
+		HAVE_NOT_SSL3=1
+	kill ${PID}
+	wait
+fi
+
+test $HAVE_NOT_SSL3 != 0 && echo "Disabling interop tests for SSL 3.0"
+
+
+echo "#################################################"
+echo "# Client mode tests (gnutls cli-openssl server) #"
+echo "#################################################"
+
+ADD=$1
+PREFIX=""
+if ! test -z "${ADD}"; then
+	PREFIX="$(echo $ADD|sed 's/://g'): "
+fi
+
+if test "${HAVE_NOT_SSL3}" != 1 && test "${ENABLE_SSL3}" = 1; then
+	# It seems debian disabled SSL 3.0 completely on openssl
+
+	eval "${GETPORT}"
+	launch_bare_server "$OPENSSL" s_server -cipher ALL -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+	PID=$!
+	wait_server ${PID}
+
+	# Test SSL 3.0 with RSA ciphersuite
+	echo "${PREFIX}Checking SSL 3.0 with RSA..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	# Test SSL 3.0 with DHE-RSA ciphersuite
+	echo "${PREFIX}Checking SSL 3.0 with DHE-RSA..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	if test "${NO_DSS}" = 0; then
+		# Test SSL 3.0 with DHE-DSS ciphersuite
+		echo "${PREFIX}Checking SSL 3.0 with DHE-DSS..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+	fi
+
+	kill ${PID}
+	wait
+
+	if test "${NO_RC4}" != 1; then
+		eval "${GETPORT}"
+		launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-SHA >/dev/null
+		PID=$!
+		wait_server ${PID}
+
+		echo "${PREFIX}Checking SSL 3.0 with RSA-RC4-SHA..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+fi
+
+if test "${NO_NULL}" = 0; then
+	#-cipher RSA-NULL
+	eval "${GETPORT}"
+	launch_bare_server "$OPENSSL" s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+	PID=$!
+	wait_server ${PID}
+
+	# Test TLS 1.0 with RSA-NULL ciphersuite
+	echo "${PREFIX}Checking TLS 1.0 with RSA-NULL..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+fi
+
+#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
+eval "${GETPORT}"
+launch_bare_server "$OPENSSL" s_server -cipher "ALL:@SECLEVEL=1" -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+PID=$!
+wait_server ${PID}
+
+# Test TLS 1.0 with RSA ciphersuite
+if test "${NO_3DES}" != 1; then
+	echo "${PREFIX}Checking TLS 1.0 with RSA and 3DES-CBC..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+fi
+
+echo "${PREFIX}Checking TLS 1.0 with RSA and AES-128-CBC..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+echo "${PREFIX}Checking TLS 1.0 with RSA and AES-256-CBC..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+if test "${NO_CAMELLIA}" != 1; then
+	echo "${PREFIX}Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	echo "${PREFIX}Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+fi
+
+if test "${NO_DSS}" = 0; then
+	# Test TLS 1.0 with DHE-DSS ciphersuite
+	echo "${PREFIX}Checking TLS 1.0 with DHE-DSS..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+fi
+
+# Test TLS 1.0 with DHE-RSA ciphersuite
+echo "${PREFIX}Checking TLS 1.0 with DHE-RSA..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+# Test TLS 1.0 with DHE-RSA ciphersuite
+echo "${PREFIX}Checking TLS 1.0 with ECDHE-RSA..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+if test "${FIPS_CURVES}" != 1 && test "${NO_PRIME192v1}" != 1; then
+	eval "${GETPORT}"
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve prime192v1 -CAfile "${CA_CERT}" >/dev/null
+	PID=$!
+	wait_server ${PID}
+
+	# Test TLS 1.2 with ECDHE-ECDSA ciphersuite
+	echo "${PREFIX}Checking TLS 1.0 with ECDHE-RSA (SECP192R1)..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-SECP192R1${ADD}" --insecure </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	eval "${GETPORT}"
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+	PID=$!
+	wait_server ${PID}
+
+	# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+	echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+fi
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+eval "${GETPORT}"
+launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+PID=$!
+wait_server ${PID}
+
+# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+eval "${GETPORT}"
+launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+PID=$!
+wait_server ${PID}
+
+# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+#-cipher PSK
+eval "${GETPORT}"
+launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher 'PSK:@SECLEVEL=1' -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
+PID=$!
+wait_server ${PID}
+
+echo "${PREFIX}Checking TLS 1.0 with PSK..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+if test ${NO_TLS1_2} = 0; then
+	# Tests requiring openssl 1.0.1 - TLS 1.2
+	#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
+	eval "${GETPORT}"
+	launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+	PID=$!
+	wait_server ${PID}
+
+	echo "${PREFIX}Checking TLS 1.2 with RSA and AES-128-GCM..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	echo "${PREFIX}Checking TLS 1.2 with RSA and AES-256-GCM..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	echo "${PREFIX}Checking TLS 1.2 with DHE-RSA..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	if test "${NO_DSS}" = 0; then
+		echo "${PREFIX}Checking TLS 1.2 with DHE-DSS..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+	fi
+
+	echo "${PREFIX}Checking TLS 1.2 with ECDHE-RSA..."
+	"${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test "${HAVE_X25519}" = 0; then
+		eval "${GETPORT}"
+		launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -curves X25519 -CAfile "${CA_CERT}" >/dev/null
+		PID=$!
+		wait_server ${PID}
+
+		echo "${PREFIX}Checking TLS 1.2 with ECDHE-RSA (X25519)..."
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --insecure --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	if test "${FIPS_CURVES}" != 1; then
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		eval "${GETPORT}"
+		launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+		PID=$!
+		wait_server ${PID}
+
+		echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	eval "${GETPORT}"
+	launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+	PID=$!
+	wait_server ${PID}
+
+	echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test "${FIPS_CURVES}" != 1; then
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		eval "${GETPORT}"
+		launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
+		PID=$!
+		wait_server ${PID}
+
+		echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
+		${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi #FIPS_CURVES
+fi #NO_TLS1_2
+
+#-cipher PSK
+eval "${GETPORT}"
+launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
+PID=$!
+wait_server ${PID}
+
+echo "${PREFIX}Checking TLS 1.2 with PSK..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+eval "${GETPORT}"
+launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+PID=$!
+wait_udp_server ${PID}
+
+# Test DTLS 1.0 with RSA ciphersuite
+echo "${PREFIX}Checking DTLS 1.0 with RSA..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+eval "${GETPORT}"
+launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+PID=$!
+wait_udp_server ${PID}
+
+# Test DTLS 1.0 with DHE-RSA ciphersuite
+echo "${PREFIX}Checking DTLS 1.0 with DHE-RSA..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+if test "${NO_DSS}" = 0; then
+	eval "${GETPORT}"
+	launch_bare_server "$OPENSSL" s_server -cipher "ALL:@SECLEVEL=1" -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+	PID=$!
+	wait_udp_server ${PID}
+
+	# Test DTLS 1.0 with DHE-DSS ciphersuite
+	echo "${PREFIX}Checking DTLS 1.0 with DHE-DSS..."
+	${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+fi
+
+eval "${GETPORT}"
+launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+PID=$!
+wait_udp_server ${PID}
+
+echo "${PREFIX}Checking DTLS 1.2 with AES-CBC..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+eval "${GETPORT}"
+launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+PID=$!
+wait_udp_server ${PID}
+
+# Test DTLS 1.2 with RSA ciphersuite
+echo "${PREFIX}Checking DTLS 1.2 with RSA..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+eval "${GETPORT}"
+launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
+PID=$!
+wait_udp_server ${PID}
+
+echo "${PREFIX}Checking DTLS 1.2 with ECDHE-RSA..."
+${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+GROUP-ALL:+MAC-ALL:+VERS-DTLS1.2:+ECDHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
diff --git a/tests/suite/testcompat-openssl-cli-compat.sh b/tests/suite/testcompat-openssl-cli-compat.sh
new file mode 100755
index 0000000000..f3513acb55
--- /dev/null
+++ b/tests/suite/testcompat-openssl-cli-compat.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# Copyright (c) 2010-2015, Free Software Foundation, Inc.
+# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this 
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice, 
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+: ${srcdir=.}
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -x /usr/bin/openssl; then
+	echo "You need openssl to run this test"
+	exit 77
+fi
+
+/usr/bin/openssl version|grep fips >/dev/null 2>&1
+if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
+	export FIPS_CURVES=1
+else
+	export FIPS_CURVES=0
+fi
+
+export TZ="UTC"
+
+# Check for datefudge
+. "${srcdir}/../scripts/common.sh"
+
+skip_if_no_datefudge
+
+timeout 1800 datefudge "2012-09-02" \
+"${srcdir}/testcompat-openssl-cli-common.sh" ":%COMPAT"
+
+ret=$?
+test $ret = 124 && exit 77
+
+exit $ret
diff --git a/tests/suite/testcompat-openssl-cli-no-etm.sh b/tests/suite/testcompat-openssl-cli-no-etm.sh
new file mode 100755
index 0000000000..aa941d7092
--- /dev/null
+++ b/tests/suite/testcompat-openssl-cli-no-etm.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# Copyright (c) 2010-2015, Free Software Foundation, Inc.
+# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this 
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice, 
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+: ${srcdir=.}
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -x /usr/bin/openssl; then
+	echo "You need openssl to run this test"
+	exit 77
+fi
+
+/usr/bin/openssl version|grep fips >/dev/null 2>&1
+if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
+	export FIPS_CURVES=1
+else
+	export FIPS_CURVES=0
+fi
+
+export TZ="UTC"
+
+# Check for datefudge
+. "${srcdir}/../scripts/common.sh"
+
+skip_if_no_datefudge
+
+timeout 1800 datefudge "2012-09-02" \
+"${srcdir}/testcompat-openssl-cli-common.sh" ":%NO_ETM"
+
+ret=$?
+test $ret = 124 && exit 77
+
+exit $ret
diff --git a/tests/suite/testcompat-openssl.sh b/tests/suite/testcompat-openssl-cli.sh
index 847eded621..3e1b67018e 100755
--- a/tests/suite/testcompat-openssl.sh
+++ b/tests/suite/testcompat-openssl-cli.sh
@@ -56,7 +56,8 @@ export TZ="UTC"
 
 skip_if_no_datefudge
 
-timeout 1800 datefudge "2012-09-2" "${srcdir}/testcompat-main-openssl"
+timeout 1800 datefudge "2012-09-02" \
+"${srcdir}/testcompat-openssl-cli-common.sh"
 
 ret=$?
 test $ret = 124 && exit 77
diff --git a/tests/suite/testcompat-openssl-serv-common.sh b/tests/suite/testcompat-openssl-serv-common.sh
new file mode 100755
index 0000000000..ae18358521
--- /dev/null
+++ b/tests/suite/testcompat-openssl-serv-common.sh
@@ -0,0 +1,567 @@
+#!/bin/sh
+
+# Copyright (c) 2010-2016, Free Software Foundation, Inc.
+# Copyright (c) 2012-2016, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+: ${srcdir=.}
+: ${SERV=../../src/gnutls-serv${EXEEXT}}
+: ${CLI=../../src/gnutls-cli${EXEEXT}}
+unset RETCODE
+
+if ! test -x "${CLI}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+if test "${WINDIR}" != ""; then
+	exit 77
+fi
+
+. "${srcdir}/../scripts/common.sh"
+
+: ${PORT=${RPORT}}
+
+: ${OPENSSL=openssl}
+SIGALGS=RSA+SHA1:RSA+SHA256
+
+echo "Compatibility checks using "`${OPENSSL} version`
+${OPENSSL} version|grep -e '1\.[0-9]\..' >/dev/null 2>&1
+if test $? != 0; then
+	echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
+	exit 77
+fi
+
+. "${srcdir}/testcompat-common"
+
+${OPENSSL} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1
+HAVE_X25519=$?
+
+test $HAVE_X25519 != 0 && echo "Disabling interop tests for x25519"
+
+${OPENSSL} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1
+NO_TLS1_2=$?
+
+test $NO_TLS1_2 != 0 && echo "Disabling interop tests for TLS 1.2"
+
+${OPENSSL} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1
+if test $? = 0;then
+	NO_DH_PARAMS=0
+else
+	NO_DH_PARAMS=1
+fi
+
+${OPENSSL} ciphers -v ALL 2>&1|grep -e DHE-DSS >/dev/null 2>&1
+NO_DSS=$?
+
+if test $NO_DSS != 0;then
+	echo "Disabling interop tests for DSS ciphersuites"
+else
+	DSA_PARAMS="-dkey ${DSA_KEY} -dcert ${DSA_CERT}"
+	SIGALGS="$SIGALGS:DSA+SHA1:DSA+SHA256"
+fi
+
+${OPENSSL} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1
+NO_CAMELLIA=$?
+
+test $NO_CAMELLIA != 0 && echo "Disabling interop tests for Camellia ciphersuites"
+
+${OPENSSL} ciphers -v ALL 2>&1|grep -e RC4 >/dev/null 2>&1
+NO_RC4=$?
+
+test $NO_RC4 != 0 && echo "Disabling interop tests for RC4 ciphersuites"
+
+${OPENSSL} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1
+NO_3DES=$?
+
+test $NO_3DES != 0 && echo "Disabling interop tests for 3DES ciphersuites"
+
+${OPENSSL} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1
+NO_NULL=$?
+
+test $NO_NULL != 0 && echo "Disabling interop tests for NULL ciphersuites"
+
+${OPENSSL} ecparam -list_curves 2>&1|grep -e prime192v1 >/dev/null 2>&1
+NO_PRIME192v1=$?
+
+test $NO_PRIME192v1 != 0 && echo "Disabling interop tests for prime192v1 ecparam"
+
+if test "${NO_DH_PARAMS}" = 0;then
+	OPENSSL_DH_PARAMS_OPT=""
+else
+	OPENSSL_DH_PARAMS_OPT="-dhparam \"${DH_PARAMS}\""
+fi
+
+${OPENSSL} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1
+HAVE_NOT_SSL3=$?
+
+if test $HAVE_NOT_SSL3 = 0;then
+	eval "${GETPORT}"
+	launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -key "${RSA_KEY}" -cert "${RSA_CERT}" >/dev/null 2>&1
+	PID=$!
+	wait_server ${PID}
+
+	${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 </dev/null 2>&1 | grep "\:error\:" && \
+		HAVE_NOT_SSL3=1
+	kill ${PID}
+	wait
+fi
+
+test $HAVE_NOT_SSL3 != 0 && echo "Disabling interop tests for SSL 3.0"
+
+
+echo "${PREFIX}###############################################"
+echo "${PREFIX}# Server mode tests (gnutls server-openssl cli#"
+echo "${PREFIX}###############################################"
+SERV="${SERV} -q"
+
+# Note that openssl s_client does not return error code on failure
+
+ADD=$1
+PREFIX=""
+if ! test -z "${ADD}"; then
+	PREFIX="$(echo $ADD|sed 's/://g'): "
+fi
+
+if test "${HAVE_NOT_SSL3}" != 1 && test "${ENABLE_SSL3}" = 1; then
+
+	echo "${PREFIX}Check SSL 3.0 with RSA ciphersuite"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+SHA1:+ARCFOUR-128:+3DES-CBC:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+	PID=$!
+	wait_server ${PID}
+
+	${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	if test "${NO_RC4}" != 1; then
+		echo "${PREFIX}Check SSL 3.0 with RSA-RC4-SHA ciphersuite"
+		${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-SHA </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
+	fi
+
+	kill ${PID}
+	wait
+
+	echo "${PREFIX}Check SSL 3.0 with DHE-RSA ciphersuite"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+	PID=$!
+	wait_server ${PID}
+
+	${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test "${NO_DSS}" = 0; then
+		echo "${PREFIX}Check SSL 3.0 with DHE-DSS ciphersuite"
+		eval "${GETPORT}"
+		launch_server --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
+		PID=$!
+		wait_server ${PID}
+
+		${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+fi
+
+#TLS 1.0
+
+# This test was disabled because it doesn't work as expected with openssl 1.0.0d
+#echo "${PREFIX}Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
+#launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+#PID=$!
+#wait_server ${PID}
+#
+#${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+#	fail ${PID} "Failed"
+#
+#kill ${PID}
+#wait
+
+if test "${NO_NULL}" = 0; then
+	echo "${PREFIX}Check TLS 1.0 with RSA-NULL ciphersuite"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+	PID=$!
+	wait_server ${PID}
+
+	${OPENSSL} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+fi
+
+echo "${PREFIX}Check TLS 1.0 with DHE-RSA ciphersuite"
+eval "${GETPORT}"
+launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+PID=$!
+wait_server ${PID}
+
+${OPENSSL} s_client -cipher DHE:@SECLEVEL=1 -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+if test "${NO_DSS}" = 0; then
+	echo "${PREFIX}Check TLS 1.0 with DHE-DSS ciphersuite"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
+	PID=$!
+	wait_server ${PID}
+
+	${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -sigalgs "$SIGALGS" -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+fi
+
+echo "${PREFIX}Check TLS 1.0 with ECDHE-RSA ciphersuite"
+eval "${GETPORT}"
+launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
+PID=$!
+wait_server ${PID}
+
+#-cipher ECDHE-RSA-AES128-SHA
+${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+if test "${FIPS_CURVES}" != 1; then
+	echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+fi
+
+echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+eval "${GETPORT}"
+launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
+PID=$!
+wait_server ${PID}
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+eval "${GETPORT}"
+launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
+PID=$!
+wait_server ${PID}
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+if test "${FIPS_CURVES}" != 1; then
+	echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+fi
+
+echo "${PREFIX}Check TLS 1.0 with PSK ciphersuite"
+eval "${GETPORT}"
+launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
+PID=$!
+wait_server ${PID}
+
+#-cipher PSK-AES128-SHA
+${OPENSSL} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+if test ${NO_TLS1_2} = 0; then
+	# test resumption
+	echo "${PREFIX}Check TLS 1.2 with resumption"
+	eval "${GETPORT}"
+	launch_server --priority "NORMAL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
+	PID=$!
+	wait_server ${PID}
+
+	${OPENSSL} s_client -host localhost -reconnect -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "${PREFIX}Check TLS 1.2 with DHE-RSA ciphersuite"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+	PID=$!
+	wait_server ${PID}
+
+	${OPENSSL} s_client -cipher DHE -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test "${NO_DSS}" = 0; then
+		echo "${PREFIX}Check TLS 1.2 with DHE-DSS ciphersuite"
+		eval "${GETPORT}"
+		launch_server --priority "NONE:+CIPHER-ALL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
+		PID=$!
+		wait_server ${PID}
+
+		${OPENSSL} s_client -cipher DHE -host localhost -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-RSA-AES128-SHA
+	${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test "${HAVE_X22519}" = 0; then
+		echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite (X25519)"
+		eval "${GETPORT}"
+		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
+		PID=$!
+		wait_server ${PID}
+
+		${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	if test "${FIPS_CURVES}" != 1; then
+		echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+		eval "${GETPORT}"
+		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
+		PID=$!
+		wait_server ${PID}
+
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		${OPENSSL} s_client -host localhost -cipher 'ALL:@SECLEVEL=1' -tls1_2 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher ECDHE-ECDSA-AES128-SHA
+	${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+	if test "${FIPS_CURVES}" != 1; then
+		echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+		eval "${GETPORT}"
+		launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
+		PID=$!
+		wait_server ${PID}
+
+		#-cipher ECDHE-ECDSA-AES128-SHA
+		${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
+	fi
+
+	echo "${PREFIX}Check TLS 1.2 with PSK ciphersuite"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
+	PID=$!
+	wait_server ${PID}
+
+	#-cipher PSK-AES128-SHA
+	${OPENSSL} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+
+fi #NO_TLS1_2
+
+# DTLS
+echo "${PREFIX}Check DTLS 1.0 with RSA ciphersuite"
+eval "${GETPORT}"
+launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+PID=$!
+wait_udp_server ${PID}
+
+${OPENSSL} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+
+echo "${PREFIX}Check DTLS 1.0 with DHE-RSA ciphersuite"
+eval "${GETPORT}"
+launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+PID=$!
+wait_udp_server ${PID}
+
+
+${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+if test "${NO_DSS}" = 0; then
+	echo "${PREFIX}Check DTLS 1.0 with DHE-DSS ciphersuite"
+	eval "${GETPORT}"
+	launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
+	PID=$!
+	wait_udp_server ${PID}
+
+
+	${OPENSSL} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+		fail ${PID} "Failed"
+
+	kill ${PID}
+	wait
+fi
+
+echo "${PREFIX}Check DTLS 1.2 with AES-CBC"
+eval "${GETPORT}"
+launch_server --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+PID=$!
+wait_udp_server ${PID}
+
+${OPENSSL} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+echo "${PREFIX}Check DTLS 1.2 with RSA ciphersuite"
+eval "${GETPORT}"
+launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+PID=$!
+wait_udp_server ${PID}
+
+${OPENSSL} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+
+echo "${PREFIX}Check DTLS 1.2 with DHE-RSA ciphersuite"
+eval "${GETPORT}"
+launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+PID=$!
+wait_udp_server ${PID}
+
+
+${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
+
+echo "${PREFIX}Check DTLS 1.2 with ECDHE-RSA"
+eval "${GETPORT}"
+launch_server --priority "NONE:+GROUP-ALL:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+ECDHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
+PID=$!
+wait_udp_server ${PID}
+
+
+${OPENSSL} s_client -cipher ECDHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+	fail ${PID} "Failed"
+
+kill ${PID}
+wait
diff --git a/tests/suite/testcompat-openssl-serv-compat.sh b/tests/suite/testcompat-openssl-serv-compat.sh
new file mode 100755
index 0000000000..79a2b458e5
--- /dev/null
+++ b/tests/suite/testcompat-openssl-serv-compat.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# Copyright (c) 2010-2015, Free Software Foundation, Inc.
+# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this 
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice, 
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+: ${srcdir=.}
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -x /usr/bin/openssl; then
+	echo "You need openssl to run this test"
+	exit 77
+fi
+
+/usr/bin/openssl version|grep fips >/dev/null 2>&1
+if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
+	export FIPS_CURVES=1
+else
+	export FIPS_CURVES=0
+fi
+
+export TZ="UTC"
+
+# Check for datefudge
+. "${srcdir}/../scripts/common.sh"
+
+skip_if_no_datefudge
+
+timeout 1800 datefudge "2012-09-02" \
+"${srcdir}/testcompat-openssl-serv-common.sh" ":%COMPAT"
+
+ret=$?
+test $ret = 124 && exit 77
+
+exit $ret
diff --git a/tests/suite/testcompat-openssl-serv-no-etm.sh b/tests/suite/testcompat-openssl-serv-no-etm.sh
new file mode 100755
index 0000000000..68c540f67f
--- /dev/null
+++ b/tests/suite/testcompat-openssl-serv-no-etm.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# Copyright (c) 2010-2015, Free Software Foundation, Inc.
+# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this 
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice, 
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+: ${srcdir=.}
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -x /usr/bin/openssl; then
+	echo "You need openssl to run this test"
+	exit 77
+fi
+
+/usr/bin/openssl version|grep fips >/dev/null 2>&1
+if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
+	export FIPS_CURVES=1
+else
+	export FIPS_CURVES=0
+fi
+
+export TZ="UTC"
+
+# Check for datefudge
+. "${srcdir}/../scripts/common.sh"
+
+skip_if_no_datefudge
+
+timeout 1800 datefudge "2012-09-02" \
+"${srcdir}/testcompat-openssl-serv-common.sh" ":%NO_ETM"
+
+ret=$?
+test $ret = 124 && exit 77
+
+exit $ret
diff --git a/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh b/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh
new file mode 100755
index 0000000000..4e71716c54
--- /dev/null
+++ b/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# Copyright (c) 2010-2015, Free Software Foundation, Inc.
+# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this 
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice, 
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+: ${srcdir=.}
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -x /usr/bin/openssl; then
+	echo "You need openssl to run this test"
+	exit 77
+fi
+
+/usr/bin/openssl version|grep fips >/dev/null 2>&1
+if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
+	export FIPS_CURVES=1
+else
+	export FIPS_CURVES=0
+fi
+
+export TZ="UTC"
+
+# Check for datefudge
+. "${srcdir}/../scripts/common.sh"
+
+skip_if_no_datefudge
+
+timeout 1800 datefudge "2012-09-02" \
+"${srcdir}/testcompat-openssl-serv-common.sh" ":%DISABLE_SAFE_RENEGOTIATION"
+
+ret=$?
+test $ret = 124 && exit 77
+
+exit $ret
diff --git a/tests/suite/testcompat-openssl-serv-no-tickets.sh b/tests/suite/testcompat-openssl-serv-no-tickets.sh
new file mode 100755
index 0000000000..137b697b20
--- /dev/null
+++ b/tests/suite/testcompat-openssl-serv-no-tickets.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# Copyright (c) 2010-2015, Free Software Foundation, Inc.
+# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this 
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice, 
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+: ${srcdir=.}
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -x /usr/bin/openssl; then
+	echo "You need openssl to run this test"
+	exit 77
+fi
+
+/usr/bin/openssl version|grep fips >/dev/null 2>&1
+if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
+	export FIPS_CURVES=1
+else
+	export FIPS_CURVES=0
+fi
+
+export TZ="UTC"
+
+# Check for datefudge
+. "${srcdir}/../scripts/common.sh"
+
+skip_if_no_datefudge
+
+timeout 1800 datefudge "2012-09-02" \
+"${srcdir}/testcompat-openssl-serv-common.sh" ":%NO_TICKETS"
+
+ret=$?
+test $ret = 124 && exit 77
+
+exit $ret
diff --git a/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh b/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh
new file mode 100755
index 0000000000..dd866af888
--- /dev/null
+++ b/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# Copyright (c) 2010-2015, Free Software Foundation, Inc.
+# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this 
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice, 
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+: ${srcdir=.}
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -x /usr/bin/openssl; then
+	echo "You need openssl to run this test"
+	exit 77
+fi
+
+/usr/bin/openssl version|grep fips >/dev/null 2>&1
+if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
+	export FIPS_CURVES=1
+else
+	export FIPS_CURVES=0
+fi
+
+export TZ="UTC"
+
+# Check for datefudge
+. "${srcdir}/../scripts/common.sh"
+
+skip_if_no_datefudge
+
+timeout 1800 datefudge "2012-09-02" \
+"${srcdir}/testcompat-openssl-serv-common.sh" ":%SAFE_RENEGOTIATION"
+
+ret=$?
+test $ret = 124 && exit 77
+
+exit $ret
diff --git a/tests/suite/testcompat-openssl-serv.sh b/tests/suite/testcompat-openssl-serv.sh
new file mode 100755
index 0000000000..788e2abea2
--- /dev/null
+++ b/tests/suite/testcompat-openssl-serv.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# Copyright (c) 2010-2015, Free Software Foundation, Inc.
+# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this 
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice, 
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+: ${srcdir=.}
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -x /usr/bin/openssl; then
+	echo "You need openssl to run this test"
+	exit 77
+fi
+
+/usr/bin/openssl version|grep fips >/dev/null 2>&1
+if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
+	export FIPS_CURVES=1
+else
+	export FIPS_CURVES=0
+fi
+
+export TZ="UTC"
+
+# Check for datefudge
+. "${srcdir}/../scripts/common.sh"
+
+skip_if_no_datefudge
+
+timeout 1800 datefudge "2012-09-02" \
+"${srcdir}/testcompat-openssl-serv-common.sh"
+
+ret=$?
+test $ret = 124 && exit 77
+
+exit $ret