| { |
| "DisabledTests": { |
| "*-Async": "We don't support boringssl concept of async", |
| |
| "TLS-ECH-Client-Reject-NoClientCertificate-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled", |
| "TLS-ECH-Client-Reject-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled", |
| "TLS-ECH-Client-TLS12-RejectRetryConfigs": "We won't attempt to negotiate 1.2 if ECH is enabled", |
| "TLS-ECH-Client-Rejected-OverrideName-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled", |
| "TLS-ECH-Client-Reject-TLS12-NoFalseStart": "We won't attempt to negotiate 1.2 if ECH is enabled", |
| "TLS-ECH-Client-TLS12SessionTicket": "We won't attempt to negotiate 1.2 if ECH is enabled", |
| "TLS-ECH-Client-TLS12SessionID": "We won't attempt to negotiate 1.2 if ECH is enabled", |
| |
| "TLS-ECH-Client-Reject-ResumeInnerSession-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled (we could possibly test this if we had the ability to indicate not to send ECH on resumption?)", |
| |
| "TLS-ECH-Client-Reject-EarlyDataRejected": "We don't support switiching out ECH configs with this level of granularity", |
| |
| "TLS-ECH-Client-NoNPN": "We don't support NPN", |
| |
| "TLS-ECH-Client-ChannelID": "We don't support sending channel ID", |
| "TLS-ECH-Client-Reject-NoChannelID-TLS13": "We don't support sending channel ID", |
| "TLS-ECH-Client-Reject-NoChannelID-TLS12": "We don't support sending channel ID", |
| |
| "TLS-ECH-Client-GREASE-IgnoreHRRExtension": "We don't support ECH GREASE because we don't fallback to plaintext", |
| "TLS-ECH-Client-NoSupportedConfigs-GREASE": "We don't support ECH GREASE because we don't fallback to plaintext", |
| "TLS-ECH-Client-GREASEExtensions": "We don't support ECH GREASE because we don't fallback to plaintext", |
| "TLS-ECH-Client-GREASE-NoOverrideName": "We don't support ECH GREASE because we don't fallback to plaintext", |
| |
| "TLS-ECH-Client-UnsolicitedInnerServerNameAck": "We don't allow sending empty SNI without skipping certificate verification, TODO: could add special flag to bogo to indicate 'empty sni'", |
| |
| "TLS-ECH-Client-NoSupportedConfigs": "We don't support fallback to cleartext when there are no valid ECH configs", |
| "TLS-ECH-Client-SkipInvalidPublicName": "We don't support fallback to cleartext when there are no valid ECH configs", |
| |
| |
| "*ECH-Server*": "no ECH server support", |
| "SendV2ClientHello*": "We don't support SSLv2", |
| "*QUIC*": "No QUIC support", |
| "Compliance-fips*": "No FIPS", |
| "*DTLS*": "No DTLS", |
| "SendEmptyRecords*": "crypto/tls doesn't implement spam protections", |
| "SendWarningAlerts*": "crypto/tls doesn't implement spam protections", |
| "TooManyKeyUpdates": "crypto/tls doesn't implement spam protections (TODO: I think?)", |
| "KyberNotEnabledByDefaultInClients": "crypto/tls intentionally enables it", |
| "JustConfiguringKyberWorks": "we always send a X25519 key share with Kyber", |
| "KyberKeyShareIncludedSecond": "we always send the Kyber key share first", |
| "KyberKeyShareIncludedThird": "we always send the Kyber key share first", |
| "SkipNewSessionTicket": "TODO confusing? maybe bug", |
| "SendUserCanceledAlerts*": "TODO may be a real bug?", |
| "GREASE-Server-TLS13": "TODO ???", |
| "GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate", |
| "SendBogusAlertType": "sending wrong alert type", |
| "EchoTLS13CompatibilitySessionID": "TODO reject compat session ID", |
| "*Client-P-224*": "no P-224 support", |
| "*Server-P-224*": "no P-224 support", |
| "CurveID-Resume*": "unexposed curveID is not stored in the ticket yet", |
| "CheckLeafCurve": "TODO: first pass, this should be fixed", |
| "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed", |
| "UnsupportedCurve": "TODO: first pass, this should be fixed", |
| "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed", |
| "NoNullCompression-TLS12": "TODO: first pass, this should be fixed", |
| "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed", |
| "TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed", |
| "InvalidCompressionMethod": "TODO: first pass, this should be fixed", |
| "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed", |
| "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", |
| "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", |
| "TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", |
| "TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed", |
| "TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", |
| "TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", |
| "TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", |
| "TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed", |
| "RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed", |
| "RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed", |
| "RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed", |
| "ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed", |
| "MinorVersionTolerance": "TODO: first pass, this should be fixed", |
| "IgnoreClientVersionOrder": "TODO: first pass, this should be fixed", |
| "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed", |
| "MajorVersionTolerance": "TODO: first pass, this should be fixed", |
| "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed", |
| "DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed", |
| "UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed", |
| "TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed", |
| "DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed", |
| "DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed", |
| "UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed", |
| "TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed", |
| "DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed", |
| "DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed", |
| "UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed", |
| "TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed", |
| "DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed", |
| "DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed", |
| "UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed", |
| "RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed", |
| "EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed", |
| "SendUnsolicitedOCSPOnCertificate-TLS13": "TODO: first pass, this should be fixed", |
| "SendUnsolicitedSCTOnCertificate-TLS13": "TODO: first pass, this should be fixed", |
| "SendUnknownExtensionOnCertificate-TLS13": "TODO: first pass, this should be fixed", |
| "Resume-Server-NoTickets-TLS1-TLS1-TLS": "TODO: first pass, this should be fixed", |
| "Resume-Server-NoTickets-TLS11-TLS11-TLS": "TODO: first pass, this should be fixed", |
| "Resume-Server-NoTickets-TLS12-TLS12-TLS": "TODO: first pass, this should be fixed", |
| "Resume-Server-NoPSKBinder": "TODO: first pass, this should be fixed", |
| "Resume-Server-PSKBinderFirstExtension": "TODO: first pass, this should be fixed", |
| "Resume-Server-PSKBinderFirstExtension-SecondBinder": "TODO: first pass, this should be fixed", |
| "Resume-Server-NoPSKBinder-SecondBinder": "TODO: first pass, this should be fixed", |
| "Resume-Server-OmitPSKsOnSecondClientHello": "TODO: first pass, this should be fixed", |
| "Renegotiate-Server-Forbidden": "TODO: first pass, this should be fixed", |
| "Renegotiate-Client-Forbidden-1": "TODO: first pass, this should be fixed", |
| "Client-Sign-RSA_PKCS1_SHA1-TLS13": "TODO: first pass, this should be fixed", |
| "Client-Sign-RSA_PKCS1_SHA256-TLS13": "TODO: first pass, this should be fixed", |
| "Client-Sign-RSA_PKCS1_SHA384-TLS13": "TODO: first pass, this should be fixed", |
| "Client-Sign-RSA_PKCS1_SHA512-TLS13": "TODO: first pass, this should be fixed", |
| "Client-Sign-ECDSA_SHA1-TLS13": "TODO: first pass, this should be fixed", |
| "Client-Sign-ECDSA_P224_SHA256-TLS13": "TODO: first pass, this should be fixed", |
| "ClientAuth-NoFallback-TLS13": "TODO: first pass, this should be fixed", |
| "ClientAuth-NoFallback-ECDSA": "TODO: first pass, this should be fixed", |
| "ClientAuth-NoFallback-RSA": "TODO: first pass, this should be fixed", |
| "ECDSACurveMismatch-Verify-TLS13": "TODO: first pass, this should be fixed", |
| "Ed25519DefaultDisable-NoAdvertise": "TODO: first pass, this should be fixed", |
| "Ed25519DefaultDisable-NoAccept": "TODO: first pass, this should be fixed", |
| "NoCommonSignatureAlgorithms-TLS12-Fallback": "TODO: first pass, this should be fixed", |
| "UnknownExtension-Client": "TODO: first pass, this should be fixed", |
| "UnknownUnencryptedExtension-Client-TLS13": "TODO: first pass, this should be fixed", |
| "UnofferedExtension-Client-TLS13": "TODO: first pass, this should be fixed", |
| "UnknownExtension-Client-TLS13": "TODO: first pass, this should be fixed", |
| "SendClientVersion-RSA": "TODO: first pass, this should be fixed", |
| "NoCommonCurves": "TODO: first pass, this should be fixed", |
| "PointFormat-EncryptedExtensions-TLS13": "TODO: first pass, this should be fixed", |
| "PointFormat-Client-MissingUncompressed": "TODO: first pass, this should be fixed", |
| "TLS13-SendNoKEMModesWithPSK-Server": "TODO: first pass, this should be fixed", |
| "TLS13-DuplicateTicketEarlyDataSupport": "TODO: first pass, this should be fixed", |
| "Basic-Client-NoTicket-TLS-Sync": "TODO: first pass, this should be fixed", |
| "Basic-Server-RSA-TLS-Sync": "TODO: first pass, this should be fixed", |
| "Basic-Client-NoTicket-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed", |
| "Basic-Server-RSA-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed", |
| "Basic-Client-NoTicket-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed", |
| "Basic-Server-RSA-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed", |
| "PartialSecondClientHelloAfterFirst": "TODO: first pass, this should be fixed", |
| "PartialServerHelloWithHelloRetryRequest": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Server-TLS1": "TODO: first pass, this should be fixed", |
| "PartialClientKeyExchangeWithClientHello": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Resume-Server-TLS1": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Resume-Client-TLS11": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Client-TLS1": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Client-TLS11": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Client-TLS12": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Client-TLS13": "TODO: first pass, this should be fixed", |
| "PartialNewSessionTicketWithServerHelloDone": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Server-TLS11": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Server-TLS12": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Resume-Server-TLS11": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Resume-Client-TLS12": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Resume-Server-TLS12": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Resume-Client-TLS13": "TODO: first pass, this should be fixed", |
| "TrailingDataWithFinished-Resume-Client-TLS1": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-ClientHello-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-ServerHello-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-ServerCertificate-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-ServerHelloDone-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-ServerKeyExchange-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-CertificateRequest-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-CertificateVerify-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-ServerFinished-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-ClientKeyExchange-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-TLS13-ClientHello-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-ClientFinished-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-NewSessionTicket-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-ClientCertificate-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-TLS13-CertificateRequest-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-TLS13-ServerCertificateVerify-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-TLS13-EncryptedExtensions-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed", |
| "ResumeTLS12SessionID-TLS13": "TODO: first pass, this should be fixed", |
| "SkipEarlyData-TLS13": "TODO: first pass, this should be fixed", |
| "DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed", |
| "Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed", |
| "Client-TooLongSessionID": "TODO: first pass, this should be fixed", |
| "Client-ShortSessionID": "TODO: first pass, this should be fixed", |
| "TLS12NoSessionID-TLS13": "TODO: first pass, this should be fixed", |
| "Server-TooLongSessionID-TLS12": "TODO: first pass, this should be fixed", |
| "EmptyEncryptedExtensions-TLS13": "TODO: first pass, this should be fixed", |
| "SkipEarlyData-SecondClientHelloEarlyData-TLS13": "TODO: first pass, this should be fixed", |
| "EncryptedExtensionsWithKeyShare-TLS13": "TODO: first pass, this should be fixed", |
| "HelloRetryRequest-DuplicateCurve-TLS13": "TODO: first pass, this should be fixed", |
| "HelloRetryRequest-DuplicateCookie-TLS13": "TODO: first pass, this should be fixed", |
| "HelloRetryRequest-Unknown-TLS13": "TODO: first pass, this should be fixed", |
| "SendPostHandshakeChangeCipherSpec-TLS13": "TODO: first pass, this should be fixed", |
| "ECDSAKeyUsage-Server-TLS12": "TODO: first pass, this should be fixed", |
| "ECDSAKeyUsage-Server-TLS13": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS1": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS1": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Client-WantSignature-GotSignature-TLS1": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS11": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Client-WantSignature-GotSignature-TLS11": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS12": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS12": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS11": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Client-WantSignature-GotSignature-TLS12": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Client-WantSignature-GotSignature-TLS13": "TODO: first pass, this should be fixed", |
| "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS13": "TODO: first pass, this should be fixed", |
| "EmptyExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed", |
| "OmitExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed", |
| "EmptyExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed", |
| "OmitExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed", |
| "EmptyExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed", |
| "OmitExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed", |
| "DuplicateCertCompressionExt-TLS12": "TODO: first pass, this should be fixed", |
| "DuplicateCertCompressionExt-TLS13": "TODO: first pass, this should be fixed", |
| "Client-RejectJDK11DowngradeRandom": "TODO: first pass, this should be fixed", |
| "CheckClientCertificateTypes": "TODO: first pass, this should be fixed", |
| "CheckECDSACurve-TLS12": "TODO: first pass, this should be fixed", |
| "ALPNClient-RejectUnknown-TLS-TLS1": "TODO: first pass, this should be fixed", |
| "ALPNClient-RejectUnknown-TLS-TLS11": "TODO: first pass, this should be fixed", |
| "ALPNClient-RejectUnknown-TLS-TLS12": "TODO: first pass, this should be fixed", |
| "ALPNClient-RejectUnknown-TLS-TLS13": "TODO: first pass, this should be fixed", |
| "ClientHelloPadding": "TODO: first pass, this should be fixed", |
| "TLS13-ExpectTicketEarlyDataSupport": "TODO: first pass, this should be fixed", |
| "TLS13-EarlyData-TooMuchData-Client-TLS-Sync": "TODO: first pass, this should be fixed", |
| "TLS13-EarlyData-TooMuchData-Client-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed", |
| "TLS13-EarlyData-TooMuchData-Client-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed", |
| "WrongMessageType-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed", |
| "TrailingMessageData-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed", |
| "SendHelloRetryRequest-2-TLS13": "TODO: first pass, this should be fixed", |
| "EarlyData-SkipEndOfEarlyData-TLS13": "TODO: first pass, this should be fixed", |
| "EarlyData-Server-BadFinished-TLS13": "TODO: first pass, this should be fixed", |
| "EarlyData-UnexpectedHandshake-Server-TLS13": "TODO: first pass, this should be fixed", |
| "EarlyData-CipherMismatch-Client-TLS13": "TODO: first pass, this should be fixed", |
| "Resume-Server-UnofferedCipher-TLS13": "TODO: first pass, this should be fixed" |
| } |
| } |