1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
{
"LooseErrorTests": {
"AppDataBeforeHandshake": "BoGo expects different error before vs after CCS",
"AppDataBeforeHandshake-Empty": "Invalid record message",
"ServerHelloBogusCipher": "Unexpected error",
"Garbage": "Decoding error",
"Resume-Client-CipherMismatch": "Unexpected error",
"InvalidECDHPoint-Server": "Unexpected error",
"NoSharedCipher": "Unexpected error"
},
"DisabledTests": {
"*KeyUpdate*": "No TLS 1.3",
"*TLS13*": "No TLS 1.3",
"Server-JDK11*": "No TLS 1.3",
"*Binder*": "No TLS 1.3",
"PartialEncryptedExtensionsWithServerHello": "No TLS 1.3",
"Client-RejectJDK11DowngradeRandom": "No TLS 1.3",
"FragmentedClientVersion": "No TLS 1.3",
"NoExportEarlyKeyingMaterial*": "No TLS 1.3",
"EarlyDataEnabled*": "No TLS 1.3",
"DelegatedCredentials*": "No TLS 1.3",
"ExportTrafficSecrets-*": "No TLS 1.3",
"IgnoreClientVersionOrder": "No TLS 1.3",
"DuplicateCertCompressionExt*": "No support for 1.3 cert compression extension",
"SupportedVersionSelection-TLS12": "We just ignore the version extension in this case",
"Downgrade*": "The 1.3 downgrade indicator is not implemented",
"*SSL3*": "No SSLv3",
"*SSLv3*": "No SSLv3",
"*NPN*": "No support for NPN",
"ALPNServer-Preferred-*": "No support for NPN",
"*-NextProtocol": "No support for NPN",
"*SignedCertificateTimestamp*": "No support for SCT",
"*SCT*": "No support for SCT",
"Renegotiation-ChangeAuthProperties": "No support for SCT",
"UnsolicitedCertificateExtensions-TLS*": "No support for SCT",
"*NULL-SHA*": "No support for NULL ciphers",
"*GREASE*": "No support for GREASE",
"QUICTransportParams*": "No support for QUIC",
"*ChannelID*": "No support for ChannelID",
"*TokenBinding*": "No support for Token Binding",
"ClientHelloPadding": "No support for client hello padding extension",
"TLSUnique*": "Not supported",
"*CECPQ2*": "Not implemented",
"*P-224*": "P-224 not supported in TLS",
"*V2ClientHello*": "No support for SSLv2 client hellos",
"*Ed25519*": "Ed25519 not implemented in TLS",
"Http*": "Stack does not have detection logic for HTTP",
"*FalseStart*": "Botan doesn't do false start",
"MaxSendFragment*": "Maximum fragment extension not supported",
"ExportKeyingMaterial-EmptyContext*": "No support for empty context",
"Peek-*": "No peek API",
"*OldCallback*": "BoringSSL specific API test",
"CBCRecordSplittingPartialWrite*": "BoringSSL specific API test",
"TicketCallback*": "BoringSSL specific API test",
"Server-DDoS*": "BoringSSL specific API test",
"RetainOnlySHA256-*": "BoringSSL specific API test",
"Renegotiate-Client-UnfinishedWrite": "BoringSSL specific API test",
"FailEarlyCallback": "BoringSSL specific API test",
"ShimTicketRewritable": "Botan has a different ticket format",
"Resume-Server-DeclineCrossVersion*": "Botan has a different ticket format",
"Resume-Server-DeclineBadCipher*": "Botan has a different ticket format",
"Resume-Server-CipherNotPreferred*": "Botan has a different ticket format",
"TLS*-NoTicket-NoAccept": "BoGo expects that if ticket is issued stateful resumption is impossible",
"CheckLeafCurve": "Botan doesn't care what curve an ECDSA cert uses",
"CertificateVerificationDoesNotFailOnResume*": "Botan doesn't support reverify on resume",
"CertificateVerificationFailsOnResume*": "Botan doesn't support reverify on resume",
"CertificateVerificationPassesOnResume*": "Botan doesn't support reverify on resume",
"CipherNegotiation-2": "No support for cipher equivalence classes",
"CipherNegotiation-3": "No support for cipher equivalence classes",
"CipherNegotiation-4": "No support for cipher equivalence classes",
"CipherNegotiation-5": "No support for cipher equivalence classes",
"CipherNegotiation-8": "No support for cipher equivalence classes",
"ALPNServer-SelectEmpty-*": "Botan treats empty ALPN from callback as a decline",
"ServerAuth-Verify-ECDSA-P521-SHA512-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.",
"ServerAuth-Verify-ECDSA-SHA1-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.",
"ClientAuth-Verify-ECDSA-P521-SHA512-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.",
"ClientAuth-Verify-ECDSA-SHA1-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.",
"AppDataAfterChangeCipherSpec-DTLS*": "BoringSSL DTLS drops out of order AppData, we reject",
"MTUExceeded": "BoringSSL splits DTLS handshakes differently",
"Resume-Client-NoResume-TLS1-TLS11": "BoGo expects resumption attempt sends latest version",
"Resume-Client-NoResume-TLS1-TLS12": "BoGo expects resumption attempt sends latest version",
"Resume-Client-NoResume-TLS11-TLS12": "BoGo expects resumption attempt sends latest version",
"Resume-Client-NoResume-TLS1-TLS12-DTLS": "BoGo expects resumption attempt sends latest version",
"Resume-Client-Mismatch-TLS1-TLS11": "BoGo expects resumption attempt sends latest version",
"Resume-Client-Mismatch-TLS1-TLS12": "BoGo expects resumption attempt sends latest version",
"Resume-Client-Mismatch-TLS11-TLS12": "BoGo expects resumption attempt sends latest version",
"Resume-Client-Mismatch-TLS1-TLS12-DTLS": "BoGo expects resumption attempt sends latest version",
"CurveTest-Client-Compressed*": "Point compression is supported, which BoGo doesn't expect",
"PointFormat-Client-MissingUncompressed": "Point compression is supported, which BoGo doesn't expect",
"CurveTest-Server-Compressed*": "Point compression is supported, which BoGo doesn't expect",
"PointFormat-Server-MissingUncompressed": "Point compression is supported, which BoGo doesn't expect",
"RSAPSSSupport-ConfigNoPSS-NoCerts-TLS12-Client": "Not possible to disable PSS",
"RSAPSSSupport-ConfigNoPSS-TLS12-Client": "Not possible to disable PSS",
"RSAPSSSupport-ConfigPSS-NoCerts-TLS12-Client": "Not possible to disable PSS",
"RSAPSSSupport-Default-NoCerts-TLS12-Client": "Not possible to disable PSS",
"RSAPSSSupport-ConfigNoPSS-NoCerts-TLS12-Server": "Not possible to disable PSS",
"RSAPSSSupport-ConfigNoPSS-TLS12-Server": "Not possible to disable PSS",
"RSAPSSSupport-ConfigPSS-NoCerts-TLS12-Server": "Not possible to disable PSS",
"RSAPSSSupport-Default-NoCerts-TLS12-Server": "Not possible to disable PSS",
"DTLS-Retransmit*": "Shim needs timeout support",
"DTLS-StrayRetransmitFinished-ClientFull": "Needs investigation",
"DTLS-StrayRetransmitFinished-ServerResume": "Needs investigation",
"MixCompleteMessageWithFragments-DTLS": "Needs investigation",
"ReorderHandshakeFragments-Small-DTLS": "Needs investigation",
"Shutdown-Shim-ApplicationData*": "Needs investigation",
"Shutdown-Shim-HelloRequest-CannotHandshake*": "Needs investigation",
"Shutdown-Shim-HelloRequest-Reject*": "Needs investigation",
"Shutdown-Shim-Renegotiate-Server-Forbidden*": "Needs investigation",
"Unclean-Shutdown": "Needs investigation",
"Unclean-Shutdown-Alert": "Needs investigation",
"SRTP-Server-IgnoreMKI-*": "Non-empty MKI is rejected (bug)",
"Renegotiate-Client-Packed": "Packing HelloRequest with Finished loses the HelloRequest (bug)",
"SendHalfHelloRequest*PackHandshake": "Packing HelloRequest with Finished loses the HelloRequest (bug)",
"PartialClientFinishedWithClientHello": "Need to check for buffered messages when CCS (bug)",
"SendUnencryptedFinished-DTLS": "Need to check for buffered messages when CCS (bug)",
"SendOCSPResponseOnResume-TLS12": "Not supported by Botan (bug)",
"ECDSAKeyUsage-TLS12": "Botan ignores KeyUsage (bug)",
"RSAKeyUsage-*": "Botan ignores KeyUsage (bug)"
}
}
|