16 files changed, 306 insertions, 372 deletions

diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
index bdc67f627a..e1e9633d37 100644
--- a/src/regress/lib/libssl/interop/Makefile
+++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,6 +1,6 @@
-# $OpenBSD: Makefile,v 1.21 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.23 2025/07/25 16:33:15 tb Exp $
 
-SUBDIR =        libressl openssl33 openssl34
+SUBDIR =        libressl openssl35
 
 # the above binaries must have been built before we can continue
 SUBDIR +=       netcat
diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile
index 85877d4290..56bcdaf4bd 100644
--- a/src/regress/lib/libssl/interop/botan/Makefile
+++ b/src/regress/lib/libssl/interop/botan/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -20,11 +20,8 @@ CXX = /usr/local/bin/eg++
 .endif
 
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
+.if exists(/usr/local/bin/eopenssl35)
+LIBRARIES +=            openssl35
 .endif
 
 PROGS =         client
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
index 74c63c86a8..9698c56acd 100644
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.14 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.16 2025/07/25 16:33:15 tb Exp $
 
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 3.x.  Create client and server certificates
@@ -7,11 +7,8 @@
 # and check the result of certificate verification.
 
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
+.if exists(/usr/local/bin/eopenssl35)
+LIBRARIES +=            openssl35
 .endif
 
 .for cca in noca ca fakeca
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index fa7e25f9ee..5bdc9089fe 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.19 2025/07/25 16:33:15 tb Exp $
 
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or 3.0.  Create lists of supported ciphers
@@ -7,11 +7,8 @@
 # have used correct cipher by grepping in their session print out.
 
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
+.if exists(/usr/local/bin/eopenssl35)
+LIBRARIES +=            openssl35
 .endif
 
 CLEANFILES =    *.tmp *.ciphers ciphers.mk
@@ -41,8 +38,7 @@ client-${clib}-server-${slib}.ciphers: \
         uniq -d <$@.tmp >$@
         # we are only interested in ciphers supported by libressl
         sort $@ client-libressl.ciphers >$@.tmp
-. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \
-        "${clib}" == "openssl34" || "${slib}" == "openssl34"
+. if "${clib}" == "openssl35" || "${slib}" == "openssl35"
         # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
         sed -i '/^TLS_/d' $@.tmp
 . endif
@@ -70,8 +66,7 @@ regress: ciphers.mk
 .endif
 
 LEVEL_libressl =
-LEVEL_openssl33 = ,@SECLEVEL=0
-LEVEL_openssl34 = ,@SECLEVEL=0
+LEVEL_openssl35 = ,@SECLEVEL=0
 
 .for clib in ${LIBRARIES}
 .for slib in ${LIBRARIES}
@@ -132,7 +127,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
 . endif
 . if "${clib}" == "libressl"
         # libressl client may prefer chacha-poly if aes-ni is not supported
-.  if "${slib}" == "openssl33" || "${slib}" == "openssl34"
+.  if "${slib}" == "openssl35"
         egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
 .  else
         egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
index 3b8e3f95be..cff6b7ea76 100644
--- a/src/regress/lib/libssl/interop/netcat/Makefile
+++ b/src/regress/lib/libssl/interop/netcat/Makefile
@@ -1,11 +1,8 @@
-# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
+.if exists(/usr/local/bin/eopenssl35)
+LIBRARIES +=            openssl35
 .endif
 
 # run netcat server and connect with test client
diff --git a/src/regress/lib/libssl/interop/openssl33/Makefile b/src/regress/lib/libssl/interop/openssl33/Makefile
deleted file mode 100644
index eff61704d0..0000000000
--- a/src/regress/lib/libssl/interop/openssl33/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
-
-.if ! exists(/usr/local/bin/eopenssl33)
-regress:
-        # install openssl-3.3 from ports for interop tests
-        @echo 'Run "pkg_add openssl--%3.3" to run tests against OpenSSL 3.3'
-        @echo SKIPPED
-.else
-
-PROGS =                 client server
-CFLAGS +=               -DOPENSSL_SUPPRESS_DEPRECATED
-CPPFLAGS =              -I /usr/local/include/eopenssl33
-LDFLAGS =               -L /usr/local/lib/eopenssl33
-LDADD =                 -lssl -lcrypto
-DPADD =                 /usr/local/lib/eopenssl33/libssl.a \
-                        /usr/local/lib/eopenssl33/libcrypto.a
-LD_LIBRARY_PATH =       /usr/local/lib/eopenssl33
-REGRESS_TARGETS =       run-self-client-server
-.for p in ${PROGS}
-REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
-.endfor
-
-.for p in ${PROGS}
-
-run-ldd-$p: ldd-$p.out
-        # check that $p is linked with OpenSSL 3.3
-        grep -q /usr/local/lib/eopenssl33/libcrypto.so ldd-$p.out
-        grep -q /usr/local/lib/eopenssl33/libssl.so ldd-$p.out
-        # check that $p is not linked with LibreSSL
-        ! grep -v libc.so ldd-$p.out | grep /usr/lib/
-
-run-version-$p: $p-self.out
-        # check that runtime version is OpenSSL 3.3
-        grep 'SSLEAY_VERSION: OpenSSL 3.3' $p-self.out
-
-run-protocol-$p: $p-self.out
-        # check that OpenSSL 3.3 protocol version is TLS 1.3
-        grep 'Protocol *: TLSv1.3' $p-self.out
-
-.endfor
-
-.endif # exists(/usr/local/bin/eopenssl33)
-
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl34/Makefile b/src/regress/lib/libssl/interop/openssl34/Makefile
deleted file mode 100644
index 72246bb621..0000000000
--- a/src/regress/lib/libssl/interop/openssl34/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
-
-.if ! exists(/usr/local/bin/eopenssl34)
-regress:
-        # install openssl-3.4 from ports for interop tests
-        @echo 'Run "pkg_add openssl--%3.4" to run tests against OpenSSL 3.4'
-        @echo SKIPPED
-.else
-
-PROGS =                 client server
-CFLAGS +=               -DOPENSSL_SUPPRESS_DEPRECATED
-CPPFLAGS =              -I /usr/local/include/eopenssl34
-LDFLAGS =               -L /usr/local/lib/eopenssl34
-LDADD =                 -lssl -lcrypto
-DPADD =                 /usr/local/lib/eopenssl34/libssl.a \
-                        /usr/local/lib/eopenssl34/libcrypto.a
-LD_LIBRARY_PATH =       /usr/local/lib/eopenssl34
-REGRESS_TARGETS =       run-self-client-server
-.for p in ${PROGS}
-REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
-.endfor
-
-.for p in ${PROGS}
-
-run-ldd-$p: ldd-$p.out
-        # check that $p is linked with OpenSSL 3.4
-        grep -q /usr/local/lib/eopenssl34/libcrypto.so ldd-$p.out
-        grep -q /usr/local/lib/eopenssl34/libssl.so ldd-$p.out
-        # check that $p is not linked with LibreSSL
-        ! grep -v libc.so ldd-$p.out | grep /usr/lib/
-
-run-version-$p: $p-self.out
-        # check that runtime version is OpenSSL 3.4
-        grep 'SSLEAY_VERSION: OpenSSL 3.4' $p-self.out
-
-run-protocol-$p: $p-self.out
-        # check that OpenSSL 3.4 protocol version is TLS 1.3
-        grep 'Protocol *: TLSv1.3' $p-self.out
-
-.endfor
-
-.endif # exists(/usr/local/bin/eopenssl34)
-
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl35/Makefile b/src/regress/lib/libssl/interop/openssl35/Makefile
new file mode 100644
index 0000000000..e11ad5dd20
--- /dev/null
+++ b/src/regress/lib/libssl/interop/openssl35/Makefile
@@ -0,0 +1,44 @@
+# $OpenBSD: Makefile,v 1.1 2025/07/09 17:48:02 tb Exp $
+
+.if ! exists(/usr/local/bin/eopenssl35)
+regress:
+        # install openssl-3.5 from ports for interop tests
+        @echo 'Run "pkg_add openssl--%3.5" to run tests against OpenSSL 3.5'
+        @echo SKIPPED
+.else
+
+PROGS =                 client server
+CFLAGS +=               -DOPENSSL_SUPPRESS_DEPRECATED
+CPPFLAGS =              -I /usr/local/include/eopenssl35
+LDFLAGS =               -L /usr/local/lib/eopenssl35
+LDADD =                 -lssl -lcrypto
+DPADD =                 /usr/local/lib/eopenssl35/libssl.a \
+                        /usr/local/lib/eopenssl35/libcrypto.a
+LD_LIBRARY_PATH =       /usr/local/lib/eopenssl35
+REGRESS_TARGETS =       run-self-client-server
+.for p in ${PROGS}
+REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
+.endfor
+
+.for p in ${PROGS}
+
+run-ldd-$p: ldd-$p.out
+        # check that $p is linked with OpenSSL 3.5
+        grep -q /usr/local/lib/eopenssl35/libcrypto.so ldd-$p.out
+        grep -q /usr/local/lib/eopenssl35/libssl.so ldd-$p.out
+        # check that $p is not linked with LibreSSL
+        ! grep -v -e libc.so -e libpthread.so ldd-$p.out | grep /usr/lib/
+
+run-version-$p: $p-self.out
+        # check that runtime version is OpenSSL 3.5
+        grep 'SSLEAY_VERSION: OpenSSL 3.5' $p-self.out
+
+run-protocol-$p: $p-self.out
+        # check that OpenSSL 3.5 protocol version is TLS 1.3
+        grep 'Protocol *: TLSv1.3' $p-self.out
+
+.endfor
+
+.endif # exists(/usr/local/bin/eopenssl35)
+
+.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
index e9a353f99e..fff66b169b 100644
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ b/src/regress/lib/libssl/interop/session/Makefile
@@ -1,11 +1,8 @@
-# $OpenBSD: Makefile,v 1.12 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.14 2025/07/25 16:33:15 tb Exp $
 
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-#LIBRARIES +=           openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-#LIBRARIES +=           openssl34
+.if exists(/usr/local/bin/eopenssl35)
+#LIBRARIES +=           openssl35
 .endif
 
 run-session-client-libressl-server-libressl:
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
index 605fba252f..5ee7d4c4f3 100644
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or openssl 3.0.  Pin client or server to a fixed TLS
@@ -7,11 +7,8 @@
 # print out.
 
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
+.if exists(/usr/local/bin/eopenssl35)
+LIBRARIES +=            openssl35
 .endif
 
 VERSIONS =      any TLS1_2 TLS1_3
@@ -29,8 +26,7 @@ FAIL_${cver}_${sver} = !
 .for slib in ${LIBRARIES}
 
 .if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
-    ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \
-    (("${clib}" != openssl34 && "${slib}" != openssl34)) || \
+    ((("${clib}" != openssl35 && "${slib}" != openssl35)) || \
     (("${cver}" != any && "${sver}" != any) && \
     ("${cver}" != TLS1 && "${sver}" != TLS1) && \
     ("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
diff --git a/src/regress/lib/libssl/openssl-ruby/Makefile b/src/regress/lib/libssl/openssl-ruby/Makefile
index af8083f662..19d2f2fc40 100644
--- a/src/regress/lib/libssl/openssl-ruby/Makefile
+++ b/src/regress/lib/libssl/openssl-ruby/Makefile
@@ -1,10 +1,10 @@
-#       $OpenBSD: Makefile,v 1.14 2024/08/31 11:14:58 tb Exp $
+#       $OpenBSD: Makefile,v 1.17 2025/06/27 03:32:08 tb Exp $
 
 OPENSSL_RUBY_TESTS =    /usr/local/share/openssl-ruby-tests
-.if exists(/usr/local/bin/ruby32)
-RUBY_BINREV =           32
-.else
+.if exists(/usr/local/bin/ruby33)
 RUBY_BINREV =           33
+.else
+RUBY_BINREV =           34
 .endif
 RUBY =                  ruby${RUBY_BINREV}
 
@@ -71,6 +71,21 @@ ${_t}: ${_BUILD_COOKIE}
                 -n ${_t}
 .endfor
 
+# These tests can be a pain to run. To run a small set of individual
+# ssl tests, set the test names separated by spaces in the environment
+# variable RUBY_SSL_TEST_TARGETS - then you can type "make <test_name>"
+# to run a single ruby ssl test.
+.for _t in ${RUBY_SSL_TEST_TARGETS}
+REGRESS_TARGETS += ${_t}
+REGRESS_EXPECTED_FAILURES += ${_t}
+${_t}: ${_BUILD_COOKIE}
+        cd ${BUILDDIR} && \
+            ${RUBY} -I. -I${OPENSSL_RUBY_TESTS}/test/openssl \
+                -I${OPENSSL_RUBY_TESTS}/lib \
+                ${OPENSSL_RUBY_TESTS}/test/openssl/test_ssl.rb \
+                -n ${_t}
+.endfor
+
 CLEANFILES +=           ${_BUILD_COOKIE} ${_TEST_COOKIE} ${_BUILDDIR_COOKIE}
 
 . if make(clean) || make(cleandir)
diff --git a/src/regress/lib/libssl/pqueue/Makefile b/src/regress/lib/libssl/pqueue/Makefile
index 48c2cb7e61..05fe9a268d 100644
--- a/src/regress/lib/libssl/pqueue/Makefile
+++ b/src/regress/lib/libssl/pqueue/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.1 2016/11/04 19:45:12 jsing Exp $
+#       $OpenBSD: Makefile,v 1.2 2025/05/04 11:04:02 tb Exp $
 
 PROG=   pq_test
 SRC=    ${.CURDIR}/../../../../lib/libssl
@@ -9,9 +9,4 @@ DPADD=	${LIBSSL} ${LIBCRYPTO}
 WARNINGS=       Yes
 CFLAGS+=        -DLIBRESSL_INTERNAL -Werror
 
-REGRESS_TARGETS= regress-pq_test
-
-regress-pq_test: ${PROG}
-        ${.OBJDIR}/pq_test | cmp -s ${.CURDIR}/expected.txt /dev/stdin
-
 .include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/pqueue/expected.txt b/src/regress/lib/libssl/pqueue/expected.txt
deleted file mode 100644
index c59d6cd838..0000000000
--- a/src/regress/lib/libssl/pqueue/expected.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-item    6966726167696c69
-item    7374696365787069
-item    737570657263616c
diff --git a/src/regress/lib/libssl/pqueue/pq_test.c b/src/regress/lib/libssl/pqueue/pq_test.c
index a078ba5366..822fdea961 100644
--- a/src/regress/lib/libssl/pqueue/pq_test.c
+++ b/src/regress/lib/libssl/pqueue/pq_test.c
@@ -59,60 +59,77 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
 #include "pqueue.h"
 
-/* remember to change expected.txt if you change these values */
-unsigned char prio1[8] = "supercal";
-unsigned char prio2[8] = "ifragili";
-unsigned char prio3[8] = "sticexpi";
+static const unsigned char *pq_expected[3] = {
+        "ifragili",
+        "sticexpi",
+        "supercal"
+};
 
-static void
-pqueue_print(pqueue pq)
+static int
+test_pqueue(void)
 {
-        pitem *iter, *item;
-
-        iter = pqueue_iterator(pq);
-        for (item = pqueue_next(&iter); item != NULL;
-            item = pqueue_next(&iter)) {
-                printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n",
-                    item->priority[0], item->priority[1],
-                    item->priority[2], item->priority[3],
-                    item->priority[4], item->priority[5],
-                    item->priority[6], item->priority[7]);
-        }
-}
+        const unsigned char *prio1 = pq_expected[2];
+        const unsigned char *prio2 = pq_expected[0];
+        const unsigned char *prio3 = pq_expected[1];
+        pqueue pq = NULL;
+        pitem *item = NULL;
+        pitem *iter = NULL;
+        int i = 0;
+        int failed = 1;
 
-int
-main(void)
-{
-        pitem *item;
-        pqueue pq;
+        if ((pq = pqueue_new()) == NULL)
+                goto failure;
 
-        pq = pqueue_new();
+        if (!pqueue_insert(pq, pitem_new(prio3, NULL)))
+                goto failure;
+        if (!pqueue_insert(pq, pitem_new(prio1, NULL)))
+                goto failure;
+        if (!pqueue_insert(pq, pitem_new(prio2, NULL)))
+                goto failure;
 
-        item = pitem_new(prio3, NULL);
-        pqueue_insert(pq, item);
+        if (pqueue_size(pq) != 3)
+                goto failure;
 
-        item = pitem_new(prio1, NULL);
-        pqueue_insert(pq, item);
+        if ((item = pqueue_find(pq, prio1)) == NULL)
+                goto failure;
+        if ((item = pqueue_find(pq, prio2)) == NULL)
+                goto failure;
+        if ((item = pqueue_find(pq, prio3)) == NULL)
+                goto failure;
 
-        item = pitem_new(prio2, NULL);
-        pqueue_insert(pq, item);
+        if ((item = pqueue_peek(pq)) == NULL)
+                goto failure;
 
-        item = pqueue_find(pq, prio1);
-        fprintf(stderr, "found %p\n", item->priority);
+        if (memcmp(item->priority, pq_expected[0], 8))
+                goto failure;
 
-        item = pqueue_find(pq, prio2);
-        fprintf(stderr, "found %p\n", item->priority);
+        iter = pqueue_iterator(pq);
+        for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
+                if (memcmp(item->priority, pq_expected[i], 8) != 0)
+                        goto failure;
+                i++;
+        }
 
-        item = pqueue_find(pq, prio3);
-        fprintf(stderr, "found %p\n", item ? item->priority: 0);
+        failed = (i != 3);
 
-        pqueue_print(pq);
+ failure:
 
         for (item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
                 pitem_free(item);
-
         pqueue_free(pq);
-        return 0;
+
+        return failed;
+}
+
+int
+main(void)
+{
+        int failed = 0;
+
+        failed |= test_pqueue();
+
+        return failed;
 }
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 4adf27421d..68584998ce 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.92 2024/09/11 15:04:16 tb Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.94 2025/05/03 08:37:28 tb Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -3740,6 +3740,11 @@ test_tlsext_keyshare_client(void)
                 FAIL("Did not select a key share");
                 goto done;
         }
+        if (tls_key_share_group(ssl->s3->hs.key_share) != 29) {
+                FAIL("wrong key share group: got %d, expected 29\n",
+                     tls_key_share_group(ssl->s3->hs.key_share));
+                goto done;
+        }
 
         /*
          * Pretend the client did not send the supported groups extension. We
@@ -4542,12 +4547,10 @@ test_tlsext_valid_hostnames(void)
 #define N_TLSEXT_RANDOMIZATION_TESTS 1000
 
 static int
-test_tlsext_check_extension_order(SSL *ssl)
+test_tlsext_check_psk_is_last_extension(SSL *ssl)
 {
         const struct tls_extension *ext;
         uint16_t type;
-        size_t alpn_idx, sni_idx;
-        size_t i;
 
         if (ssl->tlsext_build_order_len == 0) {
                 FAIL("Unexpected zero build order length");
@@ -4560,34 +4563,6 @@ test_tlsext_check_extension_order(SSL *ssl)
                 return 1;
         }
 
-        if (ssl->server)
-                return 0;
-
-        alpn_idx = sni_idx = ssl->tlsext_build_order_len;
-        for (i = 0; i < ssl->tlsext_build_order_len; i++) {
-                ext = ssl->tlsext_build_order[i];
-                if (tls_extension_type(ext) == TLSEXT_TYPE_alpn)
-                        alpn_idx = i;
-                if (tls_extension_type(ext) == TLSEXT_TYPE_server_name)
-                        sni_idx = i;
-        }
-
-        if (alpn_idx == ssl->tlsext_build_order_len) {
-                FAIL("could not find alpn extension\n");
-                return 1;
-        }
-
-        if (sni_idx == ssl->tlsext_build_order_len) {
-                FAIL("could not find alpn extension\n");
-                return 1;
-        }
-
-        if (sni_idx >= alpn_idx) {
-                FAIL("sni does not precede alpn: %zu >= %zu\n",
-                    sni_idx, alpn_idx);
-                return 1;
-        }
-
         return 0;
 }
 
@@ -4600,7 +4575,7 @@ test_tlsext_randomized_extensions(SSL *ssl)
         for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) {
                 if (!tlsext_randomize_build_order(ssl))
                         errx(1, "failed to randomize extensions");
-                failed |= test_tlsext_check_extension_order(ssl);
+                failed |= test_tlsext_check_psk_is_last_extension(ssl);
         }
 
         return failed;
diff --git a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
index 91aedad165..ff678ec9a8 100644
--- a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
+++ b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
@@ -1,4 +1,4 @@
-#   $OpenBSD: tlsfuzzer.py,v 1.56 2024/09/18 19:12:37 tb Exp $
+#   $OpenBSD: tlsfuzzer.py,v 1.57 2025/06/15 09:44:57 tb Exp $
 #
 # Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
 #
@@ -72,7 +72,7 @@ def substitute_alert(want, got):
     return f"Expected alert description \"{want}\" " \
         + f"does not match received \"{got}\""
 
-# test-tls13-finished.py has 70 failing tests that expect a "decode_error"
+# test_tls13_finished.py has 70 failing tests that expect a "decode_error"
 # instead of the "decrypt_error" sent by tls13_server_finished_recv().
 # Both alerts appear to be reasonable in this context, so work around this
 # in the test instead of the library.
@@ -164,46 +164,46 @@ def generate_test_tls13_finished_args():
     return args
 
 tls13_tests = TestGroup("TLSv1.3 tests", [
-    Test("test-tls13-ccs.py"),
-    Test("test-tls13-conversation.py"),
-    Test("test-tls13-count-tickets.py"),
-    Test("test-tls13-empty-alert.py"),
-    Test("test-tls13-finished.py", generate_test_tls13_finished_args()),
-    Test("test-tls13-finished-plaintext.py"),
-    Test("test-tls13-hrr.py"),
-    Test("test-tls13-keyshare-omitted.py"),
-    Test("test-tls13-legacy-version.py"),
-    Test("test-tls13-nociphers.py"),
-    Test("test-tls13-record-padding.py"),
+    Test("test_tls13_ccs.py"),
+    Test("test_tls13_conversation.py"),
+    Test("test_tls13_count_tickets.py"),
+    Test("test_tls13_empty_alert.py"),
+    Test("test_tls13_finished.py", generate_test_tls13_finished_args()),
+    Test("test_tls13_finished_plaintext.py"),
+    Test("test_tls13_hrr.py"),
+    Test("test_tls13_keyshare_omitted.py"),
+    Test("test_tls13_legacy_version.py"),
+    Test("test_tls13_nociphers.py"),
+    Test("test_tls13_record_padding.py"),
     # Exclude QUIC transport parameters
-    Test("test-tls13-shuffled-extentions.py", [ "--exc", "57" ]),
-    Test("test-tls13-zero-content-type.py"),
+    Test("test_tls13_shuffled_extentions.py", [ "--exc", "57" ]),
+    Test("test_tls13_zero_content_type.py"),
 
     # The skipped tests fail due to a bug in BIO_gets() which masks the retry
     # signalled from an SSL_read() failure. Testing with httpd(8) shows we're
     # handling these corner cases correctly since tls13_record_layer.c -r1.47.
-    Test("test-tls13-zero-length-data.py", [
+    Test("test_tls13_zero_length_data.py", [
         "-e", "zero-length app data",
         "-e", "zero-length app data with large padding",
         "-e", "zero-length app data with padding",
     ]),
 
     # We don't currently handle NSTs
-    Test("test-tls13-connection-abort.py", ["-e", "After NewSessionTicket"]),
+    Test("test_tls13_connection_abort.py", ["-e", "After NewSessionTicket"]),
 ])
 
 # Tests that take a lot of time (> ~30s on an x280)
 tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
     # XXX: Investigate the occasional message
     # "Got shared secret with 1 most significant bytes equal to zero."
-    Test("test-tls13-dhe-shared-secret-padding.py", tls13_unsupported_ciphers),
+    Test("test_tls13_dhe_shared_secret_padding.py", tls13_unsupported_ciphers),
 
-    Test("test-tls13-invalid-ciphers.py"),
-    Test("test-tls13-serverhello-random.py", tls13_unsupported_ciphers),
+    Test("test_tls13_invalid_ciphers.py"),
+    Test("test_tls13_serverhello_random.py", tls13_unsupported_ciphers),
 
     # Mark two tests cases as xfail for now. The tests expect an arguably
     # correct decode_error while we send a decrypt_error (like fizz/boring).
-    Test("test-tls13-record-layer-limits.py", [
+    Test("test_tls13_record_layer_limits.py", [
         "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_AES_128_GCM_SHA256",
         "-X", substitute_alert("decode_error", "decrypt_error"),
         "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_CHACHA20_POLY1305_SHA256",
@@ -212,22 +212,22 @@ tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
     # We don't accept an empty ECPF extension since it must advertise the
     # uncompressed point format. Exclude this extension type from the test.
     Test(
-        "test-tls13-large-number-of-extensions.py",
+        "test_tls13_large_number_of_extensions.py",
         tls13_args = ["--exc", "11"],
     ),
 ])
 
 tls13_extra_cert_tests = TestGroup("TLSv1.3 certificate tests", [
     # need to set up client certs to run these
-    Test("test-tls13-certificate-request.py"),
-    Test("test-tls13-certificate-verify.py"),
-    Test("test-tls13-ecdsa-in-certificate-verify.py"),
-    Test("test-tls13-eddsa-in-certificate-verify.py"),
+    Test("test_tls13_certificate_request.py"),
+    Test("test_tls13_certificate_verify.py"),
+    Test("test_tls13_ecdsa_in_certificate_verify.py"),
+    Test("test_tls13_eddsa_in_certificate_verify.py"),
 
     # Test expects the server to have installed three certificates:
     # with P-256, P-384 and P-521 curve. Also SHA1+ECDSA is verified
     # to not work.
-    Test("test-tls13-ecdsa-support.py"),
+    Test("test_tls13_ecdsa_support.py"),
 ])
 
 tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
@@ -235,7 +235,7 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
     # With X25519, we accept weak peer public keys and fail when we actually
     # compute the keyshare.  Other tests seem to indicate that we could be
     # stricter about what keyshares we accept.
-    Test("test-tls13-crfg-curves.py", [
+    Test("test_tls13_crfg_curves.py", [
         '-e', 'all zero x448 key share',
         '-e', 'empty x448 key share',
         '-e', 'sanity x448 with compression ansiX962_compressed_char2',
@@ -245,7 +245,7 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
         '-e', 'too small x448 key share',
         '-e', 'x448 key share of "1"',
     ]),
-    Test("test-tls13-ecdhe-curves.py", [
+    Test("test_tls13_ecdhe_curves.py", [
         '-e', 'sanity - x448',
         '-e', 'x448 - key share from other curve',
         '-e', 'x448 - point at infinity',
@@ -258,21 +258,21 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
     # We have the logic corresponding to NSS's fix for CVE-2020-25648
     # https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
     # so should not be affected by this issue.
-    Test("test-tls13-multiple-ccs-messages.py"),
+    Test("test_tls13_multiple_ccs_messages.py"),
 
     # https://github.com/openssl/openssl/issues/8369
-    Test("test-tls13-obsolete-curves.py"),
+    Test("test_tls13_obsolete_curves.py"),
 
     # 3 failing rsa_pss_pss tests
-    Test("test-tls13-rsa-signatures.py"),
+    Test("test_tls13_rsa_signatures.py"),
 
     # The failing tests all expect an ri extension.  What's up with that?
-    Test("test-tls13-version-negotiation.py"),
+    Test("test_tls13_version_negotiation.py"),
 ])
 
 tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
     # Other test failures bugs in keyshare/tlsext negotiation?
-    Test("test-tls13-unrecognised-groups.py"),    # unexpected closure
+    Test("test_tls13_unrecognised_groups.py"),    # unexpected closure
 
     # 5 occasional failures:
     #   'app data split, conversation with KeyUpdate msg'
@@ -280,43 +280,43 @@ tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
     #   'multiple KeyUpdate messages'
     #   'post-handshake KeyUpdate msg with update_not_request'
     #   'post-handshake KeyUpdate msg with update_request'
-    Test("test-tls13-keyupdate.py"),
+    Test("test_tls13_keyupdate.py"),
 
-    Test("test-tls13-symetric-ciphers.py"),       # unexpected message from peer
+    Test("test_tls13_symetric_ciphers.py"),       # unexpected message from peer
 
     # 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature'
     # We send server hello, but the test expects handshake_failure
-    Test("test-tls13-pkcs-signature.py"),
+    Test("test_tls13_pkcs_signature.py"),
     # 8 tests fail: 'tls13 signature rsa_pss_{pss,rsae}_sha{256,384,512}
-    Test("test-tls13-rsapss-signatures.py"),
+    Test("test_tls13_rsapss_signatures.py"),
 ])
 
 tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [
     # Tests for features we don't support
-    Test("test-tls13-0rtt-garbage.py"),
-    Test("test-tls13-ffdhe-groups.py"),
-    Test("test-tls13-ffdhe-sanity.py"),
-    Test("test-tls13-psk_dhe_ke.py"),
-    Test("test-tls13-psk_ke.py"),
+    Test("test_tls13_0rtt_garbage.py"),
+    Test("test_tls13_ffdhe_groups.py"),
+    Test("test_tls13_ffdhe_sanity.py"),
+    Test("test_tls13_psk_dhe_ke.py"),
+    Test("test_tls13_psk_ke.py"),
 
     # need server to react to HTTP GET for /keyupdate
-    Test("test-tls13-keyupdate-from-server.py"),
+    Test("test_tls13_keyupdate_from_server.py"),
 
     # needs an echo server
-    Test("test-tls13-lengths.py"),
+    Test("test_tls13_lengths.py"),
 
     # Weird test: tests servers that don't support 1.3
-    Test("test-tls13-non-support.py"),
+    Test("test_tls13_non_support.py"),
 
     # broken test script
     # UnboundLocalError: local variable 'cert' referenced before assignment
-    Test("test-tls13-post-handshake-auth.py"),
+    Test("test_tls13_post_handshake_auth.py"),
 
     # ExpectNewSessionTicket
-    Test("test-tls13-session-resumption.py"),
+    Test("test_tls13_session_resumption.py"),
 
     # Server must be configured to support only rsa_pss_rsae_sha512
-    Test("test-tls13-signature-algorithms.py"),
+    Test("test_tls13_signature_algorithms.py"),
 ])
 
 tls12_exclude_legacy_protocols = [
@@ -345,52 +345,52 @@ tls12_exclude_legacy_protocols = [
 
 tls12_tests = TestGroup("TLSv1.2 tests", [
     # Tests that pass as they are.
-    Test("test-aes-gcm-nonces.py"),
-    Test("test-connection-abort.py"),
-    Test("test-conversation.py"),
-    Test("test-cve-2016-2107.py"),
-    Test("test-cve-2016-6309.py"),
-    Test("test-dhe-rsa-key-exchange.py"),
-    Test("test-early-application-data.py"),
-    Test("test-empty-extensions.py"),
-    Test("test-extensions.py"),
-    Test("test-fuzzed-MAC.py"),
-    Test("test-fuzzed-ciphertext.py"),
-    Test("test-fuzzed-finished.py"),
-    Test("test-fuzzed-padding.py"),
-    Test("test-fuzzed-plaintext.py"), # fails once in a while
-    Test("test-hello-request-by-client.py"),
-    Test("test-invalid-cipher-suites.py"),
-    Test("test-invalid-content-type.py"),
-    Test("test-invalid-session-id.py"),
-    Test("test-invalid-version.py"),
-    Test("test-large-number-of-extensions.py"),
-    Test("test-lucky13.py"),
-    Test("test-message-skipping.py"),
-    Test("test-no-heartbeat.py"),
-    Test("test-record-layer-fragmentation.py"),
-    Test("test-sslv2-connection.py"),
-    Test("test-truncating-of-finished.py"),
-    Test("test-truncating-of-kRSA-client-key-exchange.py"),
-    Test("test-unsupported-curve-fallback.py"),
-    Test("test-version-numbers.py"),
-    Test("test-zero-length-data.py"),
+    Test("test_aes_gcm_nonces.py"),
+    Test("test_connection_abort.py"),
+    Test("test_conversation.py"),
+    Test("test_cve_2016_2107.py"),
+    Test("test_cve_2016_6309.py"),
+    Test("test_dhe_rsa_key_exchange.py"),
+    Test("test_early_application_data.py"),
+    Test("test_empty_extensions.py"),
+    Test("test_extensions.py"),
+    Test("test_fuzzed_MAC.py"),
+    Test("test_fuzzed_ciphertext.py"),
+    Test("test_fuzzed_finished.py"),
+    Test("test_fuzzed_padding.py"),
+    Test("test_fuzzed_plaintext.py"), # fails once in a while
+    Test("test_hello_request_by_client.py"),
+    Test("test_invalid_cipher_suites.py"),
+    Test("test_invalid_content_type.py"),
+    Test("test_invalid_session_id.py"),
+    Test("test_invalid_version.py"),
+    Test("test_large_number_of_extensions.py"),
+    Test("test_lucky13.py"),
+    Test("test_message_skipping.py"),
+    Test("test_no_heartbeat.py"),
+    Test("test_record_layer_fragmentation.py"),
+    Test("test_sslv2_connection.py"),
+    Test("test_truncating_of_finished.py"),
+    Test("test_truncating_of_kRSA_client_key_exchange.py"),
+    Test("test_unsupported_curve_fallback.py"),
+    Test("test_version_numbers.py"),
+    Test("test_zero_length_data.py"),
 
     # Tests that need tweaking for unsupported features and ciphers.
     Test(
-        "test-atypical-padding.py", [
+        "test_atypical_padding.py", [
             "-e", "sanity - encrypt then MAC",
             "-e", "2^14 bytes of AppData with 256 bytes of padding (SHA1 + Encrypt then MAC)",
         ]
     ),
     Test(
-        "test-ccs.py", [
+        "test_ccs.py", [
             "-x", "two bytes long CCS",
             "-X", substitute_alert("unexpected_message", "decode_error"),
         ]
     ),
     Test(
-        "test-dhe-rsa-key-exchange-signatures.py", [
+        "test_dhe_rsa_key_exchange_signatures.py", [
             "-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature",
             "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature",
             "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature",
@@ -398,14 +398,14 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
             "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature",
         ]
     ),
-    Test("test-dhe-rsa-key-exchange-with-bad-messages.py", [
+    Test("test_dhe_rsa_key_exchange_with_bad_messages.py", [
         "-x", "invalid dh_Yc value - missing",
         "-X", substitute_alert("decode_error", "illegal_parameter"),
     ]),
-    Test("test-dhe-key-share-random.py", tls12_exclude_legacy_protocols),
-    Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.2"]),
+    Test("test_dhe_key_share_random.py", tls12_exclude_legacy_protocols),
+    Test("test_export_ciphers_rejected.py", ["--min-ver", "TLSv1.2"]),
     Test(
-        "test-downgrade-protection.py",
+        "test_downgrade_protection.py",
         tls12_args = ["--server-max-protocol", "TLSv1.2"],
         tls13_args = [
             "--server-max-protocol", "TLSv1.3",
@@ -414,7 +414,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
         ]
     ),
     Test(
-        "test-fallback-scsv.py",
+        "test_fallback_scsv.py",
         tls13_args = [
             "--tls-1.3",
             "-e", "FALLBACK - hello TLSv1.1 - pos 0",
@@ -428,7 +428,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
         ]
     ),
 
-    Test("test-invalid-compression-methods.py", [
+    Test("test_invalid_compression_methods.py", [
         "-x", "invalid compression methods",
         "-X", substitute_alert("illegal_parameter", "decode_error"),
         "-x", "only deflate compression method",
@@ -437,134 +437,134 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
 
     # Skip extended_master_secret test. Since we don't support this
     # extension, we don't notice that it was dropped.
-    Test("test-renegotiation-changed-clienthello.py", [
+    Test("test_renegotiation_changed_clienthello.py", [
         "-e", "drop extended_master_secret in renegotiation",
     ]),
 
-    Test("test-sessionID-resumption.py", [
+    Test("test_sessionID_resumption.py", [
         "-x", "Client Hello too long session ID",
         "-X", substitute_alert("decode_error", "illegal_parameter"),
     ]),
 
     # Without --sig-algs-drop-ok, two tests fail since we do not currently
     # implement the signature_algorithms_cert extension (although we MUST).
-    Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
+    Test("test_sig_algs_renegotiation_resumption.py", ["--sig-algs-drop-ok"]),
 
-    Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols),
+    Test("test_serverhello_random.py", args = tls12_exclude_legacy_protocols),
 
-    Test("test-chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]),
+    Test("test_chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]),
 ])
 
 tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [
-    Test("test-cve-2016-7054.py"),
-    Test("test-dhe-no-shared-secret-padding.py", tls12_exclude_legacy_protocols),
-    Test("test-ecdhe-padded-shared-secret.py", tls12_exclude_legacy_protocols),
-    Test("test-ecdhe-rsa-key-share-random.py", tls12_exclude_legacy_protocols),
+    Test("test_cve_2016_7054.py"),
+    Test("test_dhe_no_shared_secret_padding.py", tls12_exclude_legacy_protocols),
+    Test("test_ecdhe_padded_shared_secret.py", tls12_exclude_legacy_protocols),
+    Test("test_ecdhe_rsa_key_share_random.py", tls12_exclude_legacy_protocols),
     # Start at extension number 58 to avoid QUIC transport parameters (57)
-    Test("test-large-hello.py", [ "-m", "58" ]),
+    Test("test_large_hello.py", [ "-m", "58" ]),
 ])
 
 tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
     # no shared cipher
-    Test("test-aesccm.py"),
+    Test("test_aesccm.py"),
     # need server to set up alpn
-    Test("test-alpn-negotiation.py"),
+    Test("test_alpn_negotiation.py"),
     # Failing on TLS_RSA_WITH_AES_128_CBC_SHA because server does not support it.
-    Test("test-bleichenbacher-timing-pregenerate.py"),
+    Test("test_bleichenbacher_timing_pregenerate.py"),
     # many tests fail due to unexpected server_name extension
-    Test("test-bleichenbacher-workaround.py"),
+    Test("test_bleichenbacher_workaround.py"),
 
     # need client key and cert plus extra server setup
-    Test("test-certificate-malformed.py"),
-    Test("test-certificate-request.py"),
-    Test("test-certificate-verify-malformed-sig.py"),
-    Test("test-certificate-verify-malformed.py"),
-    Test("test-certificate-verify.py"),
-    Test("test-ecdsa-in-certificate-verify.py"),
-    Test("test-eddsa-in-certificate-verify.py"),
-    Test("test-renegotiation-disabled-client-cert.py"),
-    Test("test-rsa-pss-sigs-on-certificate-verify.py"),
-    Test("test-rsa-sigs-on-certificate-verify.py"),
+    Test("test_certificate_malformed.py"),
+    Test("test_certificate_request.py"),
+    Test("test_certificate_verify_malformed_sig.py"),
+    Test("test_certificate_verify_malformed.py"),
+    Test("test_certificate_verify.py"),
+    Test("test_ecdsa_in_certificate_verify.py"),
+    Test("test_eddsa_in_certificate_verify.py"),
+    Test("test_renegotiation_disabled_client_cert.py"),
+    Test("test_rsa_pss_sigs_on_certificate_verify.py"),
+    Test("test_rsa_sigs_on_certificate_verify.py"),
 
     # test doesn't expect session ticket
-    Test("test-client-compatibility.py"),
+    Test("test_client_compatibility.py"),
     # abrupt closure
-    Test("test-client-hello-max-size.py"),
+    Test("test_client_hello_max_size.py"),
     # unknown signature algorithms
-    Test("test-clienthello-md5.py"),
+    Test("test_clienthello_md5.py"),
 
     # Tests expect an illegal_parameter or a decode_error alert.  Should be
     # added to ssl3_get_client_key_exchange on kex function failure.
-    Test("test-ecdhe-rsa-key-exchange-with-bad-messages.py"),
+    Test("test_ecdhe_rsa_key_exchange_with_bad_messages.py"),
 
     # We send a handshake_failure due to no shared ciphers while the
     # test expects to succeed.
-    Test("test-ecdhe-rsa-key-exchange.py"),
+    Test("test_ecdhe_rsa_key_exchange.py"),
 
     # no shared cipher
-    Test("test-ecdsa-sig-flexibility.py"),
+    Test("test_ecdsa_sig_flexibility.py"),
 
     # Tests expect SH but we send unexpected_message or handshake_failure
     #   'Application data inside Client Hello'
     #   'Application data inside Client Key Exchange'
     #   'Application data inside Finished'
-    Test("test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py"),
+    Test("test_interleaved_application_data_and_fragmented_handshakes_in_renegotiation.py"),
     # Tests expect SH but we send handshake_failure
     #   'Application data before Change Cipher Spec'
     #   'Application data before Client Key Exchange'
     #   'Application data before Finished'
-    Test("test-interleaved-application-data-in-renegotiation.py"),
+    Test("test_interleaved_application_data_in_renegotiation.py"),
 
     # broken test script
     # TypeError: '<' not supported between instances of 'int' and 'NoneType'
-    Test("test-invalid-client-hello-w-record-overflow.py"),
+    Test("test_invalid_client_hello_w_record_overflow.py"),
 
     # Lots of failures. abrupt closure
-    Test("test-invalid-client-hello.py"),
+    Test("test_invalid_client_hello.py"),
 
     # abrupt closure
     # 'encrypted premaster set to all zero (n)' n in 256 384 512
-    Test("test-invalid-rsa-key-exchange-messages.py"),
+    Test("test_invalid_rsa_key_exchange_messages.py"),
 
     # test expects illegal_parameter, we send unrecognized_name (which seems
     # correct according to rfc 6066?)
-    Test("test-invalid-server-name-extension-resumption.py"),
+    Test("test_invalid_server_name_extension_resumption.py"),
     # let through some server names without sending an alert
     # again illegal_parameter vs unrecognized_name
-    Test("test-invalid-server-name-extension.py"),
+    Test("test_invalid_server_name_extension.py"),
 
     # 4 failures:
     #   'insecure (legacy) renegotiation with GET after 2nd handshake'
     #   'insecure (legacy) renegotiation with incomplete GET'
     #   'secure renegotiation with GET after 2nd handshake'
     #   'secure renegotiation with incomplete GET'
-    Test("test-legacy-renegotiation.py"),
+    Test("test_legacy_renegotiation.py"),
 
     # 1 failure (timeout): we don't send the unexpected_message alert
     # 'duplicate change cipher spec after Finished'
-    Test("test-message-duplication.py"),
+    Test("test_message_duplication.py"),
 
     # server should send status_request
-    Test("test-ocsp-stapling.py"),
+    Test("test_ocsp_stapling.py"),
 
     # unexpected closure
-    Test("test-openssl-3712.py"),
+    Test("test_openssl_3712.py"),
 
     # failed: 3 (expect an alert, we send AD)
     # 'try insecure (legacy) renegotiation with incomplete GET'
     # 'try secure renegotiation with GET after 2nd CH'
     # 'try secure renegotiation with incomplete GET'
-    Test("test-renegotiation-disabled.py"),
+    Test("test_renegotiation_disabled.py"),
 
     # 'resumption of safe session with NULL cipher'
     # 'resumption with cipher from old CH but not selected by server'
-    Test("test-resumption-with-wrong-ciphers.py"),
+    Test("test_resumption_with_wrong_ciphers.py"),
 
     # 'session resumption with empty session_id'
     # 'session resumption with random session_id'
     # 'session resumption with renegotiation'
     # AssertionError: Server did not send extension(s): session_ticket
-    Test("test-session-ticket-resumption.py"),
+    Test("test_session_ticket_resumption.py"),
 
     # 5 failures:
     #   'empty sigalgs'
@@ -572,7 +572,7 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
     #   'rsa_pss_pss_sha256 only'
     #   'rsa_pss_pss_sha384 only'
     #   'rsa_pss_pss_sha512 only'
-    Test("test-sig-algs.py"),
+    Test("test_sig_algs.py"),
 
     # 13 failures:
     #   'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744
@@ -581,51 +581,51 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
     #   'tolerance 32758 methods with sig_alg_cert'
     #   'tolerance max 32744 number of methods with sig_alg_cert'
     #   'tolerance max (32760) number of methods'
-    Test("test-signature-algorithms.py"),
+    Test("test_signature_algorithms.py"),
 
     # times out
-    Test("test-ssl-death-alert.py"),
+    Test("test_ssl_death_alert.py"),
 
     # 17 pass, 13 fail. padding and truncation
-    Test("test-truncating-of-client-hello.py"),
+    Test("test_truncating_of_client_hello.py"),
 
     # x448 tests need disabling plus x25519 corner cases need sorting out
-    Test("test-x25519.py"),
+    Test("test_x25519.py"),
 
     # Needs TLS 1.0 or 1.1
-    Test("test-TLSv1_2-rejected-without-TLSv1_2.py"),
+    Test("test_TLSv1_2_rejected_without_TLSv1_2.py"),
 ])
 
 tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [
     # protocol_version
-    Test("test-SSLv3-padding.py"),
+    Test("test_SSLv3_padding.py"),
     # we don't do RSA key exchanges
-    Test("test-bleichenbacher-timing.py"),
+    Test("test_bleichenbacher_timing.py"),
     # no encrypt-then-mac
-    Test("test-encrypt-then-mac-renegotiation.py"),
-    Test("test-encrypt-then-mac.py"),
+    Test("test_encrypt_then_mac_renegotiation.py"),
+    Test("test_encrypt_then_mac.py"),
     # no EME support
-    Test("test-extended-master-secret-extension-with-client-cert.py"),
-    Test("test-extended-master-secret-extension.py"),
+    Test("test_extended_master_secret_extension_with_client_cert.py"),
+    Test("test_extended_master_secret_extension.py"),
     # no ffdhe
-    Test("test-ffdhe-expected-params.py"),
-    Test("test-ffdhe-negotiation.py"),
+    Test("test_ffdhe_expected_params.py"),
+    Test("test_ffdhe_negotiation.py"),
     # record_size_limit/max_fragment_length extension (RFC 8449)
-    Test("test-record-size-limit.py"),
+    Test("test_record_size_limit.py"),
     # expects the server to send the heartbeat extension
-    Test("test-heartbeat.py"),
+    Test("test_heartbeat.py"),
     # needs an echo server
-    Test("test-lengths.py"),
+    Test("test_lengths.py"),
 ])
 
 # These tests take a ton of time to fail against an 1.3 server,
 # so don't run them against 1.3 pending further investigation.
 legacy_tests = TestGroup("Legacy protocol tests", [
-    Test("test-sslv2-force-cipher-3des.py"),
-    Test("test-sslv2-force-cipher-non3des.py"),
-    Test("test-sslv2-force-cipher.py"),
-    Test("test-sslv2-force-export-cipher.py"),
-    Test("test-sslv2hello-protocol.py"),
+    Test("test_sslv2_force_cipher_3des.py"),
+    Test("test_sslv2_force_cipher_non3des.py"),
+    Test("test_sslv2_force_cipher.py"),
+    Test("test_sslv2_force_export_cipher.py"),
+    Test("test_sslv2hello_protocol.py"),
 ])
 
 all_groups = [