1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
|
{
"DisabledTests": {
"SendV2ClientHello-*": "only support TLS1.2",
"*SSL3*": "",
"*SSLv3*": "",
"*TLS1-*": "",
"*-TLS1": "",
"*TLS11-*": "",
"*-TLS11": "",
"SendFallbackSCSV": "fallback scsv not implemented",
"TLS13-*": "no old drafts",
"TLS13Experiment-*": "",
"TLS13Experiment2-*": "",
"TLS13Experiment3-*": "",
"TLS13Draft21-*": "",
"Downgrade-TLS12-*": "",
"VersionNegotiation-*-TLS13-TLS13": "",
"VersionNegotiation-*-TLS13-TLS13Draft22": "",
"VersionNegotiation-*-TLS13Draft22-TLS13": "",
"VersionNegotiation-*-TLS13Draft22-TLS13Experiment": "",
"VersionNegotiation-*-TLS13Draft22-TLS13Experiment2": "",
"VersionNegotiation-*-TLS13Draft22-TLS13Experiment3": "",
"MinorVersionTolerance": "",
"MajorVersionTolerance": "",
"FragmentedClientVersion": "",
"ConflictingVersionNegotiation": "",
"ConflictingVersionNegotiation-2": "",
"PointFormat-Server-Missing": "we require ecc",
"ECDSAKeyUsage-*": "TODO: we don't do anything with key usages",
"CheckRecordVersion-*": "we don't look at record version",
"TLS13-WrongOuterRecord": "we're lax on this",
"*DTLS*": "not supported",
"MTU*": "dtls only",
"DisableEverything": "not useful",
"SendEmptyRecords": "non-standard openssl/boringssl behaviour",
"SendEmptyRecords-Async": "",
"SendWarningAlerts": "",
"SendWarningAlerts-Async": "",
"Peek-*": "",
"OmitExtensions-ServerHello-TLS12": "bug in bogo if sct offered",
"EmptyExtensions-ServerHello-TLS12": "",
"CBCRecordSplitting*": "insane ciphersuites",
"*CBCPadding*": "",
"RSAEphemeralKey": "",
"BadRSAClientKeyExchange-*": "",
"SendClientVersion-RSA": "",
"SillyDH": "",
"WeakDH": "",
"DHPublicValuePadded": "",
"Basic-Server-RSA-*": "",
"*-RC4-*": "",
"*-3DES-*": "",
"*-DHE-*": "",
"ServerAuth-SHA1-Fallback": "",
"*-AES128-SHA*": "",
"*-AES256-SHA*": "",
"*-ECDSA-SHA1-*": "no ecdsa-sha1",
"*-Sign-RSA-PKCS1-SHA1-*": "no sha1",
"*-P521-*": "no p521",
"*-P-521": "",
"*-P-224": "no p224",
"*-P-224-*": "",
"CurveTest-Client-P-521-TLS13": "",
"CurveTest-Server-P-521-TLS13": "",
"Ed25519-*": "no ed25519 yet",
"*-Ed25519": "",
"*-Ed25519-*": "",
"GREASE-*": "not implemented",
"LargeMessage-Reject": "",
"*-ShortHeader": "",
"ShortHeader-*": "",
"SkipEarlyData*": "no 0rtt support",
"TLS13Draft22-DuplicateTicketEarlyDataInfo": "",
"NoCommonCurves": "nothing to fall back to",
"ClientHelloPadding": "hello padding extension not implemented",
"TLS13Draft22-HelloRetryRequest-Client-Sync*": "we remember the server's preference and don't need a second HRR",
"TLS13Draft22-HelloRetryRequest-Client-Async*": "",
"SendHelloRetryRequest-2": "",
"Resume-Client-CipherMismatch": "tries to vary to unimplemented CBC-mode cs",
"*Auth-SHA1-Fallback*": "",
"RSA-PSS-Large": "",
"TLS12-AES128-GCM-*": "no pfs",
"TLS12-AES256-GCM-*": "",
"*-CHACHA20-POLY1305-OLD-*": "",
"*-ECDSA-*-server": "ECDSA signing not yet implemented",
"ClientAuth-Sign-ECDSA-*": "",
"ServerAuth-Sign-ECDSA-*": "",
"*-Client-ClientAuth-ECDSA": "",
"Basic-Server-*-ECDSA-*": "",
"FallbackSCSV*": "fallback countermeasure not yet implemented",
"RequireAnyClientCertificate-TLS12": "we don't send an alert in this case",
"TooManyKeyUpdates": "no limit implemented",
"Renegotiate-Client-*": "no reneg",
"Renegotiate-Server-*": "",
"SendHalfHelloRequest-*": "",
"RetainOnlySHA256-*": "",
"ExtendedMasterSecret-Renego-*": "",
"Unclean-Shutdown-Ignored": "broken on macos -- FIXME",
"Shutdown-Shim-Sync-SplitHandshakeRecords": "likewise"
},
"ErrorMap": {
":HTTP_REQUEST:": ":GARBAGE:",
":HTTPS_PROXY_REQUEST:": ":GARBAGE:",
":WRONG_VERSION_NUMBER:": ":GARBAGE:",
":PEER_DID_NOT_RETURN_A_CERTIFICATE:": ":NO_CERTS:",
":UNEXPECTED_RECORD:": ":UNEXPECTED_MESSAGE:",
":NO_RENEGOTIATION:": ":UNEXPECTED_MESSAGE:",
":DIGEST_CHECK_FAILED:": ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
":APPLICATION_DATA_INSTEAD_OF_HANDSHAKE:": ":UNEXPECTED_MESSAGE:",
":ENCRYPTED_LENGTH_TOO_LONG:": ":GARBAGE:"
},
"TestErrorMap": {
"EmptyCertificateList": ":NO_CERTS:",
"SendInvalidRecordType": ":GARBAGE:",
"NoSharedCipher": ":HANDSHAKE_FAILURE:",
"NoSharedCipher-TLS13": ":HANDSHAKE_FAILURE:",
"InvalidECDHPoint-Client": ":PEER_MISBEHAVIOUR:",
"InvalidECDHPoint-Server": ":PEER_MISBEHAVIOUR:",
"TrailingMessageData-ClientHello": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-ServerHello": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-ServerCertificate": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-CertificateRequest": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-ClientCertificate": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-CertificateVerify": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-NewSessionTicket": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-ServerHelloDone": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-ServerKeyExchange": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-ClientKeyExchange": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-CertificateStatus": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-TLS13-ClientHello": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-TLS13-ServerHello": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-TLS13-EncryptedExtensions": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-TLS13-CertificateRequest": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-TLS13-ServerCertificate": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-TLS13-ServerCertificateVerify": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-TLS13-ServerFinished": ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
"TrailingMessageData-TLS13-ClientCertificate": ":BAD_HANDSHAKE_MSG:",
"TrailingMessageData-TLS13-ClientCertificateVerify": ":BAD_HANDSHAKE_MSG:",
"MissingKeyShare-Client-TLS13": ":PEER_MISBEHAVIOUR:",
"MissingKeyShare-Server-TLS13": ":INCOMPATIBLE:",
"EmptyEncryptedExtensions-TLS13": ":BAD_HANDSHAKE_MSG:",
"NoSupportedCurves": ":INCOMPATIBLE:",
"BadECDHECurve": ":PEER_MISBEHAVIOUR:",
"VersionTooLow": ":INCOMPATIBLE:",
"UnofferedExtension-Client": ":PEER_MISBEHAVIOUR:",
"ServerHelloBogusCipher": ":PEER_MISBEHAVIOUR:",
"ServerHelloBogusCipher-TLS13": ":PEER_MISBEHAVIOUR:",
"ALPNClient-RejectUnknown-TLS12": ":PEER_MISBEHAVIOUR:",
"ALPNClient-EmptyProtocolName-TLS12": ":PEER_MISBEHAVIOUR:",
"ALPNServer-EmptyProtocolName-TLS12": ":PEER_MISBEHAVIOUR:",
"Verify-ServerAuth-SignatureType": ":PEER_MISBEHAVIOUR:",
"ClientAuth-Enforced": ":PEER_MISBEHAVIOUR:",
"ServerAuth-Enforced": ":PEER_MISBEHAVIOUR:",
"UnofferedExtension-Client": ":PEER_MISBEHAVIOUR:",
"UnknownExtension-Client": ":PEER_MISBEHAVIOUR:",
"KeyUpdate-InvalidRequestMode": ":BAD_HANDSHAKE_MSG:",
"ExtraCompressionMethods-TLS13": ":PEER_MISBEHAVIOUR:",
"NoNullCompression-TLS12": ":INCOMPATIBLE:",
"NoNullCompression-TLS13": ":INCOMPATIBLE:",
"TLS13Draft22-AES128-GCM-server": ":INCOMPATIBLE:",
"TLS13Draft22-AES128-GCM-client": ":PEER_MISBEHAVIOUR:",
"TLS13Draft22-AES256-GCM-server": ":INCOMPATIBLE:",
"TLS13Draft22-AES256-GCM-client": ":PEER_MISBEHAVIOUR:",
"TLS13Draft22-ECDHE-ECDSA-AES128-GCM-client": ":PEER_MISBEHAVIOUR:",
"TLS13Draft22-ECDHE-ECDSA-AES256-GCM-client": ":PEER_MISBEHAVIOUR:",
"TLS13Draft22-ECDHE-ECDSA-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:",
"TLS13Draft22-ECDHE-RSA-AES128-GCM-server": ":INCOMPATIBLE:",
"TLS13Draft22-ECDHE-RSA-AES128-GCM-client": ":PEER_MISBEHAVIOUR:",
"TLS13Draft22-ECDHE-RSA-AES256-GCM-server": ":INCOMPATIBLE:",
"TLS13Draft22-ECDHE-RSA-AES256-GCM-client": ":PEER_MISBEHAVIOUR:",
"TLS13Draft22-ECDHE-RSA-CHACHA20-POLY1305-server": ":INCOMPATIBLE:",
"TLS13Draft22-ECDHE-RSA-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:",
"TLS12-AEAD-CHACHA20-POLY1305-server": ":INCOMPATIBLE:",
"TLS12-AEAD-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:",
"TLS12-AEAD-AES128-GCM-SHA256-server": ":INCOMPATIBLE:",
"TLS12-AEAD-AES128-GCM-SHA256-client": ":PEER_MISBEHAVIOUR:",
"TLS12-AEAD-AES256-GCM-SHA384-server": ":INCOMPATIBLE:",
"TLS12-AEAD-AES256-GCM-SHA384-client": ":PEER_MISBEHAVIOUR:",
"SkipHelloRetryRequest-TLS13Draft22": ":PEER_MISBEHAVIOUR:",
"NoSupportedVersions": ":INCOMPATIBLE:",
"ClientAuth-Verify-RSA-PKCS1-SHA1-TLS13": ":PEER_MISBEHAVIOUR:",
"ServerAuth-Verify-RSA-PKCS1-SHA1-TLS13": ":PEER_MISBEHAVIOUR:",
"ClientAuth-Verify-RSA-PKCS1-SHA256-TLS13": ":PEER_MISBEHAVIOUR:",
"ServerAuth-Verify-RSA-PKCS1-SHA256-TLS13": ":PEER_MISBEHAVIOUR:",
"ClientAuth-Verify-RSA-PKCS1-SHA384-TLS13": ":PEER_MISBEHAVIOUR:",
"ServerAuth-Verify-RSA-PKCS1-SHA384-TLS13": ":PEER_MISBEHAVIOUR:",
"ClientAuth-Verify-RSA-PKCS1-SHA512-TLS13": ":PEER_MISBEHAVIOUR:",
"ServerAuth-Verify-RSA-PKCS1-SHA512-TLS13": ":PEER_MISBEHAVIOUR:",
"ServerAuth-Sign-RSA-PKCS1-SHA256-TLS13": ":INCOMPATIBLE:",
"ServerAuth-Sign-RSA-PKCS1-SHA384-TLS13": ":INCOMPATIBLE:",
"ServerAuth-Sign-RSA-PKCS1-SHA512-TLS13": ":INCOMPATIBLE:",
"ClientAuth-Sign-RSA-PKCS1-SHA256-TLS13": ":INCOMPATIBLE:",
"ClientAuth-Sign-RSA-PKCS1-SHA384-TLS13": ":INCOMPATIBLE:",
"ClientAuth-Sign-RSA-PKCS1-SHA512-TLS13": ":INCOMPATIBLE:",
"ALPNClient-EmptyProtocolName-TLS13": ":PEER_MISBEHAVIOUR:",
"ALPNServer-EmptyProtocolName-TLS13": ":PEER_MISBEHAVIOUR:",
"ALPNClient-RejectUnknown-TLS13": ":PEER_MISBEHAVIOUR:",
"ClientAuth-NoFallback-TLS13": ":INCOMPATIBLE:",
"ServerAuth-NoFallback-TLS13": ":INCOMPATIBLE:",
"ClientAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:",
"ServerAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:",
"SecondClientHelloWrongCurve-TLS13": ":PEER_MISBEHAVIOUR:",
"SecondClientHelloMissingKeyShare-TLS13": ":INCOMPATIBLE:",
"Resume-Server-BinderWrongLength": ":PEER_MISBEHAVIOUR:",
"Resume-Server-NoPSKBinder": ":PEER_MISBEHAVIOUR:",
"Resume-Server-ExtraPSKBinder": ":PEER_MISBEHAVIOUR:",
"Resume-Server-ExtraIdentityNoBinder": ":PEER_MISBEHAVIOUR:",
"Resume-Server-InvalidPSKBinder": ":PEER_MISBEHAVIOUR:",
"Resume-Server-PSKBinderFirstExtension": ":PEER_MISBEHAVIOUR:",
"Resume-Server-UnofferedCipher": ":PEER_MISBEHAVIOUR:",
"Resume-Server-UnofferedCipher-TLS13": ":PEER_MISBEHAVIOUR:",
"Resume-Client-CipherMismatch-TLS13": ":PEER_MISBEHAVIOUR:",
"Resume-Client-PRFMismatch-TLS13": ":PEER_MISBEHAVIOUR:",
"Resume-Client-Mismatch-TLS12-TLS13": ":PEER_MISBEHAVIOUR:",
"Resume-Client-Mismatch-TLS13-TLS12": ":PEER_MISBEHAVIOUR:",
"NoSupportedCurves-TLS13": ":INCOMPATIBLE:",
"BadECDHECurve-TLS13": ":PEER_MISBEHAVIOUR:",
"InvalidECDHPoint-Client-TLS13": ":PEER_MISBEHAVIOUR:",
"InvalidECDHPoint-Server-TLS13": ":PEER_MISBEHAVIOUR:",
"InvalidPSKIdentity-TLS13": ":PEER_MISBEHAVIOUR:",
"AlwaysSelectPSKIdentity-TLS13": ":PEER_MISBEHAVIOUR:",
"TrailingKeyShareData-TLS13": ":BAD_HANDSHAKE_MSG:",
"HelloRetryRequestCurveMismatch-TLS13Draft22": ":PEER_MISBEHAVIOUR:",
"HelloRetryRequestVersionMismatch-TLS13Draft22": ":BAD_HANDSHAKE_MSG:",
"HelloRetryRequest-DuplicateCookie-TLS13Draft22": ":PEER_MISBEHAVIOUR:",
"HelloRetryRequest-DuplicateCurve-TLS13Draft22": ":PEER_MISBEHAVIOUR:",
"UnknownUnencryptedExtension-Client-TLS13": ":PEER_MISBEHAVIOUR:",
"UnexpectedUnencryptedExtension-Client-TLS13": ":PEER_MISBEHAVIOUR:",
"UnofferedExtension-Client-TLS13": ":PEER_MISBEHAVIOUR:",
"RenegotiationInfo-Forbidden-TLS13": ":PEER_MISBEHAVIOUR:",
"UnknownExtension-Client-TLS13": ":PEER_MISBEHAVIOUR:",
"RequestContextInHandshake-TLS13": ":BAD_HANDSHAKE_MSG:",
"UnnecessaryHelloRetryRequest-TLS13Draft22": ":PEER_MISBEHAVIOUR:",
"UnknownCurve-HelloRetryRequest-TLS13": ":PEER_MISBEHAVIOUR:",
"DisabledCurve-HelloRetryRequest-TLS13": ":PEER_MISBEHAVIOUR:",
"HelloRetryRequest-Empty-TLS13": ":PEER_MISBEHAVIOUR:",
"HelloRetryRequest-EmptyCookie-TLS13": ":PEER_MISBEHAVIOUR:",
"HelloRetryRequest-Unknown-TLS13": ":INCOMPATIBLE:",
"ServerBogusVersion": ":BAD_HANDSHAKE_MSG:",
"MinimumVersion-Client-TLS13-TLS12": ":INCOMPATIBLE:",
"MinimumVersion-Client2-TLS13-TLS12": ":INCOMPATIBLE:",
"MinimumVersion-Server-TLS13-TLS12": ":INCOMPATIBLE:",
"MinimumVersion-Server2-TLS13-TLS12": ":INCOMPATIBLE:",
"DuplicateKeyShares-TLS13": ":PEER_MISBEHAVIOUR:",
"PartialEncryptedExtensionsWithServerHello": ":PEER_MISBEHAVIOUR:",
"PartialClientFinishedWithClientHello": ":PEER_MISBEHAVIOUR:",
"PointFormat-EncryptedExtensions-TLS13": ":PEER_MISBEHAVIOUR:",
"Ticket-Forbidden-TLS13": ":PEER_MISBEHAVIOUR:",
"PointFormat-Server-MissingUncompressed": ":INCOMPATIBLE:",
"NegotiatePSKResumption-TLS13": ":PEER_MISBEHAVIOUR:",
"PointFormat-Client-MissingUncompressed": ":PEER_MISBEHAVIOUR:",
"SendUnsolicitedOCSPOnCertificate-TLS13": ":PEER_MISBEHAVIOUR:",
"SendUnsolicitedSCTOnCertificate-TLS13": ":PEER_MISBEHAVIOUR:",
"SendUnknownExtensionOnCertificate-TLS13": ":PEER_MISBEHAVIOUR:",
"LargePlaintext": ":PEER_MISBEHAVIOUR:",
"SendDuplicateExtensionsOnCerts-TLS13": ":PEER_MISBEHAVIOUR:",
"SignedCertificateTimestampListEmpty-Client-TLS12": ":PEER_MISBEHAVIOUR:",
"SignedCertificateTimestampListEmpty-Client-TLS13": ":PEER_MISBEHAVIOUR:",
"SignedCertificateTimestampListEmptySCT-Client-TLS12": ":PEER_MISBEHAVIOUR:",
"SignedCertificateTimestampListEmptySCT-Client-TLS13": ":PEER_MISBEHAVIOUR:",
"EMS-Forbidden-TLS13": ":PEER_MISBEHAVIOUR:",
"Unclean-Shutdown": ":CLOSE_WITHOUT_CLOSE_NOTIFY:",
"SendExtensionOnClientCertificate-TLS13": ":PEER_MISBEHAVIOUR:",
"ExtendedMasterSecret-NoToYes-Client": ":PEER_MISBEHAVIOUR:",
"ExtendedMasterSecret-YesToNo-Server": ":PEER_MISBEHAVIOUR:",
"ExtendedMasterSecret-YesToNo-Client": ":PEER_MISBEHAVIOUR:"
}
}
|