From 74cabf7948b2597f5b6a67d6910c844fd1a88ff6 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Sat, 15 Dec 2018 01:42:53 +0100 Subject: Update NSS to 3.41 --- security/nss/gtests/nss_bogo_shim/config.json | 31 ++++++++++++--------------- 1 file changed, 14 insertions(+), 17 deletions(-) (limited to 'security/nss/gtests/nss_bogo_shim/config.json') diff --git a/security/nss/gtests/nss_bogo_shim/config.json b/security/nss/gtests/nss_bogo_shim/config.json index 6dc155bef..5c7a2e348 100644 --- a/security/nss/gtests/nss_bogo_shim/config.json +++ b/security/nss/gtests/nss_bogo_shim/config.json @@ -1,6 +1,9 @@ { "DisabledTests": { "### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"", + "*TLS13Draft*":"NSS supports RFC 8446 only.", + "IgnoreClientVersionOrder":"Uses draft23", + "DuplicateCertCompressionExt*":"BoGo expects that an alert is sent if more than one compression algorithm is sent.", "ServerBogusVersion":"Check that SH.legacy_version=TLS12 when the server picks TLS 1.3 (Bug 1443761)", "DummyPQPadding-Server*":"Boring is testing a dummy PQ padding extension", "VerifyPreferences-Enforced":"NSS sends alerts in response to errors in protected handshake messages in the clear", @@ -12,17 +15,10 @@ "ServerCipherFilter*":"Add Ed25519 support (Bug 1325335)", "GarbageCertificate*":"Send bad_certificate alert when certificate parsing fails (Bug 1441565)", "SupportedVersionSelection-TLS12":"Should maybe reject TLS 1.2 in SH.supported_versions (Bug 1438266)", - "*TLS13*":"(NSS=19, BoGo=18)", - "*HelloRetryRequest*":"(NSS=19, BoGo=18)", - "*KeyShare*":"(NSS=19, BoGo=18)", - "*EncryptedExtensions*":"(NSS=19, BoGo=18)", - "*SecondClientHello*":"(NSS=19, BoGo=18)", - "*IgnoreClientVersionOrder*":"(NSS=19, BoGo=18)", - "SkipEarlyData*":"(NSS=19, BoGo=18)", - "*Binder*":"(NSS=19, BoGo=18)", "Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)", "Resume-Server-NoPSKBinder":"Alert disagreement (Bug 1317633)", "CheckRecordVersion-TLS*":"Bug 1317634", + "GarbageInitialRecordVersion-TLS*":"NSS doesn't strictly check the ClientHello record version", "GREASE-Server-TLS13":"BoringSSL GREASEs without a flag, but we ignore it", "TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"Bug in NSS. Don't send ticket when not permitted by KE modes (Bug 1317635)", "*KeyUpdate*":"KeyUpdate Unimplemented", @@ -48,14 +44,14 @@ "StrayHelloRequest*":"NSS doesn't disable renegotiation by default", "NoSupportedCurves-TLS13":"wanted SSL_ERROR_NO_CYPHER_OVERLAP, got missing extension error", "FragmentedClientVersion":"received a malformed Client Hello handshake message", - "UnofferedExtension-Client-TLS13":"nss updated/broken", - "UnknownExtension-Client-TLS13":"nss updated/broken", - "WrongMessageType-TLS13-EncryptedExtensions":"nss updated/broken", - "WrongMessageType-TLS13-CertificateRequest":"nss updated/broken", - "WrongMessageType-TLS13-ServerCertificateVerify":"nss updated/broken", - "WrongMessageType-TLS13-ServerCertificate":"nss updated/broken", - "WrongMessageType-TLS13-ServerFinished":"nss updated/broken", - "EmptyEncryptedExtensions":"nss updated/broken", + "WrongMessageType-TLS13-EncryptedExtensions":"Boring expects CCS (Bugs 1481209, 1304603)", + "TrailingMessageData-TLS13-EncryptedExtensions":"Boring expects CCS (Bugs 1481209, 1304603)", + "UnofferedExtension-Client-TLS13":"Boring expects CCS (Bugs 1481209, 1304603)", + "UnknownExtension-Client-TLS13":"Boring expects CCS (Bugs 1481209, 1304603)", + "WrongMessageType-TLS13-CertificateRequest":"Boring expects CCS (Bugs 1481209, 1304603)", + "WrongMessageType-TLS13-ServerCertificateVerify":"Boring expects CCS (Bugs 1481209, 1304603)", + "WrongMessageType-TLS13-ServerCertificate":"Boring expects CCS (Bugs 1481209, 1304603)", + "WrongMessageType-TLS13-ServerFinished":"Boring expects CCS (Bugs 1481209, 1304603)", "TrailingMessageData-*": "Bug 1304575", "DuplicateKeyShares":"Bug 1304578", "Resume-Server-TLS13-TLS13":"Bug 1314351", @@ -68,7 +64,8 @@ "RequireAnyClientCertificate-TLS1*":"Bug 1339387", "SendExtensionOnClientCertificate-TLS13":"Bug 1339392", "ALPNClient-Mismatch-TLS13":"NSS sends alerts in response to errors in protected handshake messages in the clear", - "P224-Server":"NSS doesn't support P-224" + "P224-Server":"NSS doesn't support P-224", + "ClientAuth-SHA1-Fallback*":"Boring wants us to fall back to SHA-1 if supported_signature_algorithms in CR is empty." }, "ErrorMap" : { ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP", -- cgit v1.2.3