Text file src/crypto/tls/bogo_config.json

     1  {
     2      "DisabledTests": {
     3          "*-Async": "We don't support boringssl concept of async",
     4  
     5          "TLS-ECH-Client-Reject-NoClientCertificate-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
     6          "TLS-ECH-Client-Reject-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
     7          "TLS-ECH-Client-TLS12-RejectRetryConfigs": "We won't attempt to negotiate 1.2 if ECH is enabled",
     8          "TLS-ECH-Client-Rejected-OverrideName-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
     9          "TLS-ECH-Client-Reject-TLS12-NoFalseStart": "We won't attempt to negotiate 1.2 if ECH is enabled",
    10          "TLS-ECH-Client-TLS12SessionTicket": "We won't attempt to negotiate 1.2 if ECH is enabled",
    11          "TLS-ECH-Client-TLS12SessionID": "We won't attempt to negotiate 1.2 if ECH is enabled",
    12  
    13          "TLS-ECH-Client-Reject-ResumeInnerSession-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled (we could possibly test this if we had the ability to indicate not to send ECH on resumption?)",
    14  
    15          "TLS-ECH-Client-Reject-EarlyDataRejected": "Go does not support early (0-RTT) data",
    16  
    17          "TLS-ECH-Client-NoNPN": "We don't support NPN",
    18  
    19          "TLS-ECH-Client-ChannelID": "We don't support sending channel ID",
    20          "TLS-ECH-Client-Reject-NoChannelID-TLS13": "We don't support sending channel ID",
    21          "TLS-ECH-Client-Reject-NoChannelID-TLS12": "We don't support sending channel ID",
    22  
    23          "TLS-ECH-Client-GREASE-IgnoreHRRExtension": "We don't support ECH GREASE because we don't fallback to plaintext",
    24          "TLS-ECH-Client-NoSupportedConfigs-GREASE": "We don't support ECH GREASE because we don't fallback to plaintext",
    25          "TLS-ECH-Client-GREASEExtensions": "We don't support ECH GREASE because we don't fallback to plaintext",
    26          "TLS-ECH-Client-GREASE-NoOverrideName": "We don't support ECH GREASE because we don't fallback to plaintext",
    27  
    28          "TLS-ECH-Client-UnsolicitedInnerServerNameAck": "We don't allow sending empty SNI without skipping certificate verification, TODO: could add special flag to bogo to indicate 'empty sni'",
    29  
    30          "TLS-ECH-Client-NoSupportedConfigs": "We don't support fallback to cleartext when there are no valid ECH configs",
    31          "TLS-ECH-Client-SkipInvalidPublicName": "We don't support fallback to cleartext when there are no valid ECH configs",
    32  
    33          "TLS-ECH-Server-EarlyData": "Go does not support early (0-RTT) data",
    34          "TLS-ECH-Server-EarlyDataRejected": "Go does not support early (0-RTT) data",
    35  
    36          "MLKEMKeyShareIncludedSecond": "BoGo wants us to order the key shares based on its preference, but we don't support that",
    37          "MLKEMKeyShareIncludedThird": "BoGo wants us to order the key shares based on its preference, but we don't support that",
    38          "PostQuantumNotEnabledByDefaultInClients": "We do enable it by default!",
    39          "*-Kyber-TLS13": "We don't support Kyber, only ML-KEM (BoGo bug ignoring AllCurves?)",
    40  
    41          "SendEmptySessionTicket-TLS13": "https://github.com/golang/go/issues/70513",
    42  
    43          "*-SignDefault-*": "TODO, partially it encodes BoringSSL defaults, partially we might be missing some implicit behavior of a missing flag",
    44  
    45          "SendV2ClientHello*": "We don't support SSLv2",
    46          "*QUIC*": "No QUIC support",
    47          "Compliance-fips*": "No FIPS",
    48          "*DTLS*": "No DTLS",
    49          "SendEmptyRecords*": "crypto/tls doesn't implement spam protections",
    50          "SendWarningAlerts*": "crypto/tls doesn't implement spam protections",
    51          "TooManyKeyUpdates": "crypto/tls doesn't implement spam protections (TODO: I think?)",
    52          "KyberNotEnabledByDefaultInClients": "crypto/tls intentionally enables it",
    53          "JustConfiguringKyberWorks": "we always send a X25519 key share with Kyber",
    54          "KyberKeyShareIncludedSecond": "we always send the Kyber key share first",
    55          "KyberKeyShareIncludedThird": "we always send the Kyber key share first",
    56          "SkipNewSessionTicket": "TODO confusing? maybe bug",
    57          "SendUserCanceledAlerts*": "TODO may be a real bug?",
    58          "GREASE-Server-TLS13": "TODO ???",
    59          "GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
    60          "SendBogusAlertType": "sending wrong alert type",
    61          "EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",
    62          "*Client-P-224*": "no P-224 support",
    63          "*Server-P-224*": "no P-224 support",
    64          "CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
    65          "CheckLeafCurve": "TODO: first pass, this should be fixed",
    66          "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
    67          "UnsupportedCurve": "TODO: first pass, this should be fixed",
    68          "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
    69          "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
    70          "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
    71          "TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
    72          "InvalidCompressionMethod": "TODO: first pass, this should be fixed",
    73          "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
    74          "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
    75          "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
    76          "TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
    77          "TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed",
    78          "TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
    79          "TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
    80          "TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
    81          "TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
    82          "RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed",
    83          "RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed",
    84          "RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed",
    85          "ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed",
    86          "MinorVersionTolerance": "TODO: first pass, this should be fixed",
    87          "IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
    88          "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
    89          "MajorVersionTolerance": "TODO: first pass, this should be fixed",
    90          "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
    91          "DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
    92          "UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
    93          "TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed",
    94          "DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed",
    95          "DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed",
    96          "UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed",
    97          "TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed",
    98          "DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed",
    99          "DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed",
   100          "UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed",
   101          "TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed",
   102          "DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed",
   103          "DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed",
   104          "UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed",
   105          "RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed",
   106          "EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed",
   107          "SendUnsolicitedOCSPOnCertificate-TLS13": "TODO: first pass, this should be fixed",
   108          "SendUnsolicitedSCTOnCertificate-TLS13": "TODO: first pass, this should be fixed",
   109          "SendUnknownExtensionOnCertificate-TLS13": "TODO: first pass, this should be fixed",
   110          "Resume-Server-NoTickets-TLS1-TLS1-TLS": "TODO: first pass, this should be fixed",
   111          "Resume-Server-NoTickets-TLS11-TLS11-TLS": "TODO: first pass, this should be fixed",
   112          "Resume-Server-NoTickets-TLS12-TLS12-TLS": "TODO: first pass, this should be fixed",
   113          "Resume-Server-NoPSKBinder": "TODO: first pass, this should be fixed",
   114          "Resume-Server-PSKBinderFirstExtension": "TODO: first pass, this should be fixed",
   115          "Resume-Server-PSKBinderFirstExtension-SecondBinder": "TODO: first pass, this should be fixed",
   116          "Resume-Server-NoPSKBinder-SecondBinder": "TODO: first pass, this should be fixed",
   117          "Resume-Server-OmitPSKsOnSecondClientHello": "TODO: first pass, this should be fixed",
   118          "Renegotiate-Server-Forbidden": "TODO: first pass, this should be fixed",
   119          "Renegotiate-Client-Forbidden-1": "TODO: first pass, this should be fixed",
   120          "Client-Sign-RSA_PKCS1_SHA1-TLS13": "TODO: first pass, this should be fixed",
   121          "Client-Sign-RSA_PKCS1_SHA256-TLS13": "TODO: first pass, this should be fixed",
   122          "Client-Sign-RSA_PKCS1_SHA384-TLS13": "TODO: first pass, this should be fixed",
   123          "Client-Sign-RSA_PKCS1_SHA512-TLS13": "TODO: first pass, this should be fixed",
   124          "Client-Sign-ECDSA_SHA1-TLS13": "TODO: first pass, this should be fixed",
   125          "Client-Sign-ECDSA_P224_SHA256-TLS13": "TODO: first pass, this should be fixed",
   126          "ClientAuth-NoFallback-TLS13": "TODO: first pass, this should be fixed",
   127          "ClientAuth-NoFallback-ECDSA": "TODO: first pass, this should be fixed",
   128          "ClientAuth-NoFallback-RSA": "TODO: first pass, this should be fixed",
   129          "ECDSACurveMismatch-Verify-TLS13": "TODO: first pass, this should be fixed",
   130          "Ed25519DefaultDisable-NoAdvertise": "TODO: first pass, this should be fixed",
   131          "Ed25519DefaultDisable-NoAccept": "TODO: first pass, this should be fixed",
   132          "NoCommonSignatureAlgorithms-TLS12-Fallback": "TODO: first pass, this should be fixed",
   133          "UnknownExtension-Client": "TODO: first pass, this should be fixed",
   134          "UnknownUnencryptedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
   135          "UnofferedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
   136          "UnknownExtension-Client-TLS13": "TODO: first pass, this should be fixed",
   137          "SendClientVersion-RSA": "TODO: first pass, this should be fixed",
   138          "NoCommonCurves": "TODO: first pass, this should be fixed",
   139          "PointFormat-EncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
   140          "PointFormat-Client-MissingUncompressed": "TODO: first pass, this should be fixed",
   141          "TLS13-SendNoKEMModesWithPSK-Server": "TODO: first pass, this should be fixed",
   142          "TLS13-DuplicateTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
   143          "Basic-Client-NoTicket-TLS-Sync": "TODO: first pass, this should be fixed",
   144          "Basic-Server-RSA-TLS-Sync": "TODO: first pass, this should be fixed",
   145          "Basic-Client-NoTicket-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
   146          "Basic-Server-RSA-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
   147          "Basic-Client-NoTicket-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
   148          "Basic-Server-RSA-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
   149          "PartialSecondClientHelloAfterFirst": "TODO: first pass, this should be fixed",
   150          "PartialServerHelloWithHelloRetryRequest": "TODO: first pass, this should be fixed",
   151          "TrailingDataWithFinished-Server-TLS1": "TODO: first pass, this should be fixed",
   152          "PartialClientKeyExchangeWithClientHello": "TODO: first pass, this should be fixed",
   153          "TrailingDataWithFinished-Resume-Server-TLS1": "TODO: first pass, this should be fixed",
   154          "TrailingDataWithFinished-Resume-Client-TLS11": "TODO: first pass, this should be fixed",
   155          "TrailingDataWithFinished-Client-TLS1": "TODO: first pass, this should be fixed",
   156          "TrailingDataWithFinished-Client-TLS11": "TODO: first pass, this should be fixed",
   157          "TrailingDataWithFinished-Client-TLS12": "TODO: first pass, this should be fixed",
   158          "TrailingDataWithFinished-Client-TLS13": "TODO: first pass, this should be fixed",
   159          "PartialNewSessionTicketWithServerHelloDone": "TODO: first pass, this should be fixed",
   160          "TrailingDataWithFinished-Server-TLS11": "TODO: first pass, this should be fixed",
   161          "TrailingDataWithFinished-Server-TLS12": "TODO: first pass, this should be fixed",
   162          "TrailingDataWithFinished-Resume-Server-TLS11": "TODO: first pass, this should be fixed",
   163          "TrailingDataWithFinished-Resume-Client-TLS12": "TODO: first pass, this should be fixed",
   164          "TrailingDataWithFinished-Resume-Server-TLS12": "TODO: first pass, this should be fixed",
   165          "TrailingDataWithFinished-Resume-Client-TLS13": "TODO: first pass, this should be fixed",
   166          "TrailingDataWithFinished-Resume-Client-TLS1": "TODO: first pass, this should be fixed",
   167          "TrailingMessageData-ClientHello-TLS": "TODO: first pass, this should be fixed",
   168          "TrailingMessageData-ServerHello-TLS": "TODO: first pass, this should be fixed",
   169          "TrailingMessageData-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
   170          "TrailingMessageData-ServerHelloDone-TLS": "TODO: first pass, this should be fixed",
   171          "TrailingMessageData-ServerKeyExchange-TLS": "TODO: first pass, this should be fixed",
   172          "TrailingMessageData-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
   173          "TrailingMessageData-CertificateVerify-TLS": "TODO: first pass, this should be fixed",
   174          "TrailingMessageData-ServerFinished-TLS": "TODO: first pass, this should be fixed",
   175          "TrailingMessageData-ClientKeyExchange-TLS": "TODO: first pass, this should be fixed",
   176          "TrailingMessageData-TLS13-ClientHello-TLS": "TODO: first pass, this should be fixed",
   177          "TrailingMessageData-ClientFinished-TLS": "TODO: first pass, this should be fixed",
   178          "TrailingMessageData-NewSessionTicket-TLS": "TODO: first pass, this should be fixed",
   179          "TrailingMessageData-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
   180          "TrailingMessageData-TLS13-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
   181          "TrailingMessageData-TLS13-ServerCertificateVerify-TLS": "TODO: first pass, this should be fixed",
   182          "TrailingMessageData-TLS13-EncryptedExtensions-TLS": "TODO: first pass, this should be fixed",
   183          "TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
   184          "TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed",
   185          "TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
   186          "ResumeTLS12SessionID-TLS13": "TODO: first pass, this should be fixed",
   187          "SkipEarlyData-TLS13": "TODO: first pass, this should be fixed",
   188          "DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed",
   189          "Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed",
   190          "Client-TooLongSessionID": "TODO: first pass, this should be fixed",
   191          "Client-ShortSessionID": "TODO: first pass, this should be fixed",
   192          "TLS12NoSessionID-TLS13": "TODO: first pass, this should be fixed",
   193          "Server-TooLongSessionID-TLS12": "TODO: first pass, this should be fixed",
   194          "EmptyEncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
   195          "SkipEarlyData-SecondClientHelloEarlyData-TLS13": "TODO: first pass, this should be fixed",
   196          "EncryptedExtensionsWithKeyShare-TLS13": "TODO: first pass, this should be fixed",
   197          "HelloRetryRequest-DuplicateCurve-TLS13": "TODO: first pass, this should be fixed",
   198          "HelloRetryRequest-DuplicateCookie-TLS13": "TODO: first pass, this should be fixed",
   199          "HelloRetryRequest-Unknown-TLS13": "TODO: first pass, this should be fixed",
   200          "SendPostHandshakeChangeCipherSpec-TLS13": "TODO: first pass, this should be fixed",
   201          "ECDSAKeyUsage-Server-TLS12": "TODO: first pass, this should be fixed",
   202          "ECDSAKeyUsage-Server-TLS13": "TODO: first pass, this should be fixed",
   203          "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS1": "TODO: first pass, this should be fixed",
   204          "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS1": "TODO: first pass, this should be fixed",
   205          "RSAKeyUsage-Client-WantSignature-GotSignature-TLS1": "TODO: first pass, this should be fixed",
   206          "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS11": "TODO: first pass, this should be fixed",
   207          "RSAKeyUsage-Client-WantSignature-GotSignature-TLS11": "TODO: first pass, this should be fixed",
   208          "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS12": "TODO: first pass, this should be fixed",
   209          "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS12": "TODO: first pass, this should be fixed",
   210          "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS11": "TODO: first pass, this should be fixed",
   211          "RSAKeyUsage-Client-WantSignature-GotSignature-TLS12": "TODO: first pass, this should be fixed",
   212          "RSAKeyUsage-Client-WantSignature-GotSignature-TLS13": "TODO: first pass, this should be fixed",
   213          "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS13": "TODO: first pass, this should be fixed",
   214          "EmptyExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
   215          "OmitExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
   216          "EmptyExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
   217          "OmitExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
   218          "EmptyExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
   219          "OmitExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
   220          "DuplicateCertCompressionExt-TLS12": "TODO: first pass, this should be fixed",
   221          "DuplicateCertCompressionExt-TLS13": "TODO: first pass, this should be fixed",
   222          "Client-RejectJDK11DowngradeRandom": "TODO: first pass, this should be fixed",
   223          "CheckClientCertificateTypes": "TODO: first pass, this should be fixed",
   224          "CheckECDSACurve-TLS12": "TODO: first pass, this should be fixed",
   225          "ALPNClient-RejectUnknown-TLS-TLS1": "TODO: first pass, this should be fixed",
   226          "ALPNClient-RejectUnknown-TLS-TLS11": "TODO: first pass, this should be fixed",
   227          "ALPNClient-RejectUnknown-TLS-TLS12": "TODO: first pass, this should be fixed",
   228          "ALPNClient-RejectUnknown-TLS-TLS13": "TODO: first pass, this should be fixed",
   229          "ClientHelloPadding": "TODO: first pass, this should be fixed",
   230          "TLS13-ExpectTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
   231          "TLS13-EarlyData-TooMuchData-Client-TLS-Sync": "TODO: first pass, this should be fixed",
   232          "TLS13-EarlyData-TooMuchData-Client-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
   233          "TLS13-EarlyData-TooMuchData-Client-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
   234          "WrongMessageType-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
   235          "TrailingMessageData-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
   236          "SendHelloRetryRequest-2-TLS13": "TODO: first pass, this should be fixed",
   237          "EarlyData-SkipEndOfEarlyData-TLS13": "TODO: first pass, this should be fixed",
   238          "EarlyData-Server-BadFinished-TLS13": "TODO: first pass, this should be fixed",
   239          "EarlyData-UnexpectedHandshake-Server-TLS13": "TODO: first pass, this should be fixed",
   240          "EarlyData-CipherMismatch-Client-TLS13": "TODO: first pass, this should be fixed",
   241          "Resume-Server-UnofferedCipher-TLS13": "TODO: first pass, this should be fixed"
   242      },
   243      "AllCurves": [
   244          23,
   245          24,
   246          25,
   247          29,
   248          4588
   249      ],
   250      "ErrorMap": {
   251          ":ECH_REJECTED:": "tls: server rejected ECH"
   252      }
   253  }
   254  

View as plain text