1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
{
"LooseErrorTests": {
"AppDataBeforeHandshake": "BoGo expects different error before vs after CCS",
"AppDataBeforeHandshake-Empty": "Invalid record message",
"ServerHelloBogusCipher": "Unexpected error",
"Garbage": "Decoding error",
"Resume-Client-CipherMismatch": "Unexpected error",
"InvalidECDHPoint-Server": "Unexpected error",
"NoSharedCipher": "Unexpected error"
},
"DisabledTests": {
"*KeyUpdate*": "No TLS 1.3",
"*TLS13*": "No TLS 1.3",
"Server-JDK11*": "No TLS 1.3",
"*Binder*": "No TLS 1.3",
"PartialEncryptedExtensionsWithServerHello": "No TLS 1.3",
"Client-RejectJDK11DowngradeRandom": "No TLS 1.3",
"FragmentedClientVersion": "No TLS 1.3",
"NoExportEarlyKeyingMaterial*": "No TLS 1.3",
"EarlyDataEnabled*": "No TLS 1.3",
"DelegatedCredentials*": "No TLS 1.3",
"ConflictingVersionNegotiation*": "No support for 1.3 version extension",
"VersionNegotiationExtension*": "No support for 1.3 version extension",
"IgnoreClientVersionOrder": "No support for 1.3 version extension",
"NoSupportedVersions": "No support for 1.3 version extension",
"DuplicateCertCompressionExt*": "No support for 1.3 cert compression extension",
"Downgrade*": "The 1.3 downgrade indicator is not implemented",
"*SSL3*": "No SSLv3",
"*SSLv3*": "No SSLv3",
"*NPN*": "No support for NPN",
"ALPNServer-Preferred-*": "No support for NPN",
"*-NextProtocol": "No support for NPN",
"*SignedCertificateTimestamp*": "No support for SCT",
"*SCT*": "No support for SCT",
"Renegotiation-ChangeAuthProperties": "No support for SCT",
"*NULL-SHA*": "No support for NULL ciphers",
"*GREASE*": "No support for GREASE",
"QUICTransportParams*": "No support for QUIC",
"*ChannelID*": "No support for ChannelID",
"*TokenBinding*": "No support for Token Binding",
"ClientHelloPadding": "No support for client hello padding extension",
"TLSUnique*": "Not supported",
"*CECPQ2*": "Not implemented",
"*P-224*": "P-224 not supported in TLS",
"*V2ClientHello*": "No support for SSLv2 client hellos",
"*Ed25519*": "Ed25519 not implemented in TLS",
"Http*": "Stack does not have detection logic for HTTP",
"*FalseStart*": "Botan doesn't do false start",
"MaxSendFragment*": "Maximum fragment extension not supported",
"ExportKeyingMaterial-EmptyContext*": "No support for empty context",
"ExportTrafficSecrets-*": "Not implemented",
"Peek-*": "No peek API",
"*OldCallback*": "BoringSSL specific API test",
"CBCRecordSplittingPartialWrite*": "BoringSSL specific API test",
"TicketCallback*": "BoringSSL specific API test",
"Server-DDoS*": "BoringSSL specific API test",
"RetainOnlySHA256-*": "BoringSSL specific API test",
"Renegotiate-Client-UnfinishedWrite": "BoringSSL specific API test",
"FailEarlyCallback": "BoringSSL specific API test",
"ShimTicketRewritable": "Botan has a different ticket format",
"Resume-Server-DeclineCrossVersion*": "Botan has a different ticket format",
"Resume-Server-DeclineBadCipher*": "Botan has a different ticket format",
"Resume-Server-CipherNotPreferred*": "Botan has a different ticket format",
"TLS*-NoTicket-NoAccept": "BoGo expects that if ticket is issued stateful resumption is impossible",
"CheckLeafCurve": "Botan ignores this",
"OCSPStapling-Server-*": "Server doesn't support OCSP stapling currently",
"UnsolicitedCertificateExtensions-TLS*": "Server doesn't support OCSP stapling currently",
"ServerOCSPCallback*": "Server doesn't support OCSP stapling currently",
"CertificateVerificationDoesNotFailOnResume*": "Botan doesn't support reverify on resume",
"CertificateVerificationFailsOnResume*": "Botan doesn't support reverify on resume",
"CertificateVerificationPassesOnResume*": "Botan doesn't support reverify on resume",
"CipherNegotiation-2": "No support for cipher equivalence classes",
"CipherNegotiation-3": "No support for cipher equivalence classes",
"CipherNegotiation-4": "No support for cipher equivalence classes",
"CipherNegotiation-5": "No support for cipher equivalence classes",
"CipherNegotiation-8": "No support for cipher equivalence classes",
"ALPNServer-SelectEmpty-*": "Botan treats empty ALPN from callback as a decline",
"ServerAuth-Verify-ECDSA-P521-SHA512-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.",
"ServerAuth-Verify-ECDSA-SHA1-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.",
"ClientAuth-Verify-ECDSA-P521-SHA512-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.",
"ClientAuth-Verify-ECDSA-SHA1-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.",
"*Renegotiate-Server-Forbidden*": "Testing some BoringSSL specific restriction",
"Resume-Client-NoResume-TLS1-TLS11": "BoGo expects resumption attempt sends latest version",
"Resume-Client-NoResume-TLS1-TLS12": "BoGo expects resumption attempt sends latest version",
"Resume-Client-NoResume-TLS11-TLS12": "BoGo expects resumption attempt sends latest version",
"Resume-Client-NoResume-TLS1-TLS12-DTLS": "BoGo expects resumption attempt sends latest version",
"Resume-Client-Mismatch-TLS1-TLS11": "BoGo expects resumption attempt sends latest version",
"Resume-Client-Mismatch-TLS1-TLS12": "BoGo expects resumption attempt sends latest version",
"Resume-Client-Mismatch-TLS11-TLS12": "BoGo expects resumption attempt sends latest version",
"Resume-Client-Mismatch-TLS1-TLS12-DTLS": "BoGo expects resumption attempt sends latest version",
"CurveTest-Client-Compressed*": "Point compression is supported, which BoGo doesn't expect",
"PointFormat-Client-MissingUncompressed": "Point compression is supported, which BoGo doesn't expect",
"CurveTest-Server-Compressed*": "Point compression is supported, which BoGo doesn't expect",
"PointFormat-Server-MissingUncompressed": "Point compression is supported, which BoGo doesn't expect",
"RSAPSSSupport-ConfigNoPSS-NoCerts-TLS12-Client": "Not possible to disable PSS",
"RSAPSSSupport-ConfigNoPSS-TLS12-Client": "Not possible to disable PSS",
"RSAPSSSupport-ConfigPSS-NoCerts-TLS12-Client": "Not possible to disable PSS",
"RSAPSSSupport-Default-NoCerts-TLS12-Client": "Not possible to disable PSS",
"RSAPSSSupport-ConfigNoPSS-NoCerts-TLS12-Server": "Not possible to disable PSS",
"RSAPSSSupport-ConfigNoPSS-TLS12-Server": "Not possible to disable PSS",
"RSAPSSSupport-ConfigPSS-NoCerts-TLS12-Server": "Not possible to disable PSS",
"RSAPSSSupport-Default-NoCerts-TLS12-Server": "Not possible to disable PSS",
"SRTP-Server-IgnoreMKI-*": "Non-empty MKI is rejected",
"DTLS-Replay*": "Needs analysis",
"DTLS-Retransmit*": "Shim needs timeout support",
"AppDataAfterChangeCipherSpec-DTLS*": "Needs investigation",
"BadChangeCipherSpec-DTLS-*": "Needs investigation",
"DTLS-StrayRetransmitFinished-ClientFull": "Needs investigation",
"DTLS-StrayRetransmitFinished-ServerResume": "Needs investigation",
"DisableEverything-DTLS": "Needs investigation",
"LargeCiphertext-DTLS": "Needs investigation",
"MajorVersionTolerance-DTLS": "Needs investigation",
"MinimumVersion-Client-TLS12-TLS1-DTLS": "Needs investigation",
"MinimumVersion-Server-TLS12-TLS1-DTLS": "Needs investigation",
"MixCompleteMessageWithFragments-DTLS": "Needs investigation",
"NoSupportedVersions-DTLS": "Needs investigation",
"ReorderHandshakeFragments-Small-DTLS": "Needs investigation",
"SendUnencryptedFinished-DTLS": "Needs investigation",
"VersionNegotiation-Client-TLS1-TLS12-DTLS": "Needs investigation",
"VersionNegotiation-Server-TLS1-TLS12-DTLS": "Needs investigation",
"VersionTooLow-DTLS": "Needs investigation",
"Shutdown-Shim-ApplicationData*": "Needs investigation",
"Shutdown-Shim-HelloRequest-CannotHandshake*": "Needs investigation",
"Shutdown-Shim-HelloRequest-Reject*": "Needs investigation",
"Unclean-Shutdown": "Needs investigation",
"Unclean-Shutdown-Alert": "Needs investigation",
"MTUExceeded": "BoringSSL splits DTLS handshakes differently",
"ClientOCSPCallback-FailNoStaple-*-DTLS*": "Alert problem",
"MinimumVersion-Client2-TLS12-TLS1-DTLS": "Alert problem",
"SendBogusAlertType-DTLS": "Alert problem",
"TrailingMessageData-*-DTLS*": "Alert problem",
"WrongMessageType-*-DTLS*": "Alert problem",
"Renegotiate-Client-Packed": "Packing HelloRequest with Finished loses the HelloRequest (bug)",
"SendHalfHelloRequest*PackHandshake": "Packing HelloRequest with Finished loses the HelloRequest (bug)",
"PartialClientFinishedWithClientHello": "Need to check for buffered messages when CCS (bug)",
"SendOCSPResponseOnResume-TLS12": "Not supported by Botan (bug)",
"ECDSAKeyUsage-TLS12": "Botan ignores KeyUsage (bug)",
"RSAKeyUsage-*": "Botan ignores KeyUsage (bug)"
}
}
|
