Source code
Revision control
Copy as Markdown
Other Tools
{
"DisabledTests": {
"####################":"####################",
"### Failures due to Bogo/NSS specifics":"",
"####################":"####################",
"SendEmptyRecords":"Bogo allows only 32 empty records to be sent before other TLS messages.",
"SendUserCanceledAlerts-TooMany-TLS13":"Bogo allows only 5 user canceled alerts to be sent.",
"SendWarningAlerts-TooMany":"Bogo allows only 5 warning alerts to be sent.",
"TooManyKeyUpdates":"Bogo allows only 32 KeyUpdate messages to be sent.",
"UnsolicitedServerNameAck-TLS*":"Boring wants us to fail with an unexpected_extension alert, we simply ignore ssl_server_name_xtn.",
"DuplicateCertCompressionExt*":"BoGo expects that an alert is sent if more than one compression algorithm is sent.",
"*Auth-SHA1-Fallback*":"Boring wants us to fall back to SHA-1 if supported_signature_algorithms in CR is empty.",
"NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2",
"Client-RejectJDK11DowngradeRandom":"This random is not specified in RFC8446.",
"Renegotiate-Server-Forbidden":"TLS 1.2 test, renegotiation is allowed in NSS.",
"EmptySessionID-TLS13":"This test also asserts BoringSSL always sending CCS messages for compatibility mode.",
"Http*":"Test sends http string to socket before handshake. his data is interpreted as a record header and leads to different IO errors in NSS.",
"V2ClientHello*":"Prefix data before V2 ClientHello leads to IO errors in NSS.",
"Server-JDK11-NoWorkaround-3":"Unexpected Bogo crash.",
"Resume-Server-UnofferedCipher-TLS13":"Bogo rejects resumption if client offers previously not used ciphersuites with equal hash algorithm (no 0Rtt).",
"EarlyData-FirstTicket-Server-TLS13":"Bogo provides specific early data logging which is the only check in this test but not supported by NSS.",
"CheckLeafCurve":"NSS doesn't require ECDSA curve to match ECDH curve",
"UnsupportedCurve":"NSS doesn't require ECDSA curve to match ECDH curve",
"Client-VerifyDefault-ECDSA_P521_SHA512-*":"Boring expects a failure because it doesn't enable ECDSA_P521_SHA512 by default",
"Client-VerifyDefault-ECDSA_SHA1-TLS12":"Boring expects a failure because it doesn't enable ECDSA_SHA1 by default",
"CurveTest-*-P-224-*":"NSS does not support P-224",
"*-*-*ECDSA_P224_SHA256-TLS12": "NSS does not support P-224",
"*NoSSL3*":"Test passes but only because of handshake failure, NSS only rejects SSL3 immediately in TLS1.3 clients/servers.",
"GarbageInitialRecordVersion-TLS*":"NSS doesn't strictly check the ClientHello record version.",
"PointFormat-Client-MissingUncompressed":"NSS ignores ec_point_formats extensions sent by servers.",
"SkipEarlyData-Interleaved-TLS13":"NSS ignores invalid early data records by default since ssl_0rtt_ignore_trial is default. Bug 1336916",
"ECDSAKeyUsage*":"NSS only checks KeyUsage on server setup and with delegated credential verification. Bug 1338194",
"RSAKeyUsage-*-WantSignature-GotEncipherment-*":"NSS only checks KeyUsage on server setup and with delegated credential verification. See Bug 1338194",
"RSAKeyUsage-*-WantEncipherment-GotSignature-*":"NSS only checks KeyUsage on server setup and with delegated credential verification. See Bug 1338194",
"TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"NSS Server side bug. Don't send ticket when not permitted by KE modes (Bug 1317635)",
"Resume-Server-OmitPSKsOnSecondClientHello":"NSS Server side bug. It does not detect ClientHello dropping of PSK extension (after HRR).",
"Renegotiate-Client-Forbidden-1":"By default NSS allows renegotiation with extension contrary to bogo.",
"TrailingData*":"NSS does only check for trailing data on possible key change handshake messages in TLS 1.3",
"Partial*":"See TrailingData* description.",
"QUIC-ECH*":"NSS does not support QUIC.",
"*ECH*SkipInvalidPublicName*":"NSS allows hostnames to include underscores in contrary to the spec. Bug 1136616",
"*ECH*CompressSupportedVersions":"NSS never compresses supported versions, Bogo does if CHOuter is TLS 1.3 only (equal to CHInner).",
"*ECH*NoSupportedConfigs*":"NSS throws error if unsupported but well formed retry configs could not be set on client, Bogo just does not offer ECH.",
"*ECH*RandomHRR*":"NSS sends real ECH in CH2 after receiving HRR rejcting ECH formally, Bogo expects instant ech_required alert. Bug 1779357",
"*ECH*UnsolicitedInnerServerNameAck":"NSS always sends SNI in CHInner, Bogo tests if the client detects an unsolicited SNI in SH if CHInner did not include it. Bug 1781224",
"CorruptTicket-TLS-TLS12":"NSS sends an alert on reception of a corrupted session ticket instead of falling back to full handshake. Bug 1783812",
"FalseStart-ALPN*":"TODO - Implementing TLS 1.2 only FalseStart has low priority.",
"CertCompressionPriority-TLS13" : "The preference setting used in NSS: the first advertised supported compression algorithm.",
"Server-Verify*":"Runner doesn't set the appropriate cert-file and key-file arguments",
"Client-Sign-Negotiate-*":"Runner doesn't set the appropriate cert-file and key-file arguments",
"NotJustKyberKeyShare":"Boring always sends a pre-quantum share with Xyber768 (if one is configured)",
"KyberKeyShareIncludedSecond":"Boring sends Xyber768 even if is not the client's first preference",
"KyberKeyShareIncludedThird":"Boring sends Xyber768 even if is not the client's first preference",
"####################":"####################",
"### TLS1/11 failures due to unsupported signature algorithms":"",
"####################":"####################",
"FallbackSCSV":"",
"TicketSessionIDLength*":"",
"NoExtendedMasterSecret-TLS1-Server":"",
"NoExtendedMasterSecret-TLS11-Server":"",
"TLS1-Server-ClientAuth*":"",
"TLS11-Server-ClientAuth*":"",
"Resume-Server-TLS1-TLS1-TLS":"",
"Resume-Server-TLS11-TLS11-TLS":"",
"Resume-Server-NoTickets-TLS1-TLS1-TLS":"",
"Resume-Server-NoTickets-TLS11-TLS11-TLS":"",
"VersionNegotiation-Server*-TLS1-TLS":"",
"VersionNegotiation-Server*-TLS11-TLS":"",
"MinimumVersion-Server*-TLS1-TLS1-TLS":"",
"MinimumVersion-Server*-TLS1-TLS11-TLS":"",
"MinimumVersion-Server*-TLS11-TLS11-TLS":"",
"GarbageCertificate-Server-TLS1":"",
"GarbageCertificate-Server-TLS11":"",
"LooseInitialRecordVersion-TLS1":"",
"LooseInitialRecordVersion-TLS11":"",
"*Certificate-TLS1":"",
"*Certificate-TLS11":"",
"CorruptTicket*TLS1":"",
"CorruptTicket*TLS11":"",
"Resume-Server*TLS1-*":"",
"Resume-Server*TLS11-*":"",
"Server-Sign-ECDSA-TLS1":"",
"Server-Sign-ECDSA-TLS11":"",
"Server-Sign-RSA-TLS1":"",
"Server-Sign-RSA-TLS11":"",
"CurveTest-Server-P-*-TLS1":"",
"CurveTest-Server-P-*-TLS11":"",
"CurveTest-Server-X25519-TLS1":"",
"CurveTest-Server-X25519-TLS11":"",
"BadRSAClientKeyExchange-*":"This is a TLS11 only test.",
"RSAKeyUsage-Server-WantSignature-GotSignature-TLS1":"Only Server side of TLS 1 fails",
"RSAKeyUsage-Server-WantSignature-GotSignature-TLS11":"Only Server side of TLS 11 fails",
"":""
},
"ErrorMap" : {
}
}