diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a5ebe6d21..0037429a9 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1272,98 +1272,97 @@ run_test    "Truncated HMAC, DTLS: client enabled, server enabled" \
 
 # Tests for DTLS Connection ID extension
 
-# TODO
 # So far, the CID API isn't implemented, so we can't
 # grep for output witnessing its use. This needs to be
 # changed once the CID extension is implemented.
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client enabled, server disabled" \
+run_test    "(STUB) Connection ID: Client enabled, server disabled" \
             "$P_SRV dtls=1 cid=0" \
             "$P_CLI dtls=1 cid=1 cid_val=deadbeef" \
              0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client disabled, server enabled" \
+run_test    "(STUB) Connection ID: Client disabled, server enabled" \
             "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \
             "$P_CLI dtls=1 cid=0" \
              0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Client+Server CID nonempty" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty" \
             "$P_SRV dtls=1 cid=1 cid_val=dead" \
             "$P_CLI dtls=1 cid=1 cid_val=beef" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Client CID empty" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Client CID empty" \
             "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \
             "$P_CLI dtls=1 cid=1" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Server CID empty" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Server CID empty" \
             "$P_SRV dtls=1 cid=1" \
             "$P_CLI dtls=1 cid=1 cid_val=deadbeef" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Client+Server CID empty" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \
             "$P_SRV dtls=1 cid=1" \
             "$P_CLI dtls=1 cid=1" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \
             "$P_SRV dtls=1 cid=1 cid_val=dead" \
             "$P_CLI dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \
             "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \
             "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \
             "$P_SRV dtls=1 cid=1" \
             "$P_CLI dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \
             "$P_SRV dtls=1 cid=1" \
             "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \
             "$P_SRV dtls=1 cid=1 cid_val=dead" \
             "$P_CLI dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \
             "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \
             "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \
             "$P_SRV dtls=1 cid=1" \
             "$P_CLI dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
-run_test    "Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \
+run_test    "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \
             "$P_SRV dtls=1 cid=1" \
             "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
             0
 
 requires_config_enabled MBEDTLS_SSL_CID
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "Connection ID: Client+Server enabled, renegotiate" \
+run_test    "(STUB) Connection ID: Client+Server enabled, renegotiate" \
             "$P_SRV dtls=1 cid=1 cid_val=dead renegotiation=1" \
             "$P_CLI dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
             0