config.json (8306B)
1 { 2 "DisabledTests": { 3 "####################":"####################", 4 "### Failures due to Bogo/NSS specifics":"", 5 "####################":"####################", 6 7 "SendEmptyRecords":"Bogo allows only 32 empty records to be sent before other TLS messages.", 8 "SendUserCanceledAlerts-TooMany-TLS13":"Bogo allows only 5 user canceled alerts to be sent.", 9 "SendWarningAlerts-TooMany":"Bogo allows only 5 warning alerts to be sent.", 10 "TooManyKeyUpdates":"Bogo allows only 32 KeyUpdate messages to be sent.", 11 "UnsolicitedServerNameAck-TLS*":"Boring wants us to fail with an unexpected_extension alert, we simply ignore ssl_server_name_xtn.", 12 "DuplicateCertCompressionExt*":"BoGo expects that an alert is sent if more than one compression algorithm is sent.", 13 "*Auth-SHA1-Fallback*":"Boring wants us to fall back to SHA-1 if supported_signature_algorithms in CR is empty.", 14 "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2", 15 "SkipEarlyData-*TooMuchData*":"Test of internal BoGo features (see Bug 1339373).", 16 "Client-RejectJDK11DowngradeRandom":"This random is not specified in RFC8446.", 17 "Renegotiate-Server-Forbidden":"TLS 1.2 test, renegotiation is allowed in NSS.", 18 "EmptySessionID-TLS13":"This test also asserts BoringSSL always sending CCS messages for compatibility mode.", 19 "Http*":"Test sends http string to socket before handshake. his data is interpreted as a record header and leads to different IO errors in NSS.", 20 "V2ClientHello*":"Prefix data before V2 ClientHello leads to IO errors in NSS.", 21 "Server-JDK11-NoWorkaround-3":"Unexpected Bogo crash.", 22 "Resume-Server-UnofferedCipher-TLS13":"Bogo rejects resumption if client offers previously not used ciphersuites with equal hash algorithm (no 0Rtt).", 23 "EarlyData-FirstTicket-Server-TLS13":"Bogo provides specific early data logging which is the only check in this test but not supported by NSS.", 24 25 "CheckLeafCurve":"NSS doesn't require ECDSA curve to match ECDH curve", 26 "UnsupportedCurve":"NSS doesn't require ECDSA curve to match ECDH curve", 27 "Client-VerifyDefault-ECDSA_P521_SHA512-*":"Boring expects a failure because it doesn't enable ECDSA_P521_SHA512 by default", 28 "Client-VerifyDefault-ECDSA_SHA1-TLS12":"Boring expects a failure because it doesn't enable ECDSA_SHA1 by default", 29 30 "CurveTest-*-P-224-*":"NSS does not support P-224", 31 "*-*-*ECDSA_P224_SHA256-TLS12": "NSS does not support P-224", 32 "*Ed25519*":"Add Ed25519 support (Bug 1325335)", 33 "*NoSSL3*":"Test passes but only because of handshake failure, NSS only rejects SSL3 immediately in TLS1.3 clients/servers.", 34 "SendExtensionOnClientCertificate-TLS13":"Bug 1339392", 35 "CheckRecordVersion-TLS1":"NSS doesn't check record version field. Bug 1317634", 36 "CheckRecordVersion-TLS11":"NSS doesn't check record version field. Bug 1317634", 37 "CheckRecordVersion-TLS12":"NSS doesn't check record version field. Bug 1317634", 38 "GarbageInitialRecordVersion-TLS*":"NSS doesn't strictly check the ClientHello record version.", 39 "DuplicateKeyShares*":"NSS doesn't check for duplicates. Bug 1304578", 40 "PointFormat-Client-MissingUncompressed":"NSS ignores ec_point_formats extensions sent by servers.", 41 "SkipEarlyData-Interleaved-TLS13":"NSS ignores invalid early data records by default since ssl_0rtt_ignore_trial is default. Bug 1336916", 42 "ECDSAKeyUsage*":"NSS only checks KeyUsage on server setup and with delegated credential verification. Bug 1338194", 43 "RSAKeyUsage-*-WantSignature-GotEncipherment-*":"NSS only checks KeyUsage on server setup and with delegated credential verification. See Bug 1338194", 44 "RSAKeyUsage-*-WantEncipherment-GotSignature-*":"NSS only checks KeyUsage on server setup and with delegated credential verification. See Bug 1338194", 45 "TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"NSS Server side bug. Don't send ticket when not permitted by KE modes (Bug 1317635)", 46 "Resume-Server-OmitPSKsOnSecondClientHello":"NSS Server side bug. It does not detect ClientHello dropping of PSK extension (after HRR).", 47 "Renegotiate-Client-Forbidden-1":"By default NSS allows renegotiation with extension contrary to bogo.", 48 "TrailingData*":"NSS does only check for trailing data on possible key change handshake messages in TLS 1.3", 49 "Partial*":"See TrailingData* description.", 50 "QUIC-ECH*":"NSS does not support QUIC.", 51 "*ECH*SkipInvalidPublicName*":"NSS allows hostnames to include underscores in contrary to the spec. Bug 1136616", 52 "*ECH*CompressSupportedVersions":"NSS never compresses supported versions, Bogo does if CHOuter is TLS 1.3 only (equal to CHInner).", 53 "*ECH*NoSupportedConfigs*":"NSS throws error if unsupported but well formed retry configs could not be set on client, Bogo just does not offer ECH.", 54 "*ECH*RandomHRR*":"NSS sends real ECH in CH2 after receiving HRR rejcting ECH formally, Bogo expects instant ech_required alert. Bug 1779357", 55 "*ECH*UnsolicitedInnerServerNameAck":"NSS always sends SNI in CHInner, Bogo tests if the client detects an unsolicited SNI in SH if CHInner did not include it. Bug 1781224", 56 "CorruptTicket-TLS-TLS12":"NSS sends an alert on reception of a corrupted session ticket instead of falling back to full handshake. Bug 1783812", 57 58 "FalseStart-ALPN*":"TODO - Implementing TLS 1.2 only FalseStart has low priority.", 59 "CertCompressionPriority-TLS13" : "The preference setting used in NSS: the first advertised supported compression algorithm.", 60 61 "Server-Verify*":"Runner doesn't set the appropriate cert-file and key-file arguments", 62 "Client-Sign-Negotiate-*":"Runner doesn't set the appropriate cert-file and key-file arguments", 63 64 "NotJustKyberKeyShare":"Boring always sends a pre-quantum share with Xyber768 (if one is configured)", 65 "KyberKeyShareIncludedSecond":"Boring sends Xyber768 even if is not the client's first preference", 66 "KyberKeyShareIncludedThird":"Boring sends Xyber768 even if is not the client's first preference", 67 68 "NoCommonSignatureAlgorithms-TLS12-Fallback":"Boring will consider RSA key exchange if a common signature algorithm cannot be found", 69 70 "####################":"####################", 71 "### TLS1/11 failures due to unsupported signature algorithms":"", 72 "####################":"####################", 73 74 "FallbackSCSV":"", 75 "TicketSessionIDLength*":"", 76 "NoExtendedMasterSecret-TLS1-Server":"", 77 "NoExtendedMasterSecret-TLS11-Server":"", 78 "TLS1-Server-ClientAuth*":"", 79 "TLS11-Server-ClientAuth*":"", 80 "Resume-Server-TLS1-TLS1-TLS":"", 81 "Resume-Server-TLS11-TLS11-TLS":"", 82 "Resume-Server-NoTickets-TLS1-TLS1-TLS":"", 83 "Resume-Server-NoTickets-TLS11-TLS11-TLS":"", 84 "VersionNegotiation-Server*-TLS1-TLS":"", 85 "VersionNegotiation-Server*-TLS11-TLS":"", 86 "MinimumVersion-Server*-TLS1-TLS1-TLS":"", 87 "MinimumVersion-Server*-TLS1-TLS11-TLS":"", 88 "MinimumVersion-Server*-TLS11-TLS11-TLS":"", 89 "GarbageCertificate-Server-TLS1":"", 90 "GarbageCertificate-Server-TLS11":"", 91 "LooseInitialRecordVersion-TLS1":"", 92 "LooseInitialRecordVersion-TLS11":"", 93 "*Certificate-TLS1":"", 94 "*Certificate-TLS11":"", 95 "CorruptTicket*TLS1":"", 96 "CorruptTicket*TLS11":"", 97 "Resume-Server*TLS1-*":"", 98 "Resume-Server*TLS11-*":"", 99 "Server-Sign-ECDSA-TLS1":"", 100 "Server-Sign-ECDSA-TLS11":"", 101 "Server-Sign-RSA-TLS1":"", 102 "Server-Sign-RSA-TLS11":"", 103 "CurveTest-Server-P-*-TLS1":"", 104 "CurveTest-Server-P-*-TLS11":"", 105 "CurveTest-Server-X25519-TLS1":"", 106 "CurveTest-Server-X25519-TLS11":"", 107 "BadRSAClientKeyExchange-*":"This is a TLS11 only test.", 108 "RSAKeyUsage-Server-WantSignature-GotSignature-TLS1":"Only Server side of TLS 1 fails", 109 "RSAKeyUsage-Server-WantSignature-GotSignature-TLS11":"Only Server side of TLS 11 fails", 110 111 "":"" 112 }, 113 "ErrorMap" : { 114 } 115 }