diff --git a/tests/gold_tests/pluginTest/stek_share/stek_share.test.py b/tests/gold_tests/pluginTest/stek_share/stek_share.test.py
index 31f7241e07c..8d2fb94d745 100644
--- a/tests/gold_tests/pluginTest/stek_share/stek_share.test.py
+++ b/tests/gold_tests/pluginTest/stek_share/stek_share.test.py
@@ -313,12 +313,12 @@ def check_session(ev, test):
 
 tr2 = Test.AddTestRun("TLSv1.2 Session Ticket")
 tr2.Command = \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{0} -sess_out {5} && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{0} -sess_in {5} && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{1} -sess_in {5} && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{2} -sess_in {5} && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{3} -sess_in {5} && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{4} -sess_in {5}' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{0} -sess_out {5} && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{0} -sess_in {5} && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{1} -sess_in {5} && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{2} -sess_in {5} && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{3} -sess_in {5} && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{4} -sess_in {5}' \
     .format(
         ts1.Variables.ssl_port,
         ts2.Variables.ssl_port,
diff --git a/tests/gold_tests/tls/test-nc-s_client.sh b/tests/gold_tests/tls/test-nc-s_client.sh
index 58ddaf743ab..6e98ac0a43a 100644
--- a/tests/gold_tests/tls/test-nc-s_client.sh
+++ b/tests/gold_tests/tls/test-nc-s_client.sh
@@ -23,5 +23,5 @@ if openssl s_client --help 2>&1 | grep -q ignore_unexpected_eof
 then
   ignore_unexpected_eof='-ignore_unexpected_eof'
 fi
-echo -e "This is a reply" | nc -l "$1"  > test.out &
+printf "This is a reply" | nc -l "$1"  > test.out &
 echo "This is a test" | openssl s_client -servername bar.com -connect "localhost:$2" -ign_eof ${ignore_unexpected_eof}
diff --git a/tests/gold_tests/tls/tls_session_reuse.test.py b/tests/gold_tests/tls/tls_session_reuse.test.py
index c66e2bcc1d3..3529be510fa 100644
--- a/tests/gold_tests/tls/tls_session_reuse.test.py
+++ b/tests/gold_tests/tls/tls_session_reuse.test.py
@@ -103,12 +103,12 @@ def check_session(output_path, tls_ver, reuse_count):
 
 tr1 = Test.AddTestRun("TLSv1.2 Session Resumption Enabled")
 tr1.Command = \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_out {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_out {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2' \
     .format(ts1.Variables.ssl_port, os.path.join(Test.RunDirectory, 'sess1.dat'))
 tr1.ReturnCode = 0
 tr1.Processes.Default.StartBefore(server)
@@ -120,12 +120,12 @@ def check_session(output_path, tls_ver, reuse_count):
 
 tr2 = Test.AddTestRun("TLSv1.3 Session Resumption Enabled")
 tr2.Command = \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_out {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_out {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2' \
     .format(ts1.Variables.ssl_port, os.path.join(Test.RunDirectory, 'sess2.dat'))
 tr2.ReturnCode = 0
 tr2.Processes.Default.Streams.All.Content = Testers.Lambda(
@@ -134,12 +134,12 @@ def check_session(output_path, tls_ver, reuse_count):
 
 tr3 = Test.AddTestRun("TLSv1.2 Session Resumption Disabled")
 tr3.Command = \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_out {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_out {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_2' \
     .format(ts2.Variables.ssl_port, os.path.join(Test.RunDirectory, 'sess3.dat'))
 tr3.Processes.Default.StartBefore(ts2)
 tr3.Processes.Default.Streams.All = Testers.ExcludesExpression('Reused', '')
@@ -149,12 +149,12 @@ def check_session(output_path, tls_ver, reuse_count):
 
 tr4 = Test.AddTestRun("TLSv1.3 Session Resumption Disabled")
 tr4.Command = \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_out {1} -tls1_3 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_3 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_3 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_3 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_3 && ' \
-    'echo -e "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_3' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_out {1} -tls1_3 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_3 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_3 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_3 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_3 && ' \
+    'printf "GET / HTTP/1.1\r\n" | openssl s_client -connect 127.0.0.1:{0} -sess_in  {1} -tls1_3' \
     .format(ts2.Variables.ssl_port, os.path.join(Test.RunDirectory, 'sess4.dat'))
 tr4.Processes.Default.Streams.All = Testers.ExcludesExpression('Reused', '')
 tr4.Processes.Default.Streams.All += Testers.ContainsExpression('TLSv1.3', '')
diff --git a/tests/gold_tests/tls/tls_sni_ticket.test.py b/tests/gold_tests/tls/tls_sni_ticket.test.py
index 25f7473dc33..22eedd95155 100644
--- a/tests/gold_tests/tls/tls_sni_ticket.test.py
+++ b/tests/gold_tests/tls/tls_sni_ticket.test.py
@@ -94,6 +94,8 @@ def setupTS(
 
         ts.Disk.records_config.update(
             {
+                'proxy.config.diags.debug.enabled': 1,
+                'proxy.config.diags.debug.tags': 'ssl|http',
                 'proxy.config.ssl.server.cert.path': f'{ts.Variables.SSLDir}',
                 'proxy.config.ssl.server.private_key.path': f'{ts.Variables.SSLDir}',
                 'proxy.config.exec_thread.autoconfig.scale': 1.0,
@@ -177,17 +179,17 @@ def session_reuse_command(port: int, servername: str) -> str:
         """
         return (
             f'session_path=`mktemp` && '
-            f'echo -e "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
+            f'printf "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
             f'openssl s_client -connect 127.0.0.1:{port} -servername {servername} -sess_out "$$session_path" -tls1_2 && '
-            f'echo -e "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
+            f'printf "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
             f'openssl s_client -connect 127.0.0.1:{port} -servername {servername} -sess_in "$$session_path" -tls1_2 && '
-            f'echo -e "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
+            f'printf "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
             f'openssl s_client -connect 127.0.0.1:{port} -servername {servername} -sess_in "$$session_path" -tls1_2 && '
-            f'echo -e "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
+            f'printf "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
             f'openssl s_client -connect 127.0.0.1:{port} -servername {servername} -sess_in "$$session_path" -tls1_2 && '
-            f'echo -e "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
+            f'printf "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
             f'openssl s_client -connect 127.0.0.1:{port} -servername {servername} -sess_in "$$session_path" -tls1_2 && '
-            f'echo -e "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
+            f'printf "GET / HTTP/1.1\\r\\nHost: {servername}\\r\\n\\r\\n" | '
             f'openssl s_client -connect 127.0.0.1:{port} -servername {servername} -sess_in "$$session_path" -tls1_2')
 
     def add_tls12_enabled_run(self) -> None:
@@ -211,7 +213,7 @@ def add_tls13_enabled_run(self) -> None:
         """
         tr = Test.AddTestRun('sni.yaml sets TLSv1.3 ticket count')
         tr.Command = (
-            f'echo -e "GET / HTTP/1.1\\r\\nHost: tickets-on.com\\r\\nConnection: close\\r\\n\\r\\n" | '
+            f'printf "GET / HTTP/1.1\\r\\nHost: tickets-on.com\\r\\nConnection: close\\r\\n\\r\\n" | '
             f'openssl s_client -connect 127.0.0.1:{self.ts_on.Variables.ssl_port} -servername tickets-on.com -tls1_3 -msg -ign_eof')
         tr.ReturnCode = 0
         self.start_processes_if_needed(tr, start_server=True, start_ts_on=True)
@@ -240,7 +242,7 @@ def add_tls13_disabled_run(self) -> None:
         """
         tr = Test.AddTestRun('sni.yaml disables TLSv1.3 ticket issuance')
         tr.Command = (
-            f'echo -e "GET / HTTP/1.1\\r\\nHost: tickets-off.com\\r\\nConnection: close\\r\\n\\r\\n" | '
+            f'printf "GET / HTTP/1.1\\r\\nHost: tickets-off.com\\r\\nConnection: close\\r\\n\\r\\n" | '
             f'openssl s_client -connect 127.0.0.1:{self.ts_off.Variables.ssl_port} -servername tickets-off.com -tls1_3 -msg -ign_eof'
         )
         self.start_processes_if_needed(tr, start_server=True, start_ts_off=True)
diff --git a/tests/gold_tests/tls/tls_ticket.test.py b/tests/gold_tests/tls/tls_ticket.test.py
index d7e2df1858b..28eec527bce 100644
--- a/tests/gold_tests/tls/tls_ticket.test.py
+++ b/tests/gold_tests/tls/tls_ticket.test.py
@@ -75,7 +75,7 @@
 
 tr = Test.AddTestRun("Create ticket")
 tr.Setup.Copy('file.ticket')
-tr.Command = 'echo -e "GET / HTTP/1.0\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{0} -sess_out ticket.out'.format(
+tr.Command = 'printf "GET / HTTP/1.0\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{0} -sess_out ticket.out'.format(
     ts.Variables.ssl_port)
 tr.ReturnCode = 0
 tr.Processes.Default.StartBefore(server)
@@ -113,7 +113,7 @@ def checkSession(ev):
 
 tr2 = Test.AddTestRun("Test ticket")
 tr2.Setup.Copy('file.ticket')
-tr2.Command = 'echo -e "GET / HTTP/1.0\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{0} -sess_in ticket.out'.format(
+tr2.Command = 'printf "GET / HTTP/1.0\r\n" | openssl s_client -tls1_2 -connect 127.0.0.1:{0} -sess_in ticket.out'.format(
     ts2.Variables.ssl_port)
 tr2.Processes.Default.StartBefore(Test.Processes.ts2)
 tr2.ReturnCode = 0