diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 7ef1d430..2b4f53d5 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -1041,6 +1041,11 @@ type ProtocolBugs struct {
 	// HelloRequest in the same record as Finished.
 	PackHelloRequestWithFinished bool
 
+	// ExpectMissingKeyShare, if true, causes the TLS server to fail the
+	// connection if the selected curve appears in the client's initial
+	// ClientHello. That is, it requires that a HelloRetryRequest be sent.
+	ExpectMissingKeyShare bool
+
 	// SendExtraFinished, if true, causes an extra Finished message to be
 	// sent.
 	SendExtraFinished bool
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 1c51799c..64e2a71e 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -430,6 +430,10 @@ Curves:
 			}
 		}
 
+		if config.Bugs.ExpectMissingKeyShare && selectedKeyShare != nil {
+			return errors.New("tls: expected missing key share")
+		}
+
 		sendHelloRetryRequest := selectedKeyShare == nil
 		if config.Bugs.UnnecessaryHelloRetryRequest {
 			sendHelloRetryRequest = true
@@ -451,6 +455,7 @@ Curves:
 			}
 			hs.writeServerHash(helloRetryRequestMsg.marshal())
 			c.writeRecord(recordTypeHandshake, helloRetryRequestMsg.marshal())
+			c.flushHandshake()
 
 			// Read new ClientHello.
 			newMsg, err := c.readHandshake()
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 54e601b8..71278ae3 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -3118,19 +3118,57 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
 	})
 
 	// TLS 1.3 basic handshake shapes.
-	tests = append(tests, testCase{
-		name: "TLS13-1RTT-Client",
-		config: Config{
-			MaxVersion: VersionTLS13,
-		},
-	})
-	tests = append(tests, testCase{
-		testType: serverTest,
-		name:     "TLS13-1RTT-Server",
-		config: Config{
-			MaxVersion: VersionTLS13,
-		},
-	})
+	if config.protocol == tls {
+		tests = append(tests, testCase{
+			name: "TLS13-1RTT-Client",
+			config: Config{
+				MaxVersion: VersionTLS13,
+				MinVersion: VersionTLS13,
+			},
+			resumeSession:        true,
+		})
+
+		tests = append(tests, testCase{
+			testType: serverTest,
+			name:     "TLS13-1RTT-Server",
+			config: Config{
+				MaxVersion: VersionTLS13,
+				MinVersion: VersionTLS13,
+			},
+			resumeSession:        true,
+		})
+
+		tests = append(tests, testCase{
+			name: "TLS13-HelloRetryRequest-Client",
+			config: Config{
+				MaxVersion: VersionTLS13,
+				MinVersion: VersionTLS13,
+				// P-384 requires a HelloRetryRequest against
+				// BoringSSL's default configuration. Assert
+				// that we do indeed test this with
+				// ExpectMissingKeyShare.
+				CurvePreferences: []CurveID{CurveP384},
+				Bugs: ProtocolBugs{
+					ExpectMissingKeyShare: true,
+				},
+			},
+			// Cover HelloRetryRequest during an ECDHE-PSK resumption.
+			resumeSession: true,
+		})
+
+		tests = append(tests, testCase{
+			testType: serverTest,
+			name:     "TLS13-HelloRetryRequest-Server",
+			config: Config{
+				MaxVersion: VersionTLS13,
+				MinVersion: VersionTLS13,
+				// Require a HelloRetryRequest for every curve.
+				DefaultCurves: []CurveID{},
+			},
+			// Cover HelloRetryRequest during an ECDHE-PSK resumption.
+			resumeSession: true,
+		})
+	}
 
 	// TLS client auth.
 	tests = append(tests, testCase{