diff options
| author | Jack Lloyd <[email protected]> | 2020-12-09 18:30:51 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2020-12-09 18:33:19 -0500 |
| commit | 471347667105ed20f9a63e67fdc134ce0b8b7ecb (patch) | |
| tree | 6d5d5b1e23db6bfaab8f34fcde4806479549af10 /src/bogo_shim | |
| parent | 7f7e86c12ccb1d6ddb83c2d637fa58e300d7722b (diff) | |
Enable BoringSSL SSLv3 tests
Previously these tested SSLv3 functionality but now BoringSSL has also
removed SSLv3 so the remaining test is just to confirm that SSLv3
can't be negotiated.
Diffstat (limited to 'src/bogo_shim')
| -rw-r--r-- | src/bogo_shim/bogo_shim.cpp | 10 | ||||
| -rw-r--r-- | src/bogo_shim/config.json | 3 |
2 files changed, 5 insertions, 8 deletions
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp index 0d1fa587d..a2abcef28 100644 --- a/src/bogo_shim/bogo_shim.cpp +++ b/src/bogo_shim/bogo_shim.cpp @@ -96,6 +96,7 @@ std::string map_to_bogo_error(const std::string& e) { "Client certificate does not support signing", ":KEY_USAGE_BIT_INCORRECT:" }, { "Client did not offer NULL compression", ":INVALID_COMPRESSION_LIST:" }, { "Client offered DTLS version with major version 0xFF", ":UNSUPPORTED_PROTOCOL:" }, + { "Client offered SSLv3 which is not supported", ":UNSUPPORTED_PROTOCOL:" }, { "Client offered TLS version with major version under 3", ":UNSUPPORTED_PROTOCOL:" }, { "Client policy prohibits insecure renegotiation", ":RENEGOTIATION_MISMATCH:" }, { "Client policy prohibits renegotiation", ":NO_RENEGOTIATION:" }, @@ -135,10 +136,11 @@ std::string map_to_bogo_error(const std::string& e) { "Policy refuses to accept signing with any hash supported by peer", ":NO_COMMON_SIGNATURE_ALGORITHMS:" }, { "Policy requires client send a certificate, but it did not", ":PEER_DID_NOT_RETURN_A_CERTIFICATE:" }, { "Received a record that exceeds maximum size", ":ENCRYPTED_LENGTH_TOO_LONG:" }, - { "Received unexpected record version in initial record", ":WRONG_VERSION_NUMBER:" }, - { "Received unexpected record version", ":WRONG_VERSION_NUMBER:" }, { "Received application data after connection closure", ":APPLICATION_DATA_ON_SHUTDOWN:" }, { "Received handshake data after connection closure", ":NO_RENEGOTIATION:" }, + { "Received unexpected record version in initial record", ":WRONG_VERSION_NUMBER:" }, + { "Received unexpected record version", ":WRONG_VERSION_NUMBER:" }, + { "Server attempting to negotiate SSLv3 which is not supported", ":UNSUPPORTED_PROTOCOL:" }, { "Server certificate changed during renegotiation", ":SERVER_CERT_CHANGED:" }, { "Server changed its mind about extended master secret", ":RENEGOTIATION_EMS_MISMATCH:" }, { "Server changed its mind about secure renegotiation", ":RENEGOTIATION_MISMATCH:" }, @@ -174,7 +176,6 @@ std::string map_to_bogo_error(const std::string& e) { "Test requires rejecting cert", ":CERTIFICATE_VERIFY_FAILED:" }, { "Unexpected ALPN protocol", ":INVALID_ALPN_PROTOCOL:" }, { "Unexpected record type 42 from counterparty", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake got a certificate_request expected server_hello_done seen server_hello+server_key_exchange", ":UNEXPECTED_MESSAGE:" }, { "Unexpected state transition in handshake got a certificate_request expected server_key_exchange|server_hello_done seen server_hello", ":UNEXPECTED_MESSAGE:" }, { "Unexpected state transition in handshake got a certificate_status expected certificate seen server_hello", ":UNEXPECTED_MESSAGE:" }, @@ -188,9 +189,8 @@ std::string map_to_bogo_error(const std::string& e) { "Unexpected state transition in handshake got a finished expected change_cipher_spec seen server_hello+certificate+certificate_status+server_key_exchange+server_hello_done+new_session_ticket", ":UNEXPECTED_RECORD:" }, { "Unexpected state transition in handshake got a hello_request expected server_hello", ":UNEXPECTED_MESSAGE:" }, { "Unexpected state transition in handshake got a server_hello_done expected server_key_exchange seen server_hello+certificate+certificate_status", ":UNEXPECTED_MESSAGE:" }, - { "Unexpected state transition in handshake got a server_key_exchange not expecting messages", ":BAD_HELLO_REQUEST:" }, { "Unexpected state transition in handshake got a server_key_exchange expected certificate_request|server_hello_done seen server_hello+certificate+certificate_status", ":UNEXPECTED_MESSAGE:" }, - + { "Unexpected state transition in handshake got a server_key_exchange not expecting messages", ":BAD_HELLO_REQUEST:" }, { "Unknown TLS handshake message type 43", ":UNEXPECTED_MESSAGE:" }, { "Unknown TLS handshake message type 44", ":UNEXPECTED_MESSAGE:" }, { "Unknown TLS handshake message type 45", ":UNEXPECTED_MESSAGE:" }, diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json index b16025976..8aaf123db 100644 --- a/src/bogo_shim/config.json +++ b/src/bogo_shim/config.json @@ -35,9 +35,6 @@ "Downgrade-*-Client-Ignore": "Not possible to ignore downgrade indicator", "Downgrade-TLS12-*": "Not a downgrade when we don't support v1.3", - "*SSL3*": "No SSLv3", - "*SSLv3*": "No SSLv3", - "*QUIC*": "No QUIC", "ALPS*": "No ALPS", |