{ "LooseErrorTests": { "AppDataBeforeHandshake": "BoGo expects different error before vs after CCS", "AppDataBeforeHandshake-Empty": "Invalid record message", "ServerHelloBogusCipher": "Unexpected error", "Garbage": "Decoding error", "Resume-Client-CipherMismatch": "Unexpected error", "InvalidECDHPoint-Server": "Unexpected error", "NoSharedCipher": "Unexpected error", "PartialFinishedWithServerHelloDone": "Unexpected record vs excess handshake data" }, "DisabledTests": { "*TLS1": "No TLS 1.0", "*-TLS1-*": "No TLS 1.0", "*-TLS10-*": "No TLS 1.0", "TLS1-*": "No TLS 1.0", "VersionNegotiation*-TLS": "No TLS 1.0", "VersionNegotiation*-DTLS": "No DTLS 1.0", "*TLS11": "No TLS 1.1", "*-TLS11-*": "No TLS 1.1", "TLS11-*": "No TLS 1.1", "CBCRecordSplitting*": "No need to split CBC records in TLS 1.2", "*SCSV*": "SCSV is meaningless without TLS 1.0/1.1 support", "*KeyUpdate*": "No TLS 1.3", "*TLS13*": "No TLS 1.3", "Server-JDK11*": "No TLS 1.3", "*Binder*": "No TLS 1.3", "PartialEncryptedExtensionsWithServerHello": "No TLS 1.3", "Client-RejectJDK11DowngradeRandom": "No TLS 1.3", "FragmentedClientVersion": "No TLS 1.3", "NoExportEarlyKeyingMaterial*": "No TLS 1.3", "EarlyDataEnabled*": "No TLS 1.3", "DelegatedCredentials*": "No TLS 1.3", "ExportTrafficSecrets-*": "No TLS 1.3", "IgnoreClientVersionOrder": "No TLS 1.3", "Resume-Server-OmitPSKsOnSecondClientHello": "No TLS 1.3", "PartialServerHelloWithHelloRetryRequest": "No TLS 1.3", "PartialClientFinishedWithSecondClientHello": "No TLS 1.3", "ECH*": "No ECH support", "DuplicateCertCompressionExt*": "No support for 1.3 cert compression extension", "SupportedVersionSelection-TLS12": "We just ignore the version extension in this case", "Downgrade-*-Client-Ignore": "Not possible to ignore downgrade indicator", "Downgrade-TLS12-*": "Not a downgrade when we don't support v1.3", "Agree-Digest-SHA1": "No SHA-1 in TLS 1.2", "ServerAuth-SHA1-Fallback-*": "No SHA-1 in TLS 1.2", "*-InvalidSignature-*_SHA1-TLS12": "No SHA-1 in TLS 1.2", "*-Sign-*_SHA1-TLS12": "No SHA-1 in TLS 1.2", "*-Sign-Negotiate-*_SHA1-TLS12": "No SHA-1 in TLS 1.2", "*-VerifyDefault-*_SHA1-TLS12": "No SHA-1 in TLS 1.2", "*-Verify-*_SHA1-TLS12": "No SHA-1 in TLS 1.2", "*QUIC*": "No QUIC", "ALPS*": "No ALPS", "EarlyData-Reject0RTT*": "No support for 0RTT", "PartialEndOfEarlyDataWithClientHello": "No support for 0RTT", "*NPN*": "No support for NPN", "ALPNServer-Preferred-*": "No support for NPN", "*-NextProtocol*": "No support for NPN", "*SignedCertificateTimestamp*": "No support for SCT", "*SCT*": "No support for SCT", "Renegotiation-ChangeAuthProperties": "No support for SCT", "UnsolicitedCertificateExtensions-*": "No support for SCT", "CertificateVerificationSoftFail*": "Fail, but don't fail... wtf?", "*NULL-SHA*": "No support for NULL ciphers", "*WITH_NULL*": "No support for NULL ciphers", "*GREASE*": "No support for GREASE", "*ChannelID*": "No support for ChannelID", "*TokenBinding*": "No support for Token Binding", "ClientHelloPadding": "No support for client hello padding extension", "TLSUnique*": "Not supported", "*CECPQ2*": "Not implemented", "PQExperimentSignal*": "Not implemented", "*P-224*": "P-224 not supported in TLS", "*V2ClientHello*": "No support for SSLv2 client hellos", "*Ed25519*": "Ed25519 not implemented in TLS", "*FalseStart*": "Botan doesn't do false start", "MaxSendFragment*": "Maximum fragment extension not supported", "ExportKeyingMaterial-EmptyContext*": "No support for empty context", "Peek-*": "No peek API", "*OldCallback*": "BoringSSL specific API test", "*Renegotiate-Client-Explicit*": "BoringSSL specific API test", "CBCRecordSplittingPartialWrite*": "BoringSSL specific API test", "TicketCallback*": "BoringSSL specific API test", "Server-DDoS*": "BoringSSL specific API test", "RetainOnlySHA256-*": "BoringSSL specific API test", "Renegotiate-Client-UnfinishedWrite": "BoringSSL specific API test", "FailEarlyCallback": "BoringSSL specific API test", "ShimTicketRewritable": "Botan has a different ticket format", "Resume-Server-DeclineCrossVersion*": "Botan has a different ticket format", "Resume-Server-DeclineBadCipher*": "Botan has a different ticket format", "Resume-Server-CipherNotPreferred*": "Botan has a different ticket format", "TLS*-NoTicket-NoAccept": "BoGo expects that if ticket is issued stateful resumption is impossible", "CheckLeafCurve": "Botan doesn't care what curve an ECDSA cert uses", "CertificateVerificationDoesNotFailOnResume*": "Botan doesn't support reverify on resume", "CertificateVerificationFailsOnResume*": "Botan doesn't support reverify on resume", "CertificateVerificationPassesOnResume*": "Botan doesn't support reverify on resume", "CipherNegotiation-2": "No support for cipher equivalence classes", "CipherNegotiation-3": "No support for cipher equivalence classes", "CipherNegotiation-4": "No support for cipher equivalence classes", "CipherNegotiation-5": "No support for cipher equivalence classes", "CipherNegotiation-8": "No support for cipher equivalence classes", "ALPNServer-SelectEmpty-*": "Botan treats empty ALPN from callback as a decline", "AppDataAfterChangeCipherSpec-DTLS*": "BoringSSL DTLS drops out of order AppData, we reject", "Resume-Client-NoResume-TLS1-TLS11-TLS": "BoGo expects resumption attempt sends latest version", "Resume-Client-NoResume-TLS1-TLS12-TLS": "BoGo expects resumption attempt sends latest version", "Resume-Client-NoResume-TLS11-TLS12-TLS": "BoGo expects resumption attempt sends latest version", "Resume-Client-NoResume-TLS1-TLS12-DTLS": "BoGo expects resumption attempt sends latest version", "Resume-Client-Mismatch-TLS1-TLS11-TLS": "BoGo expects resumption attempt sends latest version", "Resume-Client-Mismatch-TLS1-TLS12-TLS": "BoGo expects resumption attempt sends latest version", "Resume-Client-Mismatch-TLS11-TLS12-TLS": "BoGo expects resumption attempt sends latest version", "Resume-Client-Mismatch-TLS1-TLS12-DTLS": "BoGo expects resumption attempt sends latest version", "LooseInitialRecordVersion-TLS12": "Botan is somewhat strict about the record version number", "CurveTest-*-Compressed*": "Point compression is supported, which BoGo doesn't expect", "PointFormat-*-MissingUncompressed": "Point compression is supported, which BoGo doesn't expect", "RSAPSSSupport-ConfigPSS-NoCerts-TLS12-*": "Needs investigation", "RSAPSSSupport-Default-NoCerts-TLS12-*": "Needs investigation", "DTLS-Retransmit*": "Shim needs timeout support", "DTLS-StrayRetransmitFinished-ClientFull": "Needs investigation", "DTLS-StrayRetransmitFinished-ServerResume": "Needs investigation", "SRTP-Server-IgnoreMKI-*": "Non-empty MKI is rejected (bug)", "Renegotiate-Client-Packed": "Packing HelloRequest with Finished loses the HelloRequest (bug)", "SendHalfHelloRequest*PackHandshake": "Packing HelloRequest with Finished loses the HelloRequest (bug)", "PartialClientFinishedWithClientHello": "Need to check for buffered messages when CCS (bug)", "SendUnencryptedFinished-DTLS": "Need to check for buffered messages when CCS (bug)", "RSAKeyUsage-*-UnenforcedTLS*": "We always enforce key usage" } }