Add m-esr52 at 52.6.0

1 files changed, 68 insertions, 0 deletions

diff --git a/security/nss/gtests/nss_bogo_shim/config.json b/security/nss/gtests/nss_bogo_shim/config.json
new file mode 100644
index 000000000..0a6864f73
--- /dev/null
+++ b/security/nss/gtests/nss_bogo_shim/config.json
@@ -0,0 +1,68 @@
+{
+    "DisabledTests": {
+        "### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"",
+        "#*TLS13*":"(NSS=18, BoGo=16)",
+        "#*HelloRetryRequest*":"(NSS=18, BoGo=16)",
+        "#*KeyShare*":"(NSS=18, BoGo=16)",
+        "#*EncryptedExtensions*":"(NSS=18, BoGo=16)",
+        "#*ServerHelloSignatureAlgorithms*":"(NSS=18, BoGo=16)",
+        "#*SecondClientHello*":"(NSS=18, BoGo=16)",
+        "#*IgnoreClientVersionOrder*":"(NSS=18, BoGo=16)",
+        "Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)",
+        "Resume-Server-NoPSKBinder":"Alert disagreement (Bug 1317633)",
+        "CheckRecordVersion-TLS*":"Bug 1317634",
+        "GREASE-Server-TLS13":"BoringSSL GREASEs without a flag, but we ignore it",
+        "TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"Bug in NSS. Don't send ticket when not permitted by KE modes (Bug 1317635)",
+        "Resume-Server-InvalidPSKBinder":"(Bogo incorrectly expects 'illegal_parameter')",
+        "FallbackSCSV-VersionMatch":"Draft version mismatch (NSS=15, BoGo=14)",
+        "*KeyUpdate*":"KeyUpdate Unimplemented",
+        "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975",
+        "ClientAuth-SHA1-Fallback":"Disagreement about alerts. Bug 1294975",
+        "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts",
+        "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3",
+        "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records",
+        "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978",
+        "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup",
+        "*VersionTolerance":"BoGo expects us to negotiate 1.3 but we negotiate 1.2 because BoGo didn't send draft version",
+        "*SSL3*":"NSS disables SSLv3",
+        "*SSLv3*":"NSS disables SSLv3",
+        "*AES256*":"Inconsistent support for AES256",
+        "*AES128-SHA256*":"No support for Suite B ciphers",
+        "*CHACHA20-POLY1305-OLD*":"Old ChaCha/Poly",
+        "DuplicateExtension*":"NSS sends unexpected_extension alert",
+        "WeakDH":"NSS supports 768-bit DH",
+        "SillyDH":"NSS supports 4097-bit DH",
+        "SendWarningAlerts":"This appears to be Boring-specific",
+        "V2ClientHello-WarningAlertPrefix":"Bug 1292893",
+        "TLS12-AES128-GCM-client":"Bug 1292895",
+        "*TLS12-AES128-GCM-LargeRecord*":"Bug 1292895",
+        "Renegotiate-Client-Forbidden-1":"Bug 1292898",
+        "Renegotiate-Server-Forbidden":"NSS doesn't disable renegotiation by default",
+        "Renegotiate-Client-NoIgnore":"NSS doesn't disable renegotiation by default",
+        "StrayHelloRequest*":"NSS doesn't disable renegotiation by default",
+        "NoSupportedCurves-TLS13":"wanted SSL_ERROR_NO_CYPHER_OVERLAP, got missing extension error",
+        "FragmentedClientVersion":"received a malformed Client Hello handshake message",
+        "UnofferedExtension-Client-TLS13":"nss updated/broken",
+        "UnknownExtension-Client-TLS13":"nss updated/broken",
+        "WrongMessageType-TLS13-EncryptedExtensions":"nss updated/broken",
+        "WrongMessageType-TLS13-CertificateRequest":"nss updated/broken",
+        "WrongMessageType-TLS13-ServerCertificateVerify":"nss updated/broken",
+        "WrongMessageType-TLS13-ServerCertificate":"nss updated/broken",
+        "WrongMessageType-TLS13-ServerFinished":"nss updated/broken",
+        "EncryptedExtensionsWithKeyShare":"nss updated/broken",
+        "EmptyEncryptedExtensions":"nss updated/broken",
+        "ClientAuth-SHA1-Fallback-RSA":"We fail when the sig_algs_ext is empty",
+        "Downgrade-TLS12-*":"NSS implements downgrade detection",
+        "TrailingMessageData-*": "Bug 1304575",
+        "DuplicateKeyShares":"Bug 1304578",
+        "Resume-Server-TLS13-TLS13":"Bug 1314351"
+    },
+    "ErrorMap" : {
+        ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":UNKNOWN_CIPHER_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":OLD_SESSION_CIPHER_NOT_RETURNED:":"SSL_ERROR_RX_MALFORMED_SERVER_HELLO",
+        ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":DIGEST_CHECK_FAILED:":"SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE"
+    }
+}
+