summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/nss_bogo_shim/config.json
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/gtests/nss_bogo_shim/config.json')
-rw-r--r--security/nss/gtests/nss_bogo_shim/config.json31
1 files changed, 14 insertions, 17 deletions
diff --git a/security/nss/gtests/nss_bogo_shim/config.json b/security/nss/gtests/nss_bogo_shim/config.json
index 6dc155bef..5c7a2e348 100644
--- a/security/nss/gtests/nss_bogo_shim/config.json
+++ b/security/nss/gtests/nss_bogo_shim/config.json
@@ -1,6 +1,9 @@
{
"DisabledTests": {
"### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"",
+ "*TLS13Draft*":"NSS supports RFC 8446 only.",
+ "IgnoreClientVersionOrder":"Uses draft23",
+ "DuplicateCertCompressionExt*":"BoGo expects that an alert is sent if more than one compression algorithm is sent.",
"ServerBogusVersion":"Check that SH.legacy_version=TLS12 when the server picks TLS 1.3 (Bug 1443761)",
"DummyPQPadding-Server*":"Boring is testing a dummy PQ padding extension",
"VerifyPreferences-Enforced":"NSS sends alerts in response to errors in protected handshake messages in the clear",
@@ -12,17 +15,10 @@
"ServerCipherFilter*":"Add Ed25519 support (Bug 1325335)",
"GarbageCertificate*":"Send bad_certificate alert when certificate parsing fails (Bug 1441565)",
"SupportedVersionSelection-TLS12":"Should maybe reject TLS 1.2 in SH.supported_versions (Bug 1438266)",
- "*TLS13*":"(NSS=19, BoGo=18)",
- "*HelloRetryRequest*":"(NSS=19, BoGo=18)",
- "*KeyShare*":"(NSS=19, BoGo=18)",
- "*EncryptedExtensions*":"(NSS=19, BoGo=18)",
- "*SecondClientHello*":"(NSS=19, BoGo=18)",
- "*IgnoreClientVersionOrder*":"(NSS=19, BoGo=18)",
- "SkipEarlyData*":"(NSS=19, BoGo=18)",
- "*Binder*":"(NSS=19, BoGo=18)",
"Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)",
"Resume-Server-NoPSKBinder":"Alert disagreement (Bug 1317633)",
"CheckRecordVersion-TLS*":"Bug 1317634",
+ "GarbageInitialRecordVersion-TLS*":"NSS doesn't strictly check the ClientHello record version",
"GREASE-Server-TLS13":"BoringSSL GREASEs without a flag, but we ignore it",
"TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"Bug in NSS. Don't send ticket when not permitted by KE modes (Bug 1317635)",
"*KeyUpdate*":"KeyUpdate Unimplemented",
@@ -48,14 +44,14 @@
"StrayHelloRequest*":"NSS doesn't disable renegotiation by default",
"NoSupportedCurves-TLS13":"wanted SSL_ERROR_NO_CYPHER_OVERLAP, got missing extension error",
"FragmentedClientVersion":"received a malformed Client Hello handshake message",
- "UnofferedExtension-Client-TLS13":"nss updated/broken",
- "UnknownExtension-Client-TLS13":"nss updated/broken",
- "WrongMessageType-TLS13-EncryptedExtensions":"nss updated/broken",
- "WrongMessageType-TLS13-CertificateRequest":"nss updated/broken",
- "WrongMessageType-TLS13-ServerCertificateVerify":"nss updated/broken",
- "WrongMessageType-TLS13-ServerCertificate":"nss updated/broken",
- "WrongMessageType-TLS13-ServerFinished":"nss updated/broken",
- "EmptyEncryptedExtensions":"nss updated/broken",
+ "WrongMessageType-TLS13-EncryptedExtensions":"Boring expects CCS (Bugs 1481209, 1304603)",
+ "TrailingMessageData-TLS13-EncryptedExtensions":"Boring expects CCS (Bugs 1481209, 1304603)",
+ "UnofferedExtension-Client-TLS13":"Boring expects CCS (Bugs 1481209, 1304603)",
+ "UnknownExtension-Client-TLS13":"Boring expects CCS (Bugs 1481209, 1304603)",
+ "WrongMessageType-TLS13-CertificateRequest":"Boring expects CCS (Bugs 1481209, 1304603)",
+ "WrongMessageType-TLS13-ServerCertificateVerify":"Boring expects CCS (Bugs 1481209, 1304603)",
+ "WrongMessageType-TLS13-ServerCertificate":"Boring expects CCS (Bugs 1481209, 1304603)",
+ "WrongMessageType-TLS13-ServerFinished":"Boring expects CCS (Bugs 1481209, 1304603)",
"TrailingMessageData-*": "Bug 1304575",
"DuplicateKeyShares":"Bug 1304578",
"Resume-Server-TLS13-TLS13":"Bug 1314351",
@@ -68,7 +64,8 @@
"RequireAnyClientCertificate-TLS1*":"Bug 1339387",
"SendExtensionOnClientCertificate-TLS13":"Bug 1339392",
"ALPNClient-Mismatch-TLS13":"NSS sends alerts in response to errors in protected handshake messages in the clear",
- "P224-Server":"NSS doesn't support P-224"
+ "P224-Server":"NSS doesn't support P-224",
+ "ClientAuth-SHA1-Fallback*":"Boring wants us to fall back to SHA-1 if supported_signature_algorithms in CR is empty."
},
"ErrorMap" : {
":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP",