From f017b749ea9f1586d2308504553d40bf4cc5439d Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Tue, 6 Feb 2018 11:46:26 +0100 Subject: Update NSS to 3.32.1-RTM --- security/nss/gtests/nss_bogo_shim/config.json | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'security/nss/gtests/nss_bogo_shim/config.json') diff --git a/security/nss/gtests/nss_bogo_shim/config.json b/security/nss/gtests/nss_bogo_shim/config.json index 0a6864f73..4109bd2ca 100644 --- a/security/nss/gtests/nss_bogo_shim/config.json +++ b/security/nss/gtests/nss_bogo_shim/config.json @@ -5,7 +5,6 @@ "#*HelloRetryRequest*":"(NSS=18, BoGo=16)", "#*KeyShare*":"(NSS=18, BoGo=16)", "#*EncryptedExtensions*":"(NSS=18, BoGo=16)", - "#*ServerHelloSignatureAlgorithms*":"(NSS=18, BoGo=16)", "#*SecondClientHello*":"(NSS=18, BoGo=16)", "#*IgnoreClientVersionOrder*":"(NSS=18, BoGo=16)", "Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)", @@ -13,27 +12,21 @@ "CheckRecordVersion-TLS*":"Bug 1317634", "GREASE-Server-TLS13":"BoringSSL GREASEs without a flag, but we ignore it", "TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"Bug in NSS. Don't send ticket when not permitted by KE modes (Bug 1317635)", - "Resume-Server-InvalidPSKBinder":"(Bogo incorrectly expects 'illegal_parameter')", - "FallbackSCSV-VersionMatch":"Draft version mismatch (NSS=15, BoGo=14)", "*KeyUpdate*":"KeyUpdate Unimplemented", "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975", - "ClientAuth-SHA1-Fallback":"Disagreement about alerts. Bug 1294975", "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts", "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3", "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records", "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978", "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup", - "*VersionTolerance":"BoGo expects us to negotiate 1.3 but we negotiate 1.2 because BoGo didn't send draft version", "*SSL3*":"NSS disables SSLv3", "*SSLv3*":"NSS disables SSLv3", "*AES256*":"Inconsistent support for AES256", "*AES128-SHA256*":"No support for Suite B ciphers", - "*CHACHA20-POLY1305-OLD*":"Old ChaCha/Poly", "DuplicateExtension*":"NSS sends unexpected_extension alert", "WeakDH":"NSS supports 768-bit DH", "SillyDH":"NSS supports 4097-bit DH", "SendWarningAlerts":"This appears to be Boring-specific", - "V2ClientHello-WarningAlertPrefix":"Bug 1292893", "TLS12-AES128-GCM-client":"Bug 1292895", "*TLS12-AES128-GCM-LargeRecord*":"Bug 1292895", "Renegotiate-Client-Forbidden-1":"Bug 1292898", @@ -51,11 +44,19 @@ "WrongMessageType-TLS13-ServerFinished":"nss updated/broken", "EncryptedExtensionsWithKeyShare":"nss updated/broken", "EmptyEncryptedExtensions":"nss updated/broken", - "ClientAuth-SHA1-Fallback-RSA":"We fail when the sig_algs_ext is empty", - "Downgrade-TLS12-*":"NSS implements downgrade detection", "TrailingMessageData-*": "Bug 1304575", "DuplicateKeyShares":"Bug 1304578", - "Resume-Server-TLS13-TLS13":"Bug 1314351" + "Resume-Server-TLS13-TLS13":"Bug 1314351", + "SkipEarlyData-Interleaved":"Bug 1336916", + "ECDSAKeyUsage-TLS1*":"Bug 1338194", + "PointFormat-Client-MissingUncompressed":"We ignore ec_point_formats extensions sent by servers.", + "SkipEarlyData-SecondClientHelloEarlyData":"Boring doesn't reject early_data in the 2nd CH but fails later with bad_record_mac.", + "SkipEarlyData-*TooMuchData":"Bug 1339373", + "UnsolicitedServerNameAck-TLS1*":"Boring wants us to fail with an unexpected_extension alert, we simply ignore ssl_server_name_xtn.", + "RequireAnyClientCertificate-TLS1*":"Bug 1339387", + "SendExtensionOnClientCertificate-TLS13":"Bug 1339392", + "ALPNClient-Mismatch-TLS13":"NSS sends alerts in response to errors in protected handshake messages in the clear", + "P224-Server":"NSS doesn't support P-224" }, "ErrorMap" : { ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP", -- cgit v1.2.3