19 files changed, 888 insertions, 227 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 732fdc71e7..a511cb4db3 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -27,6 +27,30 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
 
+<section><title>SSL 9.2.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    The timeout for a passive receive was sometimes not
+	    cancelled and later caused a server crash. This bug has
+	    now been corrected.</p>
+          <p>
+	    Own Id: OTP-14701 Aux Id: ERL-883, ERL-884 </p>
+        </item>
+        <item>
+          <p>
+	    Add tag for passive message (active N) in cb_info to
+	    retain transport transparency.</p>
+          <p>
+	    Own Id: OTP-15679 Aux Id: ERL-861 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>SSL 9.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index b145aac6ab..37bf9033a1 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -101,16 +101,21 @@
     <datatype>
       <name name="transport_option"/>
       <desc>
-	<p>Defaults to <c>{gen_tcp, tcp, tcp_closed, tcp_error}</c>
-	for TLS and <c>{gen_udp, udp, udp_closed, udp_error}</c> for
-	DTLS. Can be used to customize the transport layer. The tag
-	values should be the values used by the underlying transport
-	in its active mode messages. For TLS the callback module must implement a
-	reliable transport protocol, behave as <c>gen_tcp</c>, and have functions
-	corresponding to <c>inet:setopts/2</c>, <c>inet:getopts/2</c>,
-	<c>inet:peername/1</c>, <c>inet:sockname/1</c>, and <c>inet:port/1</c>.
-	The callback <c>gen_tcp</c> is treated specially and calls <c>inet</c>
-	directly. For DTLS this feature must be considered exprimental.
+	<p>Defaults to <c>{gen_tcp, tcp, tcp_closed, tcp_error,
+	tcp_passive}</c> for TLS (for backward compatibility a four
+	tuple will be converted to a five tuple with the last element
+	"second_element"_passive) and <c>{gen_udp, udp, udp_closed,
+	udp_error}</c> for DTLS (might also be changed to five tuple in
+	the future). Can be used to customize the transport layer. The
+	tag values should be the values used by the underlying
+	transport in its active mode messages. For TLS the callback
+	module must implement a reliable transport protocol, behave as
+	<c>gen_tcp</c>, and have functions corresponding to
+	<c>inet:setopts/2</c>, <c>inet:getopts/2</c>,
+	<c>inet:peername/1</c>, <c>inet:sockname/1</c>, and
+	<c>inet:port/1</c>.  The callback <c>gen_tcp</c> is treated
+	specially and calls <c>inet</c> directly. For DTLS this
+	feature must be considered exprimental.
 	</p>
       </desc>
     </datatype>
@@ -1658,17 +1663,6 @@ fun(srp, Username :: string(), UserState :: term()) ->
     </func>
 
     <func>
-      <name since="OTP 22.0">set_log_level(Level) -> ok | {error, Reason}</name>
-      <fsummary>Sets log level for the SSL application.</fsummary>
-      <type>
-        <v>Level = atom()</v>
-      </type>
-      <desc>
-        <p>Sets log level for the SSL application.</p>
-      </desc>
-    </func>
-
-    <func>
       <name since="OTP R14B">shutdown(SslSocket, How) -> ok | {error, Reason}</name>
       <fsummary>Immediately closes a socket.</fsummary>
       <type>
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 5a2d31ffc2..bfa349c8d8 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -55,8 +55,7 @@
          format_error/1, renegotiate/1, prf/5, negotiated_protocol/1, 
 	 connection_information/1, connection_information/2]).
 %% Misc
--export([handle_options/2, tls_version/1, new_ssl_options/3, suite_to_str/1,
-         set_log_level/1]).
+-export([handle_options/2, tls_version/1, new_ssl_options/3, suite_to_str/1]).
 
 -deprecated({ssl_accept, 1, eventually}).
 -deprecated({ssl_accept, 2, eventually}).
@@ -96,7 +95,9 @@
 -type active_msgs()              :: {ssl, sslsocket(), Data::binary() | list()} | {ssl_closed, sslsocket()} |
                                     {ssl_error, sslsocket(), Reason::term()} | {ssl_passive, sslsocket()}.
 -type transport_option()         :: {cb_info, {CallbackModule::atom(), DataTag::atom(),
-				       ClosedTag::atom(), ErrTag::atom()}}.
+                                               ClosedTag::atom(), ErrTag::atom()}} |  
+                                    {cb_info, {CallbackModule::atom(), DataTag::atom(),
+                                               ClosedTag::atom(), ErrTag::atom(), PassiveTag::atom()}}.
 -type host()                     :: hostname() | ip_address().
 -type hostname()                 :: string().
 -type ip_address()               :: inet:ip_address().
@@ -422,9 +423,9 @@ connect(Socket, SslOptions) when is_port(Socket) ->
 	      timeout() | list()) ->
 		     {ok, #sslsocket{}} | {error, reason()}.
 connect(Socket, SslOptions0, Timeout) when is_port(Socket),
-					    (is_integer(Timeout) andalso Timeout >= 0) or (Timeout == infinity) ->
-    {Transport,_,_,_} = proplists:get_value(cb_info, SslOptions0,
-					      {gen_tcp, tcp, tcp_closed, tcp_error}),
+                                           (is_integer(Timeout) andalso Timeout >= 0) or (Timeout == infinity) ->
+    CbInfo = handle_option(cb_info, SslOptions0, default_cb_info(tls)),
+    Transport = element(1, CbInfo),
     EmulatedOptions = tls_socket:emulated_options(),
     {ok, SocketValues} = tls_socket:getopts(Transport, Socket, EmulatedOptions),
     try handle_options(SslOptions0 ++ SocketValues, client) of
@@ -572,8 +573,8 @@ handshake(#sslsocket{pid = [Pid|_], fd = {_, _, _}} = Socket, SslOpts, Timeout)
     end;
 handshake(Socket, SslOptions, Timeout) when is_port(Socket),
                                             (is_integer(Timeout) andalso Timeout >= 0) or (Timeout == infinity) ->
-    {Transport,_,_,_} =
-	proplists:get_value(cb_info, SslOptions, {gen_tcp, tcp, tcp_closed, tcp_error}),
+    CbInfo = handle_option(cb_info, SslOptions, default_cb_info(tls)),
+    Transport = element(1, CbInfo),
     EmulatedOptions = tls_socket:emulated_options(),
     {ok, SocketValues} = tls_socket:getopts(Transport, Socket, EmulatedOptions),
     ConnetionCb = connection_cb(SslOptions),
@@ -625,7 +626,7 @@ close(#sslsocket{pid = [Pid|_]}) when is_pid(Pid) ->
     ssl_connection:close(Pid, {close, ?DEFAULT_TIMEOUT});
 close(#sslsocket{pid = {dtls, #config{dtls_handler = {Pid, _}}}}) ->
    dtls_packet_demux:close(Pid);
-close(#sslsocket{pid = {ListenSocket, #config{transport_info={Transport,_, _, _}}}}) ->
+close(#sslsocket{pid = {ListenSocket, #config{transport_info={Transport,_,_,_,_}}}}) ->
     Transport:close(ListenSocket).
 
 %%--------------------------------------------------------------------
@@ -641,7 +642,7 @@ close(#sslsocket{pid = [TLSPid|_]},
 close(#sslsocket{pid = [TLSPid|_]}, Timeout) when is_pid(TLSPid),
 					      (is_integer(Timeout) andalso Timeout >= 0) or (Timeout == infinity) ->
     ssl_connection:close(TLSPid, {close, Timeout});
-close(#sslsocket{pid = {ListenSocket, #config{transport_info={Transport,_, _, _}}}}, _) ->
+close(#sslsocket{pid = {ListenSocket, #config{transport_info={Transport,_,_,_,_}}}}, _) ->
     Transport:close(ListenSocket).
 
 %%--------------------------------------------------------------------
@@ -657,7 +658,8 @@ send(#sslsocket{pid = {_, #config{transport_info={_, udp, _, _}}}}, _) ->
     {error,enotconn}; %% Emulate connection behaviour
 send(#sslsocket{pid = {dtls,_}}, _) ->
     {error,enotconn};  %% Emulate connection behaviour
-send(#sslsocket{pid = {ListenSocket, #config{transport_info={Transport, _, _, _}}}}, Data) ->
+send(#sslsocket{pid = {ListenSocket, #config{transport_info = Info}}}, Data) ->
+    Transport = element(1, Info),
     Transport:send(ListenSocket, Data). %% {error,enotconn}
 
 %%--------------------------------------------------------------------
@@ -675,7 +677,8 @@ recv(#sslsocket{pid = [Pid|_]}, Length, Timeout) when is_pid(Pid),
 recv(#sslsocket{pid = {dtls,_}}, _, _) ->
     {error,enotconn};
 recv(#sslsocket{pid = {Listen,
-		       #config{transport_info = {Transport, _, _, _}}}}, _,_) when is_port(Listen)->
+		       #config{transport_info = Info}}},_,_) when is_port(Listen)->
+    Transport = element(1, Info),
     Transport:recv(Listen, 0). %% {error,enotconn}
 
 %%--------------------------------------------------------------------
@@ -690,7 +693,7 @@ controlling_process(#sslsocket{pid = {dtls, _}},
 		    NewOwner) when is_pid(NewOwner) ->
     ok; %% Meaningless but let it be allowed to conform with TLS 
 controlling_process(#sslsocket{pid = {Listen,
-				      #config{transport_info = {Transport, _, _, _}}}},
+				      #config{transport_info = {Transport,_,_,_,_}}}},
 		    NewOwner) when is_port(Listen),
 				   is_pid(NewOwner) ->
      %% Meaningless but let it be allowed to conform with normal sockets  
@@ -733,13 +736,13 @@ connection_information(#sslsocket{pid = [Pid|_]}, Items) when is_pid(Pid) ->
 %%
 %% Description: same as inet:peername/1.
 %%--------------------------------------------------------------------
-peername(#sslsocket{pid = [Pid|_], fd = {Transport, Socket, _}}) when is_pid(Pid)->
+peername(#sslsocket{pid = [Pid|_], fd = {Transport, Socket,_}}) when is_pid(Pid)->
     dtls_socket:peername(Transport, Socket);
-peername(#sslsocket{pid = [Pid|_], fd = {Transport, Socket, _, _}}) when is_pid(Pid)->
+peername(#sslsocket{pid = [Pid|_], fd = {Transport, Socket,_,_}}) when is_pid(Pid)->
     tls_socket:peername(Transport, Socket);
-peername(#sslsocket{pid = {dtls, #config{dtls_handler = {_Pid, _}}}}) ->
+peername(#sslsocket{pid = {dtls, #config{dtls_handler = {_Pid,_}}}}) ->
     dtls_socket:peername(dtls, undefined);
-peername(#sslsocket{pid = {ListenSocket,  #config{transport_info = {Transport,_,_,_}}}}) ->
+peername(#sslsocket{pid = {ListenSocket,  #config{transport_info = {Transport,_,_,_,_}}}}) ->
     tls_socket:peername(Transport, ListenSocket); %% Will return {error, enotconn}
 peername(#sslsocket{pid = {dtls,_}}) ->
     {error,enotconn}.
@@ -931,7 +934,7 @@ getopts(#sslsocket{pid = {dtls, #config{transport_info = {Transport,_,_,_}}}} =
 	_:Error ->
 	    {error, {options, {socket_options, OptionTags, Error}}}
     end;
-getopts(#sslsocket{pid = {_,  #config{transport_info = {Transport,_,_,_}}}} = ListenSocket,
+getopts(#sslsocket{pid = {_,  #config{transport_info = {Transport,_,_,_,_}}}} = ListenSocket,
 	OptionTags) when is_list(OptionTags) ->
     try tls_socket:getopts(Transport, ListenSocket, OptionTags) of
 	{ok, _} = Result ->
@@ -988,7 +991,7 @@ setopts(#sslsocket{pid = {dtls, #config{transport_info = {Transport,_,_,_}}}} =
 	_:Error ->
 	    {error, {options, {socket_options, Options, Error}}}
     end;
-setopts(#sslsocket{pid = {_, #config{transport_info = {Transport,_,_,_}}}} = ListenSocket, Options) when is_list(Options) ->
+setopts(#sslsocket{pid = {_, #config{transport_info = {Transport,_,_,_,_}}}} = ListenSocket, Options) when is_list(Options) ->
     try tls_socket:setopts(Transport, ListenSocket, Options) of
 	ok ->
 	    ok;
@@ -1032,8 +1035,9 @@ getstat(#sslsocket{pid = [Pid|_], fd = {Transport, Socket, _, _}}, Options) when
 %%
 %% Description: Same as gen_tcp:shutdown/2
 %%--------------------------------------------------------------------
-shutdown(#sslsocket{pid = {Listen, #config{transport_info = {Transport,_, _, _}}}},
+shutdown(#sslsocket{pid = {Listen, #config{transport_info = Info}}},
 	 How) when is_port(Listen) ->
+    Transport = element(1, Info),
     Transport:shutdown(Listen, How);
 shutdown(#sslsocket{pid = {dtls,_}},_) ->
     {error, enotconn};
@@ -1045,13 +1049,13 @@ shutdown(#sslsocket{pid = [Pid|_]}, How) when is_pid(Pid) ->
 %%
 %% Description: Same as inet:sockname/1
 %%--------------------------------------------------------------------
-sockname(#sslsocket{pid = {Listen,  #config{transport_info = {Transport, _, _, _}}}}) when is_port(Listen) ->
+sockname(#sslsocket{pid = {Listen,  #config{transport_info = {Transport,_,_,_,_}}}}) when is_port(Listen) ->
     tls_socket:sockname(Transport, Listen);
 sockname(#sslsocket{pid = {dtls, #config{dtls_handler = {Pid, _}}}}) ->
     dtls_packet_demux:sockname(Pid);
-sockname(#sslsocket{pid = [Pid|_], fd = {Transport, Socket, _}}) when is_pid(Pid) ->
+sockname(#sslsocket{pid = [Pid|_], fd = {Transport, Socket,_}}) when is_pid(Pid) ->
     dtls_socket:sockname(Transport, Socket);
-sockname(#sslsocket{pid = [Pid| _], fd = {Transport, Socket, _, _}}) when is_pid(Pid) ->
+sockname(#sslsocket{pid = [Pid| _], fd = {Transport, Socket,_,_}}) when is_pid(Pid) ->
     tls_socket:sockname(Transport, Socket).
 
 %%---------------------------------------------------------------
@@ -1167,32 +1171,6 @@ suite_to_str(Cipher) ->
     ssl_cipher_format:suite_to_str(Cipher).
 
 
-%%--------------------------------------------------------------------
--spec set_log_level(atom()) -> ok | {error, term()}.
-%%
-%% Description: Set log level for the SSL application
-%%--------------------------------------------------------------------
-set_log_level(Level) ->
-    case application:get_all_key(ssl) of
-        {ok, PropList} ->
-            Modules = proplists:get_value(modules, PropList),
-            set_module_level(Modules, Level);
-        undefined ->
-            {error, ssl_not_started}
-    end.
-
-set_module_level(Modules, Level) ->
-    Fun = fun (Module) ->
-                  ok = logger:set_module_level(Module, Level)
-          end,
-    try lists:map(Fun, Modules) of
-        _ ->
-            ok
-    catch
-        error:{badmatch, Error} ->
-            Error
-    end.
-
 %%%--------------------------------------------------------------
 %%% Internal functions
 %%%--------------------------------------------------------------------
@@ -1211,7 +1189,7 @@ supported_suites(all, Version) ->
 supported_suites(anonymous, Version) -> 
     ssl_cipher:anonymous_suites(Version).
 
-do_listen(Port, #config{transport_info = {Transport, _, _, _}} = Config, tls_connection) ->
+do_listen(Port, #config{transport_info = {Transport, _, _, _,_}} = Config, tls_connection) ->
     tls_socket:listen(Transport, Port, Config);
 
 do_listen(Port,  Config, dtls_connection) ->
@@ -1381,7 +1359,7 @@ handle_options(Opts0, Role, Host) ->
                    log_level = handle_option(log_level, Opts, LogLevel)
                   },
 
-    CbInfo  = proplists:get_value(cb_info, Opts, default_cb_info(Protocol)),
+    CbInfo  = handle_option(cb_info, Opts, default_cb_info(Protocol)),
     SslOptions = [protocol, versions, verify, verify_fun, partial_chain,
 		  fail_if_no_peer_cert, verify_client_once,
 		  depth, cert, certfile, key, keyfile,
@@ -1425,6 +1403,10 @@ handle_option(sni_fun, Opts, Default) ->
         _ ->
             throw({error, {conflict_options, [sni_fun, sni_hosts]}})
     end;
+handle_option(cb_info, Opts, Default) ->
+    CbInfo = proplists:get_value(cb_info, Opts, Default),
+    true = validate_option(cb_info, CbInfo),
+    handle_cb_info(CbInfo, Default);
 handle_option(OptionName, Opts, Default) ->
     validate_option(OptionName,
 		    proplists:get_value(OptionName, Opts, Default)).
@@ -1659,9 +1641,29 @@ validate_option(handshake, full = Value) ->
     Value;
 validate_option(customize_hostname_check, Value) when is_list(Value) ->
     Value;
+validate_option(cb_info, {V1, V2, V3, V4}) when is_atom(V1),
+                                                is_atom(V2),
+                                                is_atom(V3),
+                                                is_atom(V4)
+                                                ->
+    true;
+validate_option(cb_info, {V1, V2, V3, V4, V5}) when is_atom(V1),
+                                                    is_atom(V2),
+                                                    is_atom(V3),
+                                                    is_atom(V4),
+                                                    is_atom(V5)
+                                                ->
+    true;
+validate_option(cb_info, _) ->
+    false;
 validate_option(Opt, Value) ->
     throw({error, {options, {Opt, Value}}}).
 
+handle_cb_info({V1, V2, V3, V4}, {_,_,_,_,_}) ->
+    {V1,V2,V3,V4, list_to_atom(atom_to_list(V2) ++ "passive")};
+handle_cb_info(CbInfo, _) ->
+    CbInfo.
+
 handle_hashsigns_option(Value, Version) when is_list(Value)
                                              andalso Version >= {3, 4} ->
     case tls_v1:signature_schemes(Version, Value) of
@@ -2132,7 +2134,7 @@ default_option_role(_,_,_) ->
 
 
 default_cb_info(tls) ->
-    {gen_tcp, tcp, tcp_closed, tcp_error};
+    {gen_tcp, tcp, tcp_closed, tcp_error, tcp_passive};
 default_cb_info(dtls) ->
     {gen_udp, udp, udp_closed, udp_error}.
 
diff --git a/lib/ssl/src/ssl_alert.erl b/lib/ssl/src/ssl_alert.erl
index e17476f33b..06b1b005a5 100644
--- a/lib/ssl/src/ssl_alert.erl
+++ b/lib/ssl/src/ssl_alert.erl
@@ -161,6 +161,8 @@ description_txt(?INSUFFICIENT_SECURITY) ->
     "Insufficient Security";
 description_txt(?INTERNAL_ERROR) ->
     "Internal Error";
+description_txt(?INAPPROPRIATE_FALLBACK) ->
+    "Inappropriate Fallback";
 description_txt(?USER_CANCELED) ->
     "User Canceled";
 description_txt(?NO_RENEGOTIATION) ->
@@ -179,8 +181,6 @@ description_txt(?BAD_CERTIFICATE_HASH_VALUE) ->
     "Bad Certificate Hash Value";
 description_txt(?UNKNOWN_PSK_IDENTITY) ->
     "Unknown Psk Identity";
-description_txt(?INAPPROPRIATE_FALLBACK) ->
-    "Inappropriate Fallback";
 description_txt(?CERTIFICATE_REQUIRED) ->
     "Certificate required";
 description_txt(?NO_APPLICATION_PROTOCOL) ->
@@ -232,10 +232,14 @@ description_atom(?INSUFFICIENT_SECURITY) ->
     insufficient_security;
 description_atom(?INTERNAL_ERROR) ->
     internal_error;
+description_atom(?INAPPROPRIATE_FALLBACK) ->
+    inappropriate_fallback;
 description_atom(?USER_CANCELED) ->
     user_canceled;
 description_atom(?NO_RENEGOTIATION) ->
     no_renegotiation;
+description_atom(?MISSING_EXTENSION) ->
+    missing_extension;
 description_atom(?UNSUPPORTED_EXTENSION) ->
     unsupported_extension;
 description_atom(?CERTIFICATE_UNOBTAINABLE) ->
@@ -248,9 +252,9 @@ description_atom(?BAD_CERTIFICATE_HASH_VALUE) ->
     bad_certificate_hash_value;
 description_atom(?UNKNOWN_PSK_IDENTITY) ->
     unknown_psk_identity;
-description_atom(?INAPPROPRIATE_FALLBACK) ->
-    inappropriate_fallback;
+description_atom(?CERTIFICATE_REQUIRED) ->
+    certificate_required;
 description_atom(?NO_APPLICATION_PROTOCOL) ->
     no_application_protocol;
 description_atom(_) ->
-    'unsupported/unkonwn_alert'.
+    'unsupported/unknown_alert'.
diff --git a/lib/ssl/src/ssl_app.erl b/lib/ssl/src/ssl_app.erl
index 2a5047c75c..9e6d676bef 100644
--- a/lib/ssl/src/ssl_app.erl
+++ b/lib/ssl/src/ssl_app.erl
@@ -44,11 +44,11 @@ start_logger() ->
                formatter => {ssl_logger, #{}}},
     Filter = {fun logger_filters:domain/2,{log,sub,[otp,ssl]}},
     logger:add_handler(ssl_handler, logger_std_h, Config),
-    logger:add_handler_filter(ssl_handler, filter_non_ssl, Filter).
+    logger:add_handler_filter(ssl_handler, filter_non_ssl, Filter),
+    logger:set_application_level(ssl, debug).
 
 %%
 %% Description: Stop SSL logger
 stop_logger() ->
+    logger:unset_application_level(ssl),
     logger:remove_handler(ssl_handler).
-
-
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 6e751f9ceb..fe8736d2df 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -45,7 +45,7 @@
 	 random_bytes/1, calc_mac_hash/4, calc_mac_hash/6,
          is_stream_ciphersuite/1, signature_scheme/1,
          scheme_to_components/1, hash_size/1, effective_key_bits/1,
-         key_material/1]).
+         key_material/1, signature_algorithm_to_scheme/1]).
 
 %% RFC 8446 TLS 1.3
 -export([generate_client_shares/1, generate_server_share/1, add_zero_padding/2]).
@@ -900,6 +900,18 @@ scheme_to_components(rsa_pss_pss_sha512) -> {sha512, rsa_pss_pss, undefined};
 scheme_to_components(rsa_pkcs1_sha1) -> {sha1, rsa_pkcs1, undefined};
 scheme_to_components(ecdsa_sha1) -> {sha1, ecdsa, undefined}.
 
+
+%% TODO: Add support for EC and RSA-SSA signatures
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha1WithRSAEncryption}) ->
+    rsa_pkcs1_sha1;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha256WithRSAEncryption}) ->
+    rsa_pkcs1_sha256;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha384WithRSAEncryption}) ->
+    rsa_pkcs1_sha384;
+signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha512WithRSAEncryption}) ->
+    rsa_pkcs1_sha512.
+
+
 %% RFC 5246: 6.2.3.2.  CBC Block Cipher
 %%
 %%   Implementation note: Canvel et al. [CBCTIME] have demonstrated a
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index e5b01cce5f..1e97fe046b 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -385,7 +385,8 @@ handle_alert(#alert{level = ?FATAL} = Alert, StateName,
     log_alert(SslOpts#ssl_options.log_level, Role, Connection:protocol_name(), 
               StateName, Alert#alert{role = opposite_role(Role)}),
     Pids = Connection:pids(State),
-    alert_user(Pids, Transport, Tracker, Socket, StateName, Opts, Pid, From, Alert, Role, Connection),
+    alert_user(Pids, Transport, Tracker, Socket, StateName, Opts, Pid, From, Alert,
+               opposite_role(Role), Connection),
     {stop, {shutdown, normal}, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?CLOSE_NOTIFY} = Alert, 
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index 201164949a..ff7207a8ce 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -40,6 +40,7 @@
                      data_tag              :: atom(),   % ex tcp.
                      close_tag             :: atom(),   % ex tcp_closed
                      error_tag             :: atom(),   % ex tcp_error
+                     passive_tag           :: atom(),   % ex tcp_passive
                      host                  :: string() | inet:ip_address(),
                      port                  :: integer(),
                      socket                :: port() | tuple(), %% TODO: dtls socket
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 260f603e90..6c95a7edf8 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -79,7 +79,10 @@
 	 select_hashsign_algs/3, empty_extensions/2, add_server_share/3
 	]).
 
--export([get_cert_params/1]).
+-export([get_cert_params/1,
+         server_name/3,
+         validation_fun_and_state/9,
+         handle_path_validation_error/7]).
 
 %%====================================================================
 %% Create handshake messages 
diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl
index d4233bea9b..b248edcaa9 100644
--- a/lib/ssl/src/ssl_handshake.hrl
+++ b/lib/ssl/src/ssl_handshake.hrl
@@ -47,7 +47,9 @@
 	  srp_username,
 	  is_resumable,
 	  time_stamp,
-	  ecc
+	  ecc,                   %% TLS 1.3 Group
+	  sign_alg,              %% TLS 1.3 Signature Algorithm
+	  dh_public_value        %% TLS 1.3 DH Public Value from peer
 	  }).
 
 -define(NUM_OF_SESSION_ID_BYTES, 32).  % TSL 1.1 & SSL 3
diff --git a/lib/ssl/src/ssl_logger.erl b/lib/ssl/src/ssl_logger.erl
index b82b3937a1..f497315235 100644
--- a/lib/ssl/src/ssl_logger.erl
+++ b/lib/ssl/src/ssl_logger.erl
@@ -181,6 +181,11 @@ parse_handshake(Direction, #hello_request{} = HelloRequest) ->
                            [header_prefix(Direction)]),
     Message = io_lib:format("~p", [?rec_info(hello_request, HelloRequest)]),
     {Header, Message};
+parse_handshake(Direction, #certificate_request_1_3{} = CertificateRequest) ->
+    Header = io_lib:format("~s Handshake, CertificateRequest",
+                           [header_prefix(Direction)]),
+    Message = io_lib:format("~p", [?rec_info(certificate_request_1_3, CertificateRequest)]),
+    {Header, Message};
 parse_handshake(Direction, #certificate_1_3{} = Certificate) ->
     Header = io_lib:format("~s Handshake, Certificate",
                            [header_prefix(Direction)]),
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 8eb9e56375..fde73cdef1 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -98,7 +98,7 @@
 %% Setup
 %%====================================================================
 start_fsm(Role, Host, Port, Socket, {#ssl_options{erl_dist = false},_, Tracker} = Opts,
-	  User, {CbModule, _,_, _} = CbInfo, 
+	  User, {CbModule, _,_, _, _} = CbInfo, 
 	  Timeout) -> 
     try 
         {ok, Sender} = tls_sender:start(),
@@ -112,7 +112,7 @@ start_fsm(Role, Host, Port, Socket, {#ssl_options{erl_dist = false},_, Tracker}
     end;
 
 start_fsm(Role, Host, Port, Socket, {#ssl_options{erl_dist = true},_, Tracker} = Opts,
-	  User, {CbModule, _,_, _} = CbInfo, 
+	  User, {CbModule, _,_, _, _} = CbInfo, 
 	  Timeout) -> 
     try 
         {ok, Sender} = tls_sender:start([{spawn_opt, ?DIST_CNTRL_SPAWN_OPTS}]),
@@ -251,13 +251,28 @@ next_event(StateName, Record, State, Actions) ->
 
 
 %%% TLS record protocol level application data messages 
-
-handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName0, State0) ->
+handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName, 
+                       #state{start_or_recv_from = From,
+                              socket_options = #socket_options{active = false}} = State0) when From =/= undefined ->
+    case ssl_connection:read_application_data(Data, State0) of
+       {stop, _, _} = Stop->
+            Stop;
+       {Record, #state{start_or_recv_from = Caller} = State1} ->
+            TimerAction = case Caller of
+                              undefined -> %% Passive recv complete cancel timer
+                                  [{{timeout, recv}, infinity, timeout}];
+                              _ ->
+                                  []
+                          end,
+            {next_state, StateName, State, Actions} = next_event(StateName, Record, State1, TimerAction), 
+            ssl_connection:hibernate_after(StateName, State, Actions)
+    end;
+handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName, State0) ->
     case ssl_connection:read_application_data(Data, State0) of
 	{stop, _, _} = Stop->
             Stop;
 	{Record, State1} ->
-            case next_event(StateName0, Record, State1) of
+            case next_event(StateName, Record, State1) of
                 {next_state, StateName, State, Actions} ->
                     ssl_connection:hibernate_after(StateName, State, Actions);
                 {stop, _, _} = Stop ->
@@ -308,9 +323,7 @@ handle_protocol_record(#ssl_tls{type = ?ALERT, fragment = EncAlerts}, StateName,
 	    handle_alerts(Alerts,  {next_state, StateName, State});
 	[] ->
 	    ssl_connection:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, empty_alert), 
-					    Version, StateName, State);
-	#alert{} = Alert ->
-	    ssl_connection:handle_own_alert(Alert, Version, StateName, State)
+					    Version, StateName, State)
     catch
 	_:_ ->
 	    ssl_connection:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, alert_decode_error),
@@ -941,7 +954,7 @@ code_change(_OldVsn, StateName, State, _) ->
 %%% Internal functions
 %%--------------------------------------------------------------------
 initial_state(Role, Sender, Host, Port, Socket, {SSLOptions, SocketOptions, Tracker}, User,
-	      {CbModule, DataTag, CloseTag, ErrorTag}) ->
+	      {CbModule, DataTag, CloseTag, ErrorTag, PassiveTag}) ->
     #ssl_options{beast_mitigation = BeastMitigation,
                  erl_dist = IsErlDist} = SSLOptions,
     ConnectionStates = tls_record:init_connection_states(Role, BeastMitigation),
@@ -965,6 +978,7 @@ initial_state(Role, Sender, Host, Port, Socket, {SSLOptions, SocketOptions, Trac
                      data_tag = DataTag,
                      close_tag = CloseTag,
                      error_tag = ErrorTag,
+                     passive_tag = PassiveTag,
                      host = Host,
                      port = Port,
                      socket = Socket,
@@ -1061,8 +1075,9 @@ handle_info({Protocol, _, Data}, StateName,
 	    ssl_connection:handle_normal_shutdown(Alert, StateName, State0), 
 	    {stop, {shutdown, own_alert}, State0}
     end;
-handle_info({tcp_passive, Socket},  StateName, 
-            #state{static_env = #static_env{socket = Socket},
+handle_info({PassiveTag, Socket},  StateName, 
+            #state{static_env = #static_env{socket = Socket,
+                                            passive_tag = PassiveTag},
                    protocol_specific = PS
                   } = State) ->
     next_event(StateName, no_record, 
@@ -1135,6 +1150,7 @@ encode_handshake(Handshake, Version, ConnectionStates0, Hist0) ->
 encode_change_cipher(#change_cipher_spec{}, Version, ConnectionStates) ->
     tls_record:encode_change_cipher_spec(Version, ConnectionStates).
 
+-spec decode_alerts(binary()) -> list().
 decode_alerts(Bin) ->
     ssl_alert:decode(Bin).
 
diff --git a/lib/ssl/src/tls_connection_1_3.erl b/lib/ssl/src/tls_connection_1_3.erl
index 71ac6a9310..701a5860c2 100644
--- a/lib/ssl/src/tls_connection_1_3.erl
+++ b/lib/ssl/src/tls_connection_1_3.erl
@@ -110,51 +110,75 @@
 %% gen_statem helper functions
 -export([start/4,
          negotiated/4,
+         wait_cert/4,
+         wait_cv/4,
          wait_finished/4
         ]).
 
 
-start(internal,
-      #change_cipher_spec{} =  ChangeCipherSpec, State0, _Module) ->
-    case tls_handshake_1_3:do_start(ChangeCipherSpec, State0) of
-        #alert{} = Alert ->
-            ssl_connection:handle_own_alert(Alert, {3,4}, start, State0);
-        State1 ->
-            {Record, State} = tls_connection:next_record(State1),
-            tls_connection:next_event(?FUNCTION_NAME, Record, State)
-    end;
+start(internal, #change_cipher_spec{}, State0, _Module) ->
+    {Record, State} = tls_connection:next_record(State0),
+    tls_connection:next_event(?FUNCTION_NAME, Record, State);
 start(internal, #client_hello{} = Hello, State0, _Module) ->
     case tls_handshake_1_3:do_start(Hello, State0) of
         #alert{} = Alert ->
             ssl_connection:handle_own_alert(Alert, {3,4}, start, State0);
-        {State, _, start} ->
+        {State, start} ->
             {next_state, start, State, []};
-        {State, Context, negotiated} ->
-            {next_state, negotiated, State, [{next_event, internal, Context}]}
+        {State, negotiated} ->
+            {next_state, negotiated, State, [{next_event, internal, start_handshake}]}
     end;
 start(Type, Msg, State, Connection) ->
     ssl_connection:handle_common_event(Type, Msg, ?FUNCTION_NAME, State, Connection).
 
 
-negotiated(internal, Map, State0, _Module) ->
-    case tls_handshake_1_3:do_negotiated(Map, State0) of
+negotiated(internal, #change_cipher_spec{}, State0, _Module) ->
+    {Record, State} = tls_connection:next_record(State0),
+    tls_connection:next_event(?FUNCTION_NAME, Record, State);
+negotiated(internal, Message, State0, _Module) ->
+    case tls_handshake_1_3:do_negotiated(Message, State0) of
         #alert{} = Alert ->
             ssl_connection:handle_own_alert(Alert, {3,4}, negotiated, State0);
-        State ->
-            {next_state, wait_finished, State, []}
-
+        {State, NextState} ->
+            {next_state, NextState, State, []}
     end.
 
 
-wait_finished(internal,
-             #change_cipher_spec{} = ChangeCipherSpec, State0, _Module) ->
-    case tls_handshake_1_3:do_wait_finished(ChangeCipherSpec, State0) of
-        #alert{} = Alert ->
-            ssl_connection:handle_own_alert(Alert, {3,4}, wait_finished, State0);
-        State1 ->
+wait_cert(internal, #change_cipher_spec{}, State0, _Module) ->
+    {Record, State} = tls_connection:next_record(State0),
+    tls_connection:next_event(?FUNCTION_NAME, Record, State);
+wait_cert(internal,
+          #certificate_1_3{} = Certificate, State0, _Module) ->
+    case tls_handshake_1_3:do_wait_cert(Certificate, State0) of
+        {#alert{} = Alert, State} ->
+            ssl_connection:handle_own_alert(Alert, {3,4}, wait_cert, State);
+        {State1, NextState} ->
             {Record, State} = tls_connection:next_record(State1),
-            tls_connection:next_event(?FUNCTION_NAME, Record, State)
+            tls_connection:next_event(NextState, Record, State)
     end;
+wait_cert(Type, Msg, State, Connection) ->
+    ssl_connection:handle_common_event(Type, Msg, ?FUNCTION_NAME, State, Connection).
+
+
+wait_cv(internal, #change_cipher_spec{}, State0, _Module) ->
+    {Record, State} = tls_connection:next_record(State0),
+    tls_connection:next_event(?FUNCTION_NAME, Record, State);
+wait_cv(internal,
+          #certificate_verify_1_3{} = CertificateVerify, State0, _Module) ->
+    case tls_handshake_1_3:do_wait_cv(CertificateVerify, State0) of
+        {#alert{} = Alert, State} ->
+            ssl_connection:handle_own_alert(Alert, {3,4}, wait_cv, State);
+        {State1, NextState} ->
+            {Record, State} = tls_connection:next_record(State1),
+            tls_connection:next_event(NextState, Record, State)
+    end;
+wait_cv(Type, Msg, State, Connection) ->
+    ssl_connection:handle_common_event(Type, Msg, ?FUNCTION_NAME, State, Connection).
+
+
+wait_finished(internal, #change_cipher_spec{}, State0, _Module) ->
+    {Record, State} = tls_connection:next_record(State0),
+    tls_connection:next_event(?FUNCTION_NAME, Record, State);
 wait_finished(internal,
              #finished{} = Finished, State0, Module) ->
     case tls_handshake_1_3:do_wait_finished(Finished, State0) of
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index 3bc1290361..1e8b046c1e 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -44,6 +44,8 @@
 
 -export([do_start/2,
          do_negotiated/2,
+         do_wait_cert/2,
+         do_wait_cv/2,
          do_wait_finished/2]).
 
 %%====================================================================
@@ -87,6 +89,36 @@ encrypted_extensions() ->
       }.
 
 
+certificate_request(SignAlgs0, SignAlgsCert0) ->
+    %% Input arguments contain TLS 1.2 algorithms due to backward compatibility
+    %% reasons. These {Hash, Algo} tuples must be filtered before creating the
+    %% the extensions.
+    SignAlgs = filter_tls13_algs(SignAlgs0),
+    SignAlgsCert = filter_tls13_algs(SignAlgsCert0),
+    Extensions0 = add_signature_algorithms(#{}, SignAlgs),
+    Extensions = add_signature_algorithms_cert(Extensions0, SignAlgsCert),
+    #certificate_request_1_3{
+      certificate_request_context = <<>>,
+      extensions = Extensions}.
+
+
+add_signature_algorithms(Extensions, SignAlgs) ->
+    Extensions#{signature_algorithms =>
+                    #signature_algorithms{signature_scheme_list = SignAlgs}}.
+
+
+add_signature_algorithms_cert(Extensions, undefined) ->
+    Extensions;
+add_signature_algorithms_cert(Extensions, SignAlgsCert) ->
+    Extensions#{signature_algorithms_cert =>
+                    #signature_algorithms{signature_scheme_list = SignAlgsCert}}.
+
+
+filter_tls13_algs(undefined) -> undefined;
+filter_tls13_algs(Algo) ->
+    lists:filter(fun is_atom/1, Algo).
+
+
 %% TODO: use maybe monad for error handling!
 %% enum {
 %%     X509(0),
@@ -144,7 +176,7 @@ certificate_verify(PrivateKey, SignatureScheme,
 
     %% Digital signatures use the hash function defined by the selected signature
     %% scheme.
-    case digitally_sign(THash, <<"TLS 1.3, server CertificateVerify">>,
+    case sign(THash, <<"TLS 1.3, server CertificateVerify">>,
                         HashAlgo, PrivateKey) of
         {ok, Signature} ->
             {ok, #certificate_verify_1_3{
@@ -352,7 +384,7 @@ certificate_entry(DER) ->
 %%    79
 %%    00
 %%    0101010101010101010101010101010101010101010101010101010101010101
-digitally_sign(THash, Context, HashAlgo, PrivateKey) ->
+sign(THash, Context, HashAlgo, PrivateKey) ->
     Content = build_content(Context, THash),
 
     %% The length of the Salt MUST be equal to the length of the output
@@ -369,6 +401,23 @@ digitally_sign(THash, Context, HashAlgo, PrivateKey) ->
     end.
 
 
+verify(THash, Context, HashAlgo, Signature, PublicKey) ->
+    Content = build_content(Context, THash),
+
+    %% The length of the Salt MUST be equal to the length of the output
+    %% of the digest algorithm: rsa_pss_saltlen = -1
+    try public_key:verify(Content, HashAlgo, Signature, PublicKey,
+                    [{rsa_padding, rsa_pkcs1_pss_padding},
+                     {rsa_pss_saltlen, -1},
+                     {rsa_mgf1_md, HashAlgo}]) of
+        Result ->
+            {ok, Result}
+    catch
+        error:badarg ->
+            {error, badarg}
+    end.
+
+
 build_content(Context, THash) ->
     Prefix = binary:copy(<<32>>, 64),
     <<Prefix/binary,Context/binary,?BYTE(0),THash/binary>>.
@@ -379,36 +428,12 @@ build_content(Context, THash) ->
 %%====================================================================
 
 
-do_start(#change_cipher_spec{},
-              #state{connection_states = _ConnectionStates0,
-                     session = #session{session_id = _SessionId,
-                                        own_certificate = _OwnCert},
-                     ssl_options = #ssl_options{} = _SslOpts,
-                     key_share = _KeyShare,
-                     handshake_env = #handshake_env{tls_handshake_history = _HHistory0},
-                     static_env = #static_env{
-                                     cert_db = _CertDbHandle,
-                                     cert_db_ref = _CertDbRef,
-                                     socket = _Socket,
-                                     transport_cb = _Transport}
-                    } = State0) ->
-    %% {Ref,Maybe} = maybe(),
-
-    try
-
-        State0
-
-    catch
-        {_Ref, {state_not_implemented, State}} ->
-            ?ALERT_REC(?FATAL, ?INTERNAL_ERROR, {state_not_implemented, State})
-    end;
 do_start(#client_hello{cipher_suites = ClientCiphers,
                        session_id = SessionId,
                        extensions = Extensions} = _Hello,
          #state{connection_states = _ConnectionStates0,
                 ssl_options = #ssl_options{ciphers = ServerCiphers,
                                            signature_algs = ServerSignAlgs,
-                                           signature_algs_cert = _SignatureSchemes, %% TODO: check!
                                            supported_groups = ServerGroups0},
                 session = #session{own_certificate = Cert}} = State0) ->
 
@@ -454,7 +479,8 @@ do_start(#client_hello{cipher_suites = ClientCiphers,
         %% Generate server_share
         KeyShare = ssl_cipher:generate_server_share(Group),
 
-        State1 = update_start_state(State0, Cipher, KeyShare, SessionId),
+        State1 = update_start_state(State0, Cipher, KeyShare, SessionId,
+                                    Group, SelectedSignAlg, ClientPubKey),
 
         %% 4.1.4.  Hello Retry Request
         %%
@@ -462,14 +488,7 @@ do_start(#client_hello{cipher_suites = ClientCiphers,
         %% message if it is able to find an acceptable set of parameters but the
         %% ClientHello does not contain sufficient information to proceed with
         %% the handshake.
-        {State2, NextState} =
-            Maybe(send_hello_retry_request(State1, ClientPubKey, KeyShare, SessionId)),
-
-        %% TODO: Add Context to state?
-        Context = #{group => Group,
-                    sign_alg => SelectedSignAlg,
-                    client_share => ClientPubKey},
-        {State2, Context, NextState}
+        Maybe(send_hello_retry_request(State1, ClientPubKey, KeyShare, SessionId))
 
         %% TODO:
         %%   - session handling
@@ -484,29 +503,29 @@ do_start(#client_hello{cipher_suites = ClientCiphers,
         {Ref, no_suitable_cipher} ->
             ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY, no_suitable_cipher);
         {Ref, {insufficient_security, no_suitable_signature_algorithm}} ->
-            ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY, no_suitable_signature_algorithm);
+            ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY, "No suitable signature algorithm");
         {Ref, {insufficient_security, no_suitable_public_key}} ->
             ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY, no_suitable_public_key)
     end.
 
 
-do_negotiated(#{client_share := ClientKey,
-                group := SelectedGroup,
-                sign_alg := SignatureScheme
-               },
-           #state{connection_states = ConnectionStates0,
-                  session = #session{session_id = SessionId,
-                                     own_certificate = OwnCert},
-                  ssl_options = #ssl_options{} = _SslOpts,
-                  key_share = KeyShare,
-                  handshake_env = #handshake_env{tls_handshake_history = _HHistory0},
-                  connection_env = #connection_env{private_key = CertPrivateKey},
-                  static_env = #static_env{
-                                  cert_db = CertDbHandle,
-                                  cert_db_ref = CertDbRef,
-                                  socket = _Socket,
-                                  transport_cb = _Transport}
-                 } = State0) ->
+do_negotiated(start_handshake,
+              #state{connection_states = ConnectionStates0,
+                     session = #session{session_id = SessionId,
+                                        own_certificate = OwnCert,
+                                        ecc = SelectedGroup,
+                                        sign_alg = SignatureScheme,
+                                        dh_public_value = ClientKey},
+                     ssl_options = #ssl_options{} = SslOpts,
+                     key_share = KeyShare,
+                     handshake_env = #handshake_env{tls_handshake_history = _HHistory0},
+                     connection_env = #connection_env{private_key = CertPrivateKey},
+                     static_env = #static_env{
+                                     cert_db = CertDbHandle,
+                                     cert_db_ref = CertDbRef,
+                                     socket = _Socket,
+                                     transport_cb = _Transport}
+                    } = State0) ->
     {Ref,Maybe} = maybe(),
 
     try
@@ -527,59 +546,71 @@ do_negotiated(#{client_share := ClientKey,
         %% Encode EncryptedExtensions
         State4 = tls_connection:queue_handshake(EncryptedExtensions, State3),
 
+        %% Create and send CertificateRequest ({verify, verify_peer})
+        {State5, NextState} = maybe_send_certificate_request(State4, SslOpts),
+
         %% Create Certificate
         Certificate = certificate(OwnCert, CertDbHandle, CertDbRef, <<>>, server),
 
         %% Encode Certificate
-        State5 = tls_connection:queue_handshake(Certificate, State4),
+        State6 = tls_connection:queue_handshake(Certificate, State5),
 
         %% Create CertificateVerify
         CertificateVerify = Maybe(certificate_verify(CertPrivateKey, SignatureScheme,
-                                                     State5, server)),
+                                                     State6, server)),
         %% Encode CertificateVerify
-        State6 = tls_connection:queue_handshake(CertificateVerify, State5),
+        State7 = tls_connection:queue_handshake(CertificateVerify, State6),
 
         %% Create Finished
-        Finished = finished(State6),
+        Finished = finished(State7),
 
         %% Encode Finished
-        State7 = tls_connection:queue_handshake(Finished, State6),
+        State8 = tls_connection:queue_handshake(Finished, State7),
 
         %% Send first flight
-        {State8, _} = tls_connection:send_handshake_flight(State7),
+        {State9, _} = tls_connection:send_handshake_flight(State8),
 
-        State8
+        {State9, NextState}
 
     catch
-        {Ref, {state_not_implemented, State}} ->
-            %% TODO
-            ?ALERT_REC(?FATAL, ?INTERNAL_ERROR, {state_not_implemented, State})
+        {Ref, badarg} ->
+            ?ALERT_REC(?FATAL, ?INTERNAL_ERROR, {digitally_sign, badarg})
     end.
 
 
-do_wait_finished(#change_cipher_spec{},
-              #state{connection_states = _ConnectionStates0,
-                     session = #session{session_id = _SessionId,
-                                        own_certificate = _OwnCert},
-                     ssl_options = #ssl_options{} = _SslOpts,
-                     key_share = _KeyShare,
-                     handshake_env = #handshake_env{tls_handshake_history = _HHistory0},
-                     static_env = #static_env{
-                                     cert_db = _CertDbHandle,
-                                     cert_db_ref = _CertDbRef,
-                                     socket = _Socket,
-                                     transport_cb = _Transport}
-                    } = State0) ->
-    %% {Ref,Maybe} = maybe(),
-
+do_wait_cert(#certificate_1_3{} = Certificate, State0) ->
+    {Ref,Maybe} = maybe(),
     try
+        Maybe(process_client_certificate(Certificate, State0))
+    catch
+        {Ref, {certificate_required, State}} ->
+            {?ALERT_REC(?FATAL, ?CERTIFICATE_REQUIRED, certificate_required), State};
+        {Ref, {{certificate_unknown, Reason}, State}} ->
+            {?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN, Reason), State};
+        {Ref, {{internal_error, Reason}, State}} ->
+            {?ALERT_REC(?FATAL, ?INTERNAL_ERROR, Reason), State};
+        {Ref, {{handshake_failure, Reason}, State}} ->
+            {?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, Reason), State};
+        {#alert{} = Alert, State} ->
+            {Alert, State}
+    end.
 
-        State0
 
+do_wait_cv(#certificate_verify_1_3{} = CertificateVerify, State0) ->
+    {Ref,Maybe} = maybe(),
+    try
+        Maybe(verify_signature_algorithm(State0, CertificateVerify)),
+        Maybe(verify_certificate_verify(State0, CertificateVerify))
     catch
-        {_Ref, {state_not_implemented, State}} ->
-            ?ALERT_REC(?FATAL, ?INTERNAL_ERROR, {state_not_implemented, State})
-    end;
+        {Ref, {{bad_certificate, Reason}, State}} ->
+            {?ALERT_REC(?FATAL, ?BAD_CERTIFICATE, {bad_certificate, Reason}), State};
+        {Ref, {badarg, State}} ->
+            {?ALERT_REC(?FATAL, ?INTERNAL_ERROR, {verify, badarg}), State};
+        {Ref, {{handshake_failure, Reason}, State}} ->
+            {?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, {handshake_failure, Reason}), State}
+    end.
+
+
 do_wait_finished(#finished{verify_data = VerifyData},
               #state{connection_states = _ConnectionStates0,
                      session = #session{session_id = _SessionId,
@@ -607,16 +638,19 @@ do_wait_finished(#finished{verify_data = VerifyData},
 
     catch
         {Ref, decrypt_error} ->
-            ?ALERT_REC(?FATAL, ?DECRYPT_ERROR, decrypt_error);
-        {_, {state_not_implemented, State}} ->
-            %% TODO
-            ?ALERT_REC(?FATAL, ?INTERNAL_ERROR, {state_not_implemented, State})
+            ?ALERT_REC(?FATAL, ?DECRYPT_ERROR, decrypt_error)
     end.
 
 
 %% TODO: Remove this function!
-%% not_implemented(State) ->
-%%     {error, {state_not_implemented, State}}.
+%% not_implemented(State, Reason) ->
+%%     {error, {not_implemented, State, Reason}}.
+%%
+%% not_implemented(update_secrets, State0, Reason) ->
+%%     State1 = calculate_traffic_secrets(State0),
+%%     State = ssl_record:step_encryption_state(State1),
+%%     {error, {not_implemented, State, Reason}}.
+
 
 
 %% Recipients of Finished messages MUST verify that the contents are
@@ -659,6 +693,138 @@ send_hello_retry_request(State0, _, _, _) ->
     {ok, {State0, negotiated}}.
 
 
+maybe_send_certificate_request(State, #ssl_options{verify = verify_none}) ->
+    {State, wait_finished};
+maybe_send_certificate_request(State, #ssl_options{
+                                         verify = verify_peer,
+                                         signature_algs = SignAlgs,
+                                         signature_algs_cert = SignAlgsCert}) ->
+    CertificateRequest = certificate_request(SignAlgs, SignAlgsCert),
+    {tls_connection:queue_handshake(CertificateRequest, State), wait_cert}.
+
+
+process_client_certificate(#certificate_1_3{
+                              certificate_request_context = <<>>,
+                              certificate_list = []},
+                           #state{ssl_options =
+                                      #ssl_options{
+                                         fail_if_no_peer_cert = false}} = State) ->
+    {ok, {State, wait_finished}};
+process_client_certificate(#certificate_1_3{
+                              certificate_request_context = <<>>,
+                              certificate_list = []},
+                           #state{ssl_options =
+                                      #ssl_options{
+                                         fail_if_no_peer_cert = true}} = State0) ->
+
+    %% At this point the client believes that the connection is up and starts using
+    %% its traffic secrets. In order to be able send an proper Alert to the client
+    %% the server should also change its connection state and use the traffic
+    %% secrets.
+    State1 = calculate_traffic_secrets(State0),
+    State = ssl_record:step_encryption_state(State1),
+    {error, {certificate_required, State}};
+process_client_certificate(#certificate_1_3{certificate_list = Certs0},
+                           #state{ssl_options =
+                                      #ssl_options{signature_algs = SignAlgs,
+                                                   signature_algs_cert = SignAlgsCert} = SslOptions,
+                                  static_env =
+                                      #static_env{
+                                         role = Role,
+                                         host = Host,
+                                         cert_db = CertDbHandle,
+                                         cert_db_ref = CertDbRef,
+                                         crl_db = CRLDbHandle}} = State0) ->
+    %% TODO: handle extensions!
+
+    %% Remove extensions from list of certificates!
+    Certs = convert_certificate_chain(Certs0),
+    case is_supported_signature_algorithm(Certs, SignAlgs, SignAlgsCert) of
+        true ->
+            case validate_certificate_chain(Certs, CertDbHandle, CertDbRef,
+                                            SslOptions, CRLDbHandle, Role, Host) of
+                {ok, {PeerCert, PublicKeyInfo}} ->
+                    State = store_peer_cert(State0, PeerCert, PublicKeyInfo),
+                    {ok, {State, wait_cv}};
+                {error, Reason} ->
+                    State1 = calculate_traffic_secrets(State0),
+                    State = ssl_record:step_encryption_state(State1),
+                    {error, {Reason, State}};
+                #alert{} = Alert ->
+                    State1 = calculate_traffic_secrets(State0),
+                    State = ssl_record:step_encryption_state(State1),
+                    {Alert, State}
+            end;
+        false ->
+            State1 = calculate_traffic_secrets(State0),
+            State = ssl_record:step_encryption_state(State1),
+            {error, {{handshake_failure,
+                      "Client certificate uses unsupported signature algorithm"}, State}}
+    end.
+
+
+%% TODO: check whole chain!
+is_supported_signature_algorithm(Certs, SignAlgs, undefined) ->
+    is_supported_signature_algorithm(Certs, SignAlgs);
+is_supported_signature_algorithm(Certs, _, SignAlgsCert) ->
+    is_supported_signature_algorithm(Certs, SignAlgsCert).
+%%
+is_supported_signature_algorithm([BinCert|_], SignAlgs0) ->
+    #'OTPCertificate'{signatureAlgorithm = SignAlg} =
+        public_key:pkix_decode_cert(BinCert, otp),
+    SignAlgs = filter_tls13_algs(SignAlgs0),
+    Scheme = ssl_cipher:signature_algorithm_to_scheme(SignAlg),
+    lists:member(Scheme, SignAlgs).
+
+
+validate_certificate_chain(Certs, CertDbHandle, CertDbRef, SslOptions, CRLDbHandle, Role, Host) ->
+    ServerName = ssl_handshake:server_name(SslOptions#ssl_options.server_name_indication, Host, Role),
+    [PeerCert | ChainCerts ] = Certs,
+    try
+	{TrustedCert, CertPath}  =
+	    ssl_certificate:trusted_cert_and_path(Certs, CertDbHandle, CertDbRef,
+                                                  SslOptions#ssl_options.partial_chain),
+        ValidationFunAndState =
+            ssl_handshake:validation_fun_and_state(SslOptions#ssl_options.verify_fun, Role,
+                                     CertDbHandle, CertDbRef, ServerName,
+                                     SslOptions#ssl_options.customize_hostname_check,
+                                     SslOptions#ssl_options.crl_check, CRLDbHandle, CertPath),
+        Options = [{max_path_length, SslOptions#ssl_options.depth},
+                   {verify_fun, ValidationFunAndState}],
+        %% TODO: Validate if Certificate is using a supported signature algorithm
+        %% (signature_algs_cert)!
+        case public_key:pkix_path_validation(TrustedCert, CertPath, Options) of
+            {ok, {PublicKeyInfo,_}} ->
+                {ok, {PeerCert, PublicKeyInfo}};
+            {error, Reason} ->
+                ssl_handshake:handle_path_validation_error(Reason, PeerCert, ChainCerts,
+                                                           SslOptions, Options,
+                                                           CertDbHandle, CertDbRef)
+        end
+    catch
+        error:{badmatch,{asn1, Asn1Reason}} ->
+            %% ASN-1 decode of certificate somehow failed
+            {error, {certificate_unknown, {failed_to_decode_certificate, Asn1Reason}}};
+        error:OtherReason ->
+            {error, {internal_error, {unexpected_error, OtherReason}}}
+    end.
+
+
+store_peer_cert(#state{session = Session,
+                       handshake_env = HsEnv} = State, PeerCert, PublicKeyInfo) ->
+    State#state{session = Session#session{peer_certificate = PeerCert},
+                handshake_env = HsEnv#handshake_env{public_key_info = PublicKeyInfo}}.
+
+
+convert_certificate_chain(Certs) ->
+    Fun = fun(#certificate_entry{data = Data}) ->
+                  {true, Data};
+             (_) ->
+                  false
+          end,
+    lists:filtermap(Fun, Certs).
+
+
 %% 4.4.1.  The Transcript Hash
 %%
 %% As an exception to this general rule, when the server responds to a
@@ -746,10 +912,8 @@ calculate_traffic_secrets(#state{connection_states = ConnectionStates,
     MasterSecret =
         tls_v1:key_schedule(master_secret, HKDFAlgo, HandshakeSecret),
 
-    {Messages0, _} =  HHistory,
-
-    %% Drop Client Finish
-    [_|Messages] = Messages0,
+    %% Get the correct list messages for the handshake context.
+    Messages = get_handshake_context(HHistory),
 
     %% Calculate [sender]_application_traffic_secret_0
     ClientAppTrafficSecret0 =
@@ -778,6 +942,11 @@ get_private_key(#key_share_entry{
                           {_, PrivateKey}}) ->
     PrivateKey.
 
+%% TODO: implement EC keys
+get_public_key({?'rsaEncryption', PublicKey, _}) ->
+    PublicKey.
+
+
 %% X25519, X448
 calculate_shared_secret(OthersKey, MyKey, Group)
   when is_binary(OthersKey) andalso is_binary(MyKey) andalso
@@ -822,7 +991,8 @@ update_connection_state(ConnectionState = #{security_parameters := SecurityParam
 update_start_state(#state{connection_states = ConnectionStates0,
                           connection_env = CEnv,
                           session = Session} = State,
-                   Cipher, KeyShare, SessionId) ->
+                   Cipher, KeyShare, SessionId,
+                   Group, SelectedSignAlg, ClientPubKey) ->
     #{security_parameters := SecParamsR0} = PendingRead =
         maps:get(pending_read, ConnectionStates0),
     #{security_parameters := SecParamsW0} = PendingWrite =
@@ -834,7 +1004,10 @@ update_start_state(#state{connection_states = ConnectionStates0,
                            pending_write => PendingWrite#{security_parameters => SecParamsW}},
     State#state{connection_states = ConnectionStates,
                 key_share = KeyShare,
-                session = Session#session{session_id = SessionId},
+                session = Session#session{session_id = SessionId,
+                                          ecc = Group,
+                                          sign_alg = SelectedSignAlg,
+                                          dh_public_value = ClientPubKey},
                 connection_env = CEnv#connection_env{negotiated_version = {3,4}}}.
 
 
@@ -845,6 +1018,126 @@ cipher_init(Key, IV, FinishedKey) ->
                   tag_len = 16}.
 
 
+%% Get handshake context for verification of CertificateVerify.
+%%
+%% Verify CertificateVerify:
+%%    ClientHello         (client) (1)
+%%    ServerHello         (server) (2)
+%%    EncryptedExtensions (server) (8)
+%%    CertificateRequest  (server) (13)
+%%    Certificate         (server) (11)
+%%    CertificateVerify   (server) (15)
+%%    Finished            (server) (20)
+%%    Certificate         (client) (11)
+%%    CertificateVerify   (client) (15) - Drop! Not included in calculations!
+get_handshake_context_cv({[<<15,_/binary>>|Messages], _}) ->
+    Messages.
+
+
+%% Get handshake context for traffic key calculation.
+%%
+%% Client is authenticated with certificate:
+%%    ClientHello         (client) (1)
+%%    ServerHello         (server) (2)
+%%    EncryptedExtensions (server) (8)
+%%    CertificateRequest  (server) (13)
+%%    Certificate         (server) (11)
+%%    CertificateVerify   (server) (15)
+%%    Finished            (server) (20)
+%%    Certificate         (client) (11) - Drop! Not included in calculations!
+%%    CertificateVerify   (client) (15) - Drop! Not included in calculations!
+%%    Finished            (client) (20) - Drop! Not included in calculations!
+%%
+%% Client is authenticated but sends empty certificate:
+%%    ClientHello         (client) (1)
+%%    ServerHello         (server) (2)
+%%    EncryptedExtensions (server) (8)
+%%    CertificateRequest  (server) (13)
+%%    Certificate         (server) (11)
+%%    CertificateVerify   (server) (15)
+%%    Finished            (server) (20)
+%%    Certificate         (client) (11) - Drop! Not included in calculations!
+%%    Finished            (client) (20) - Drop! Not included in calculations!
+%%
+%% Client is not authenticated:
+%%    ClientHello         (client) (1)
+%%    ServerHello         (server) (2)
+%%    EncryptedExtensions (server) (8)
+%%    Certificate         (server) (11)
+%%    CertificateVerify   (server) (15)
+%%    Finished            (server) (20)
+%%    Finished            (client) (20) - Drop! Not included in calculations!
+%%
+%% Drop all client messages from the front of the iolist using the property that
+%% incoming messages are binaries.
+get_handshake_context({Messages, _}) ->
+    get_handshake_context(Messages);
+get_handshake_context([H|T]) when is_binary(H) ->
+    get_handshake_context(T);
+get_handshake_context(L) ->
+    L.
+
+
+%% If sent by a client, the signature algorithm used in the signature
+%% MUST be one of those present in the supported_signature_algorithms
+%% field of the "signature_algorithms" extension in the
+%% CertificateRequest message.
+verify_signature_algorithm(#state{ssl_options =
+                                      #ssl_options{
+                                         signature_algs = ServerSignAlgs}} = State0,
+                           #certificate_verify_1_3{algorithm = ClientSignAlg}) ->
+    case lists:member(ClientSignAlg, ServerSignAlgs) of
+        true ->
+            ok;
+        false ->
+            State1 = calculate_traffic_secrets(State0),
+            State = ssl_record:step_encryption_state(State1),
+            {error, {{handshake_failure,
+                      "CertificateVerify uses unsupported signature algorithm"}, State}}
+    end.
+
+
+verify_certificate_verify(#state{connection_states = ConnectionStates,
+                                 handshake_env =
+                                     #handshake_env{
+                                        public_key_info = PublicKeyInfo,
+                                        tls_handshake_history = HHistory}} = State0,
+                          #certificate_verify_1_3{
+                             algorithm = SignatureScheme,
+                             signature = Signature}) ->
+    #{security_parameters := SecParamsR} =
+        ssl_record:pending_connection_state(ConnectionStates, write),
+    #security_parameters{prf_algorithm = HKDFAlgo} = SecParamsR,
+
+    {HashAlgo, _, _} =
+        ssl_cipher:scheme_to_components(SignatureScheme),
+
+    Messages = get_handshake_context_cv(HHistory),
+
+    Context = lists:reverse(Messages),
+
+    %% Transcript-Hash uses the HKDF hash function defined by the cipher suite.
+    THash = tls_v1:transcript_hash(Context, HKDFAlgo),
+
+    PublicKey = get_public_key(PublicKeyInfo),
+
+    %% Digital signatures use the hash function defined by the selected signature
+    %% scheme.
+    case verify(THash, <<"TLS 1.3, client CertificateVerify">>,
+                        HashAlgo, Signature, PublicKey) of
+        {ok, true} ->
+            {ok, {State0, wait_finished}};
+        {ok, false} ->
+            State1 = calculate_traffic_secrets(State0),
+            State = ssl_record:step_encryption_state(State1),
+            {error, {{handshake_failure, "Failed to verify CertificateVerify"}, State}};
+        {error, badarg} ->
+            State1 = calculate_traffic_secrets(State0),
+            State = ssl_record:step_encryption_state(State1),
+            {error, {badarg, State}}
+    end.
+
+
 %% If there is no overlap between the received
 %% "supported_groups" and the groups supported by the server, then the
 %% server MUST abort the handshake with a "handshake_failure" or an
@@ -861,7 +1154,6 @@ select_common_groups(ServerGroups, ClientGroups) ->
     end.
 
 
-
 %% RFC 8446 - 4.2.8.  Key Share
 %% This vector MAY be empty if the client is requesting a
 %% HelloRetryRequest.  Each KeyShareEntry value MUST correspond to a
diff --git a/lib/ssl/src/tls_record_1_3.erl b/lib/ssl/src/tls_record_1_3.erl
index 05acc08392..97331e1510 100644
--- a/lib/ssl/src/tls_record_1_3.erl
+++ b/lib/ssl/src/tls_record_1_3.erl
@@ -124,6 +124,20 @@ decode_cipher_text(#ssl_tls{type = ?OPAQUE_TYPE,
 	    {decode_inner_plaintext(PlainFragment), ConnectionStates}
     end;
 
+
+%% RFC8446 - TLS 1.3 (OpenSSL compatibility)
+%% Handle unencrypted Alerts from openssl s_client when server's
+%% connection states are already stepped into traffic encryption.
+%% (E.g. openssl s_client receives a CertificateRequest with
+%% a signature_algorithms_cert extension that does not contain
+%% the signature algorithm of the client's certificate.)
+decode_cipher_text(#ssl_tls{type = ?ALERT,
+                            version = ?LEGACY_VERSION,
+                            fragment = <<2,47>>},
+		   ConnectionStates0) ->
+    {#ssl_tls{type = ?ALERT,
+              version = {3,4}, %% Internally use real version
+              fragment = <<2,47>>}, ConnectionStates0};
 %% RFC8446 - TLS 1.3
 %% D.4.  Middlebox Compatibility Mode
 %%    -  If not offering early data, the client sends a dummy
@@ -139,7 +153,6 @@ decode_cipher_text(#ssl_tls{type = ?CHANGE_CIPHER_SPEC,
     {#ssl_tls{type = ?CHANGE_CIPHER_SPEC,
               version = {3,4}, %% Internally use real version
               fragment = <<1>>}, ConnectionStates0};
-
 decode_cipher_text(#ssl_tls{type = Type,
                             version = ?LEGACY_VERSION,
                             fragment = CipherFragment},
diff --git a/lib/ssl/src/tls_socket.erl b/lib/ssl/src/tls_socket.erl
index c3c41d3e12..6c32e6fa04 100644
--- a/lib/ssl/src/tls_socket.erl
+++ b/lib/ssl/src/tls_socket.erl
@@ -46,7 +46,7 @@
 send(Transport, Socket, Data) ->
     Transport:send(Socket, Data).
 
-listen(Transport, Port, #config{transport_info = {Transport, _, _, _}, 
+listen(Transport, Port, #config{transport_info = {Transport, _, _, _, _}, 
 				inet_user = Options, 
 				ssl = SslOpts, emulated = EmOpts} = Config) ->
     case Transport:listen(Port, Options ++ internal_inet_values()) of
@@ -59,7 +59,7 @@ listen(Transport, Port, #config{transport_info = {Transport, _, _, _},
 	    Err
     end.
 
-accept(ListenSocket, #config{transport_info = {Transport,_,_,_} = CbInfo,
+accept(ListenSocket, #config{transport_info = {Transport,_,_,_,_} = CbInfo,
 			     connection_cb = ConnectionCb,
 			     ssl = SslOpts,
 			     emulated = Tracker}, Timeout) -> 
@@ -80,7 +80,7 @@ accept(ListenSocket, #config{transport_info = {Transport,_,_,_} = CbInfo,
 	    {error, Reason}
     end.
 
-upgrade(Socket, #config{transport_info = {Transport,_,_,_}= CbInfo,
+upgrade(Socket, #config{transport_info = {Transport,_,_,_,_}= CbInfo,
 			ssl = SslOptions,
 			emulated = EmOpts, connection_cb = ConnectionCb}, Timeout) ->
     ok = setopts(Transport, Socket, tls_socket:internal_inet_values()),
@@ -98,7 +98,7 @@ connect(Address, Port,
 	#config{transport_info = CbInfo, inet_user = UserOpts, ssl = SslOpts,
 		emulated = EmOpts, inet_ssl = SocketOpts, connection_cb = ConnetionCb},
 	Timeout) ->
-    {Transport, _, _, _} = CbInfo,
+    {Transport, _, _, _, _} = CbInfo,
     try Transport:connect(Address, Port,  SocketOpts, Timeout) of
 	{ok, Socket} ->
 	    ssl_connection:connect(ConnetionCb, Address, Port, Socket, 
@@ -125,7 +125,7 @@ setopts(gen_tcp, Socket = #sslsocket{pid = {ListenSocket, #config{emulated = Tra
     ok = set_emulated_opts(Tracker, EmulatedOpts),
     check_active_n(EmulatedOpts, Socket),
     inet:setopts(ListenSocket, SockOpts);
-setopts(_, Socket = #sslsocket{pid = {ListenSocket, #config{transport_info = {Transport,_,_,_},
+setopts(_, Socket = #sslsocket{pid = {ListenSocket, #config{transport_info = {Transport,_,_,_,_},
 						  emulated = Tracker}}}, Options) ->
     {SockOpts, EmulatedOpts} = split_options(Options),
     ok = set_emulated_opts(Tracker, EmulatedOpts),
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 292916692d..ff5638ff34 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -281,7 +281,15 @@ tls13_test_group() ->
      tls13_1_RTT_handshake,
      tls13_basic_ssl_server_openssl_client,
      tls13_custom_groups_ssl_server_openssl_client,
-     tls13_hello_retry_request_ssl_server_openssl_client].
+     tls13_hello_retry_request_ssl_server_openssl_client,
+     tls13_client_auth_empty_cert_alert_ssl_server_openssl_client,
+     tls13_client_auth_empty_cert_ssl_server_openssl_client,
+     tls13_client_auth_ssl_server_openssl_client,
+     tls13_hrr_client_auth_empty_cert_alert_ssl_server_openssl_client,
+     tls13_hrr_client_auth_empty_cert_ssl_server_openssl_client,
+     tls13_hrr_client_auth_ssl_server_openssl_client,
+     tls13_unsupported_sign_algo_client_auth_ssl_server_openssl_client,
+     tls13_unsupported_sign_algo_cert_client_auth_ssl_server_openssl_client].
 
 %%--------------------------------------------------------------------
 init_per_suite(Config0) ->
@@ -4078,7 +4086,7 @@ tls_tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
     [_, _,_, _, Prop] = StatusInfo,
     State = ssl_test_lib:state(Prop),
     StaticEnv = element(2, State),
-    Socket = element(10, StaticEnv),
+    Socket = element(11, StaticEnv),
     %% Fake tcp error
     Pid ! {tcp_error, Socket, etimedout},
 
@@ -5588,6 +5596,258 @@ tls13_hello_retry_request_ssl_server_openssl_client(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close_port(Client).
 
+tls13_client_auth_empty_cert_alert_ssl_server_openssl_client() ->
+     [{doc,"TLS 1.3: Test client authentication when client sends an empty certificate and fail_if_no_peer_cert is set to true."}].
+
+tls13_client_auth_empty_cert_alert_ssl_server_openssl_client(Config) ->
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config),
+    %% Delete Client Cert and Key
+    ClientOpts1 = proplists:delete(certfile, ClientOpts0),
+    ClientOpts = proplists:delete(keyfile, ClientOpts1),
+
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+    %% Set versions
+    ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+                  {verify, verify_peer},
+                  {fail_if_no_peer_cert, true}|ServerOpts0],
+    {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					{from, self()},
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
+
+    ssl_test_lib:check_result(Server,
+                              {error,
+                               {tls_alert,
+                                {certificate_required,
+                                 "received SERVER ALERT: Fatal - Certificate required - certificate_required"}}}),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close_port(Client).
+
+tls13_client_auth_empty_cert_ssl_server_openssl_client() ->
+     [{doc,"TLS 1.3: Test client authentication when client sends an empty certificate and fail_if_no_peer_cert is set to false."}].
+
+tls13_client_auth_empty_cert_ssl_server_openssl_client(Config) ->
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config),
+    %% Delete Client Cert and Key
+    ClientOpts1 = proplists:delete(certfile, ClientOpts0),
+    ClientOpts = proplists:delete(keyfile, ClientOpts1),
+
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+    %% Set versions
+    ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+                  {verify, verify_peer},
+                  {fail_if_no_peer_cert, false}|ServerOpts0],
+    {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					{from, self()},
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
+
+    ssl_test_lib:check_result(Server, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close_port(Client).
+
+
+tls13_client_auth_ssl_server_openssl_client() ->
+     [{doc,"TLS 1.3: Test client authentication."}].
+
+tls13_client_auth_ssl_server_openssl_client(Config) ->
+    ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config),
+
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+    %% Set versions
+    ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+                  {verify, verify_peer},
+                  {fail_if_no_peer_cert, true}|ServerOpts0],
+    {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					{from, self()},
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
+
+    ssl_test_lib:check_result(Server, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close_port(Client).
+
+
+tls13_hrr_client_auth_empty_cert_alert_ssl_server_openssl_client() ->
+     [{doc,"TLS 1.3 (HelloRetryRequest): Test client authentication when client sends an empty certificate and fail_if_no_peer_cert is set to true."}].
+
+tls13_hrr_client_auth_empty_cert_alert_ssl_server_openssl_client(Config) ->
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config),
+    %% Delete Client Cert and Key
+    ClientOpts1 = proplists:delete(certfile, ClientOpts0),
+    ClientOpts2 = proplists:delete(keyfile, ClientOpts1),
+    ClientOpts = [{groups,"P-256:X25519"}|ClientOpts2],
+
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+    %% Set versions
+    ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+                  {verify, verify_peer},
+                  {fail_if_no_peer_cert, true},
+                  {supported_groups, [x448, x25519]}|ServerOpts0],
+    {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					{from, self()},
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
+
+    ssl_test_lib:check_result(Server,
+                              {error,
+                               {tls_alert,
+                                {certificate_required,
+                                 "received SERVER ALERT: Fatal - Certificate required - certificate_required"}}}),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close_port(Client).
+
+
+tls13_hrr_client_auth_empty_cert_ssl_server_openssl_client() ->
+     [{doc,"TLS 1.3 (HelloRetryRequest): Test client authentication when client sends an empty certificate and fail_if_no_peer_cert is set to false."}].
+
+tls13_hrr_client_auth_empty_cert_ssl_server_openssl_client(Config) ->
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config),
+    %% Delete Client Cert and Key
+    ClientOpts1 = proplists:delete(certfile, ClientOpts0),
+    ClientOpts2 = proplists:delete(keyfile, ClientOpts1),
+    ClientOpts = [{groups,"P-256:X25519"}|ClientOpts2],
+
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+    %% Set versions
+    ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+                  {verify, verify_peer},
+                  {fail_if_no_peer_cert, false},
+                  {supported_groups, [x448, x25519]}|ServerOpts0],
+    {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					{from, self()},
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
+
+    ssl_test_lib:check_result(Server, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close_port(Client).
+
+
+tls13_hrr_client_auth_ssl_server_openssl_client() ->
+     [{doc,"TLS 1.3 (HelloRetryRequest): Test client authentication."}].
+
+tls13_hrr_client_auth_ssl_server_openssl_client(Config) ->
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config),
+    ClientOpts = [{groups,"P-256:X25519"}|ClientOpts0],
+
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+    %% Set versions
+    ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+                  {verify, verify_peer},
+                  {fail_if_no_peer_cert, true},
+                  {supported_groups, [x448, x25519]}|ServerOpts0],
+    {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					{from, self()},
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
+
+    ssl_test_lib:check_result(Server, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close_port(Client).
+
+
+tls13_unsupported_sign_algo_client_auth_ssl_server_openssl_client() ->
+     [{doc,"TLS 1.3: Test client authentication with unsupported signature_algorithm"}].
+
+tls13_unsupported_sign_algo_client_auth_ssl_server_openssl_client(Config) ->
+    ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config),
+
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+    %% Set versions
+    ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+                  {verify, verify_peer},
+                  %% Skip rsa_pkcs1_sha256!
+                  {signature_algs, [rsa_pkcs1_sha384, rsa_pkcs1_sha512]},
+                  {fail_if_no_peer_cert, true}|ServerOpts0],
+    {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					{from, self()},
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
+
+    ssl_test_lib:check_result(
+      Server,
+      {error,
+       {tls_alert,
+        {insufficient_security,
+         "received SERVER ALERT: Fatal - Insufficient Security - "
+         "\"No suitable signature algorithm\""}}}),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close_port(Client).
+
+
+%% Triggers Client Alert as openssl s_client does not have a certificate with a
+%% signature algorithm supported by the server (signature_algorithms_cert extension
+%% of CertificateRequest does not contain the algorithm of the client certificate).
+tls13_unsupported_sign_algo_cert_client_auth_ssl_server_openssl_client() ->
+     [{doc,"TLS 1.3: Test client authentication with unsupported signature_algorithm_cert"}].
+
+tls13_unsupported_sign_algo_cert_client_auth_ssl_server_openssl_client(Config) ->
+    ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config),
+
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+    %% Set versions
+    ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+                  {log_level, debug},
+                  {verify, verify_peer},
+                  {signature_algs, [rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pss_rsae_sha256]},
+                  %% Skip rsa_pkcs1_sha256!
+                  {signature_algs_cert, [rsa_pkcs1_sha384, rsa_pkcs1_sha512]},
+                  {fail_if_no_peer_cert, true}|ServerOpts0],
+    {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					{from, self()},
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
+
+    ssl_test_lib:check_result(
+      Server,
+      {error,
+       {tls_alert,
+        {illegal_parameter,
+         "received CLIENT ALERT: Fatal - Illegal Parameter"}}}),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close_port(Client).
+
 
 %%--------------------------------------------------------------------
 %% Internal functions ------------------------------------------------
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index f628b4e6d4..7f8e81dbd8 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1114,15 +1114,23 @@ start_basic_client(openssl, Version, Port, ClientOpts) ->
     Exe = "openssl",
     Args0 = ["s_client", "-verify", "2", "-port", integer_to_list(Port),
 	    ssl_test_lib:version_flag(Version),
-	    "-cert", Cert, "-CAfile", CA,
-	    "-key", Key, "-host","localhost", "-msg", "-debug"],
-    Args =
+	    "-CAfile", CA, "-host", "localhost", "-msg", "-debug"],
+    Args1 =
        case Groups0 of
            undefined ->
                Args0;
            G ->
                Args0 ++ ["-groups", G]
        end,
+    Args =
+       case {Cert, Key} of
+           {C, K} when C =:= undefined orelse
+                       K =:= undefined ->
+               Args1;
+           {C, K} ->
+               Args1 ++ ["-cert", C, "-key", K]
+       end,
+
     OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args),
     true = port_command(OpenSslPort, "Hello world"),
     OpenSslPort.
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index 0d9f907d5c..c4bcc1560c 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -1 +1 @@
-SSL_VSN = 9.2
+SSL_VSN = 9.2.1