{ "LooseErrorTests": { "AppDataBeforeHandshake": "BoGo expects different error before vs after CCS", "AppDataBeforeHandshake-Empty": "Invalid record message", "ServerHelloBogusCipher": "Unexpected error", "Garbage": "Decoding error", "Resume-Client-CipherMismatch": "Unexpected error", "InvalidECDHPoint-Server": "Unexpected error", "NoSharedCipher": "Unexpected error" }, "DisabledTests": { "*KeyUpdate*": "No TLS 1.3", "*TLS13*": "No TLS 1.3", "Server-JDK11*": "No TLS 1.3", "*Binder*": "No TLS 1.3", "PartialEncryptedExtensionsWithServerHello": "No TLS 1.3", "Client-RejectJDK11DowngradeRandom": "No TLS 1.3", "FragmentedClientVersion": "No TLS 1.3", "NoExportEarlyKeyingMaterial*": "No TLS 1.3", "EarlyDataEnabled*": "No TLS 1.3", "DelegatedCredentials*": "No TLS 1.3", "ConflictingVersionNegotiation*": "No support for 1.3 version extension", "VersionNegotiationExtension*": "No support for 1.3 version extension", "IgnoreClientVersionOrder": "No support for 1.3 version extension", "NoSupportedVersions": "No support for 1.3 version extension", "DuplicateCertCompressionExt*": "No support for 1.3 cert compression extension", "Downgrade*": "The 1.3 downgrade indicator is not implemented", "*SSL3*": "No SSLv3", "*SSLv3*": "No SSLv3", "*NPN*": "No support for NPN", "ALPNServer-Preferred-*": "No support for NPN", "*-NextProtocol": "No support for NPN", "*SignedCertificateTimestamp*": "No support for SCT", "*SCT*": "No support for SCT", "Renegotiation-ChangeAuthProperties": "No support for SCT", "*NULL-SHA*": "No support for NULL ciphers", "*GREASE*": "No support for GREASE", "QUICTransportParams*": "No support for QUIC", "*ChannelID*": "No support for ChannelID", "*TokenBinding*": "No support for Token Binding", "ClientHelloPadding": "No support for client hello padding extension", "TLSUnique*": "Not supported", "*CECPQ2*": "Not implemented", "*P-224*": "P-224 not supported in TLS", "*V2ClientHello*": "No support for SSLv2 client hellos", "*Ed25519*": "Ed25519 not implemented in TLS", "Http*": "Stack does not have detection logic for HTTP", "*FalseStart*": "Botan doesn't do false start", "MaxSendFragment*": "Maximum fragment extension not supported", "ExportKeyingMaterial-EmptyContext*": "No support for empty context", "ExportTrafficSecrets-*": "Not implemented", "Peek-*": "No peek API", "*OldCallback*": "BoringSSL specific API test", "CBCRecordSplittingPartialWrite*": "BoringSSL specific API test", "TicketCallback*": "BoringSSL specific API test", "Server-DDoS*": "BoringSSL specific API test", "RetainOnlySHA256-*": "BoringSSL specific API test", "Renegotiate-Client-UnfinishedWrite": "BoringSSL specific API test", "FailEarlyCallback": "BoringSSL specific API test", "ShimTicketRewritable": "Botan has a different ticket format", "Resume-Server-DeclineCrossVersion*": "Botan has a different ticket format", "Resume-Server-DeclineBadCipher*": "Botan has a different ticket format", "Resume-Server-CipherNotPreferred*": "Botan has a different ticket format", "TLS*-NoTicket-NoAccept": "BoGo expects that if ticket is issued stateful resumption is impossible", "CheckLeafCurve": "Botan ignores this", "OCSPStapling-Server-*": "Server doesn't support OCSP stapling currently", "UnsolicitedCertificateExtensions-TLS*": "Server doesn't support OCSP stapling currently", "ServerOCSPCallback*": "Server doesn't support OCSP stapling currently", "CertificateVerificationDoesNotFailOnResume*": "Botan doesn't support reverify on resume", "CertificateVerificationFailsOnResume*": "Botan doesn't support reverify on resume", "CertificateVerificationPassesOnResume*": "Botan doesn't support reverify on resume", "CipherNegotiation-2": "No support for cipher equivalence classes", "CipherNegotiation-3": "No support for cipher equivalence classes", "CipherNegotiation-4": "No support for cipher equivalence classes", "CipherNegotiation-5": "No support for cipher equivalence classes", "CipherNegotiation-8": "No support for cipher equivalence classes", "ALPNServer-SelectEmpty-*": "Botan treats empty ALPN from callback as a decline", "ServerAuth-Verify-ECDSA-P521-SHA512-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.", "ServerAuth-Verify-ECDSA-SHA1-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.", "ClientAuth-Verify-ECDSA-P521-SHA512-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.", "ClientAuth-Verify-ECDSA-SHA1-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.", "*Renegotiate-Server-Forbidden*": "Testing some BoringSSL specific restriction", "Resume-Client-NoResume-TLS1-TLS11": "BoGo expects resumption attempt sends latest version", "Resume-Client-NoResume-TLS1-TLS12": "BoGo expects resumption attempt sends latest version", "Resume-Client-NoResume-TLS11-TLS12": "BoGo expects resumption attempt sends latest version", "Resume-Client-NoResume-TLS1-TLS12-DTLS": "BoGo expects resumption attempt sends latest version", "Resume-Client-Mismatch-TLS1-TLS11": "BoGo expects resumption attempt sends latest version", "Resume-Client-Mismatch-TLS1-TLS12": "BoGo expects resumption attempt sends latest version", "Resume-Client-Mismatch-TLS11-TLS12": "BoGo expects resumption attempt sends latest version", "Resume-Client-Mismatch-TLS1-TLS12-DTLS": "BoGo expects resumption attempt sends latest version", "CurveTest-Client-Compressed*": "Point compression is supported, which BoGo doesn't expect", "PointFormat-Client-MissingUncompressed": "Point compression is supported, which BoGo doesn't expect", "CurveTest-Server-Compressed*": "Point compression is supported, which BoGo doesn't expect", "PointFormat-Server-MissingUncompressed": "Point compression is supported, which BoGo doesn't expect", "RSAPSSSupport-ConfigNoPSS-NoCerts-TLS12-Client": "Not possible to disable PSS", "RSAPSSSupport-ConfigNoPSS-TLS12-Client": "Not possible to disable PSS", "RSAPSSSupport-ConfigPSS-NoCerts-TLS12-Client": "Not possible to disable PSS", "RSAPSSSupport-Default-NoCerts-TLS12-Client": "Not possible to disable PSS", "RSAPSSSupport-ConfigNoPSS-NoCerts-TLS12-Server": "Not possible to disable PSS", "RSAPSSSupport-ConfigNoPSS-TLS12-Server": "Not possible to disable PSS", "RSAPSSSupport-ConfigPSS-NoCerts-TLS12-Server": "Not possible to disable PSS", "RSAPSSSupport-Default-NoCerts-TLS12-Server": "Not possible to disable PSS", "SRTP-Server-IgnoreMKI-*": "Non-empty MKI is rejected", "DTLS-Replay*": "Needs analysis", "DTLS-Retransmit*": "Shim needs timeout support", "AppDataAfterChangeCipherSpec-DTLS*": "Needs investigation", "BadChangeCipherSpec-DTLS-*": "Needs investigation", "DTLS-StrayRetransmitFinished-ClientFull": "Needs investigation", "DTLS-StrayRetransmitFinished-ServerResume": "Needs investigation", "DisableEverything-DTLS": "Needs investigation", "LargeCiphertext-DTLS": "Needs investigation", "MajorVersionTolerance-DTLS": "Needs investigation", "MinimumVersion-Client-TLS12-TLS1-DTLS": "Needs investigation", "MinimumVersion-Server-TLS12-TLS1-DTLS": "Needs investigation", "MixCompleteMessageWithFragments-DTLS": "Needs investigation", "NoSupportedVersions-DTLS": "Needs investigation", "ReorderHandshakeFragments-Small-DTLS": "Needs investigation", "SendUnencryptedFinished-DTLS": "Needs investigation", "VersionNegotiation-Client-TLS1-TLS12-DTLS": "Needs investigation", "VersionNegotiation-Server-TLS1-TLS12-DTLS": "Needs investigation", "VersionTooLow-DTLS": "Needs investigation", "Shutdown-Shim-ApplicationData*": "Needs investigation", "Shutdown-Shim-HelloRequest-CannotHandshake*": "Needs investigation", "Shutdown-Shim-HelloRequest-Reject*": "Needs investigation", "Unclean-Shutdown": "Needs investigation", "Unclean-Shutdown-Alert": "Needs investigation", "MTUExceeded": "BoringSSL splits DTLS handshakes differently", "ClientOCSPCallback-FailNoStaple-*-DTLS*": "Alert problem", "MinimumVersion-Client2-TLS12-TLS1-DTLS": "Alert problem", "SendBogusAlertType-DTLS": "Alert problem", "TrailingMessageData-*-DTLS*": "Alert problem", "WrongMessageType-*-DTLS*": "Alert problem", "Renegotiate-Client-Packed": "Packing HelloRequest with Finished loses the HelloRequest (bug)", "SendHalfHelloRequest*PackHandshake": "Packing HelloRequest with Finished loses the HelloRequest (bug)", "PartialClientFinishedWithClientHello": "Need to check for buffered messages when CCS (bug)", "SendOCSPResponseOnResume-TLS12": "Not supported by Botan (bug)", "ECDSAKeyUsage-TLS12": "Botan ignores KeyUsage (bug)", "RSAKeyUsage-*": "Botan ignores KeyUsage (bug)" } }