diff options
| author | Jack Lloyd <[email protected]> | 2019-05-24 08:31:56 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2019-05-24 08:31:56 -0400 |
| commit | 92c06e93aa870f76ff3d8c126e47c0cd4ccdad66 (patch) | |
| tree | 81546311bfb591ea917b5675ed133ad904b25db5 /src/bogo_shim | |
| parent | 59e13d195b0ee76bc166504cdbed81a1243dd3f2 (diff) | |
Allow servers to prohibit renegotiation with fatal alert
Diffstat (limited to 'src/bogo_shim')
| -rw-r--r-- | src/bogo_shim/bogo_shim.cpp | 1 | ||||
| -rw-r--r-- | src/bogo_shim/config.json | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp index 5e2e15dbe..049c9dc2f 100644 --- a/src/bogo_shim/bogo_shim.cpp +++ b/src/bogo_shim/bogo_shim.cpp @@ -134,6 +134,7 @@ std::string map_to_bogo_error(const std::string& e) { "Server changed its mind about secure renegotiation", ":RENEGOTIATION_MISMATCH:" }, { "Server changed version after renegotiation", ":WRONG_SSL_VERSION:" }, { "Server downgraded version after renegotiation", ":WRONG_SSL_VERSION:" }, + { "Server policy prohibits renegotiation", ":NO_RENEGOTIATION:" }, { "Server replied using a ciphersuite not allowed in version it offered", ":WRONG_CIPHER_RETURNED:" }, { "Server replied with DTLS-SRTP alg we did not send", ":BAD_SRTP_PROTECTION_PROFILE_LIST:" }, { "Server replied with ciphersuite we didn't send", ":WRONG_CIPHER_RETURNED:" }, diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json index 0193416af..0bf7a8431 100644 --- a/src/bogo_shim/config.json +++ b/src/bogo_shim/config.json @@ -20,6 +20,7 @@ "NoExportEarlyKeyingMaterial*": "No TLS 1.3", "EarlyDataEnabled*": "No TLS 1.3", "DelegatedCredentials*": "No TLS 1.3", + "ExportTrafficSecrets-*": "No TLS 1.3", "ConflictingVersionNegotiation*": "No support for 1.3 version extension", "VersionNegotiationExtension*": "No support for 1.3 version extension", @@ -57,7 +58,6 @@ "*FalseStart*": "Botan doesn't do false start", "MaxSendFragment*": "Maximum fragment extension not supported", "ExportKeyingMaterial-EmptyContext*": "No support for empty context", - "ExportTrafficSecrets-*": "Not implemented", "Peek-*": "No peek API", "*OldCallback*": "BoringSSL specific API test", @@ -97,7 +97,6 @@ "AppDataAfterChangeCipherSpec-DTLS*": "BoringSSL DTLS drops out of order AppData, we reject", "MTUExceeded": "BoringSSL splits DTLS handshakes differently", - "*Renegotiate-Server-Forbidden*": "Testing some BoringSSL specific restriction", "Resume-Client-NoResume-TLS1-TLS11": "BoGo expects resumption attempt sends latest version", "Resume-Client-NoResume-TLS1-TLS12": "BoGo expects resumption attempt sends latest version", "Resume-Client-NoResume-TLS11-TLS12": "BoGo expects resumption attempt sends latest version", @@ -132,6 +131,7 @@ "Shutdown-Shim-ApplicationData*": "Needs investigation", "Shutdown-Shim-HelloRequest-CannotHandshake*": "Needs investigation", "Shutdown-Shim-HelloRequest-Reject*": "Needs investigation", + "Shutdown-Shim-Renegotiate-Server-Forbidden*": "Needs investigation", "Unclean-Shutdown": "Needs investigation", "Unclean-Shutdown-Alert": "Needs investigation", |