Text file
src/crypto/tls/bogo_config.json
1{
2 "DisabledTests": {
3 "*-Async": "We don't support boringssl concept of async",
4
5 "TLS-ECH-Client-Reject-NoClientCertificate-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
6 "TLS-ECH-Client-Reject-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
7 "TLS-ECH-Client-TLS12-RejectRetryConfigs": "We won't attempt to negotiate 1.2 if ECH is enabled",
8 "TLS-ECH-Client-Rejected-OverrideName-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
9 "TLS-ECH-Client-Reject-TLS12-NoFalseStart": "We won't attempt to negotiate 1.2 if ECH is enabled",
10 "TLS-ECH-Client-TLS12SessionTicket": "We won't attempt to negotiate 1.2 if ECH is enabled",
11 "TLS-ECH-Client-TLS12SessionID": "We won't attempt to negotiate 1.2 if ECH is enabled",
12
13 "TLS-ECH-Client-Reject-ResumeInnerSession-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled (we could possibly test this if we had the ability to indicate not to send ECH on resumption?)",
14
15 "TLS-ECH-Client-Reject-EarlyDataRejected": "Go does not support early (0-RTT) data",
16
17 "TLS-ECH-Client-NoNPN": "We don't support NPN",
18
19 "TLS-ECH-Client-ChannelID": "We don't support sending channel ID",
20 "TLS-ECH-Client-Reject-NoChannelID-TLS13": "We don't support sending channel ID",
21 "TLS-ECH-Client-Reject-NoChannelID-TLS12": "We don't support sending channel ID",
22
23 "TLS-ECH-Client-GREASE-IgnoreHRRExtension": "We don't support ECH GREASE because we don't fallback to plaintext",
24 "TLS-ECH-Client-NoSupportedConfigs-GREASE": "We don't support ECH GREASE because we don't fallback to plaintext",
25 "TLS-ECH-Client-GREASEExtensions": "We don't support ECH GREASE because we don't fallback to plaintext",
26 "TLS-ECH-Client-GREASE-NoOverrideName": "We don't support ECH GREASE because we don't fallback to plaintext",
27
28 "TLS-ECH-Client-UnsolicitedInnerServerNameAck": "We don't allow sending empty SNI without skipping certificate verification, TODO: could add special flag to bogo to indicate 'empty sni'",
29
30 "TLS-ECH-Client-NoSupportedConfigs": "We don't support fallback to cleartext when there are no valid ECH configs",
31 "TLS-ECH-Client-SkipInvalidPublicName": "We don't support fallback to cleartext when there are no valid ECH configs",
32
33 "TLS-ECH-Server-EarlyData": "Go does not support early (0-RTT) data",
34 "TLS-ECH-Server-EarlyDataRejected": "Go does not support early (0-RTT) data",
35
36 "MLKEMKeyShareIncludedSecond": "BoGo wants us to order the key shares based on its preference, but we don't support that",
37 "MLKEMKeyShareIncludedThird": "BoGo wants us to order the key shares based on its preference, but we don't support that",
38 "PostQuantumNotEnabledByDefaultInClients": "We do enable it by default!",
39 "*-Kyber-TLS13": "We don't support Kyber, only ML-KEM (BoGo bug ignoring AllCurves?)",
40
41 "SendEmptySessionTicket-TLS13": "https://github.com/golang/go/issues/70513",
42
43 "*-SignDefault-*": "TODO, partially it encodes BoringSSL defaults, partially we might be missing some implicit behavior of a missing flag",
44
45 "SendV2ClientHello*": "We don't support SSLv2",
46 "*QUIC*": "No QUIC support",
47 "Compliance-fips*": "No FIPS",
48 "*DTLS*": "No DTLS",
49 "SendEmptyRecords*": "crypto/tls doesn't implement spam protections",
50 "SendWarningAlerts*": "crypto/tls doesn't implement spam protections",
51 "TooManyKeyUpdates": "crypto/tls doesn't implement spam protections (TODO: I think?)",
52 "KyberNotEnabledByDefaultInClients": "crypto/tls intentionally enables it",
53 "JustConfiguringKyberWorks": "we always send a X25519 key share with Kyber",
54 "KyberKeyShareIncludedSecond": "we always send the Kyber key share first",
55 "KyberKeyShareIncludedThird": "we always send the Kyber key share first",
56 "SkipNewSessionTicket": "TODO confusing? maybe bug",
57 "SendUserCanceledAlerts*": "TODO may be a real bug?",
58 "GREASE-Server-TLS13": "TODO ???",
59 "GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
60 "SendBogusAlertType": "sending wrong alert type",
61 "EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",
62 "*Client-P-224*": "no P-224 support",
63 "*Server-P-224*": "no P-224 support",
64 "CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
65 "CheckLeafCurve": "TODO: first pass, this should be fixed",
66 "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
67 "UnsupportedCurve": "TODO: first pass, this should be fixed",
68 "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
69 "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
70 "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
71 "TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
72 "InvalidCompressionMethod": "TODO: first pass, this should be fixed",
73 "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
74 "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
75 "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
76 "TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
77 "TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed",
78 "TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
79 "TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
80 "TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
81 "TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
82 "RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed",
83 "RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed",
84 "RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed",
85 "ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed",
86 "MinorVersionTolerance": "TODO: first pass, this should be fixed",
87 "IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
88 "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
89 "MajorVersionTolerance": "TODO: first pass, this should be fixed",
90 "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
91 "DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
92 "UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
93 "TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed",
94 "DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed",
95 "DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed",
96 "UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed",
97 "TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed",
98 "DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed",
99 "DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed",
100 "UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed",
101 "TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed",
102 "DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed",
103 "DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed",
104 "UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed",
105 "RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed",
106 "EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed",
107 "SendUnsolicitedOCSPOnCertificate-TLS13": "TODO: first pass, this should be fixed",
108 "SendUnsolicitedSCTOnCertificate-TLS13": "TODO: first pass, this should be fixed",
109 "SendUnknownExtensionOnCertificate-TLS13": "TODO: first pass, this should be fixed",
110 "Resume-Server-NoTickets-TLS1-TLS1-TLS": "TODO: first pass, this should be fixed",
111 "Resume-Server-NoTickets-TLS11-TLS11-TLS": "TODO: first pass, this should be fixed",
112 "Resume-Server-NoTickets-TLS12-TLS12-TLS": "TODO: first pass, this should be fixed",
113 "Resume-Server-NoPSKBinder": "TODO: first pass, this should be fixed",
114 "Resume-Server-PSKBinderFirstExtension": "TODO: first pass, this should be fixed",
115 "Resume-Server-PSKBinderFirstExtension-SecondBinder": "TODO: first pass, this should be fixed",
116 "Resume-Server-NoPSKBinder-SecondBinder": "TODO: first pass, this should be fixed",
117 "Resume-Server-OmitPSKsOnSecondClientHello": "TODO: first pass, this should be fixed",
118 "Renegotiate-Server-Forbidden": "TODO: first pass, this should be fixed",
119 "Renegotiate-Client-Forbidden-1": "TODO: first pass, this should be fixed",
120 "Client-Sign-RSA_PKCS1_SHA1-TLS13": "TODO: first pass, this should be fixed",
121 "Client-Sign-RSA_PKCS1_SHA256-TLS13": "TODO: first pass, this should be fixed",
122 "Client-Sign-RSA_PKCS1_SHA384-TLS13": "TODO: first pass, this should be fixed",
123 "Client-Sign-RSA_PKCS1_SHA512-TLS13": "TODO: first pass, this should be fixed",
124 "Client-Sign-ECDSA_SHA1-TLS13": "TODO: first pass, this should be fixed",
125 "Client-Sign-ECDSA_P224_SHA256-TLS13": "TODO: first pass, this should be fixed",
126 "ClientAuth-NoFallback-TLS13": "TODO: first pass, this should be fixed",
127 "ClientAuth-NoFallback-ECDSA": "TODO: first pass, this should be fixed",
128 "ClientAuth-NoFallback-RSA": "TODO: first pass, this should be fixed",
129 "ECDSACurveMismatch-Verify-TLS13": "TODO: first pass, this should be fixed",
130 "Ed25519DefaultDisable-NoAdvertise": "TODO: first pass, this should be fixed",
131 "Ed25519DefaultDisable-NoAccept": "TODO: first pass, this should be fixed",
132 "NoCommonSignatureAlgorithms-TLS12-Fallback": "TODO: first pass, this should be fixed",
133 "UnknownExtension-Client": "TODO: first pass, this should be fixed",
134 "UnknownUnencryptedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
135 "UnofferedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
136 "UnknownExtension-Client-TLS13": "TODO: first pass, this should be fixed",
137 "SendClientVersion-RSA": "TODO: first pass, this should be fixed",
138 "NoCommonCurves": "TODO: first pass, this should be fixed",
139 "PointFormat-EncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
140 "PointFormat-Client-MissingUncompressed": "TODO: first pass, this should be fixed",
141 "TLS13-SendNoKEMModesWithPSK-Server": "TODO: first pass, this should be fixed",
142 "TLS13-DuplicateTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
143 "Basic-Client-NoTicket-TLS-Sync": "TODO: first pass, this should be fixed",
144 "Basic-Server-RSA-TLS-Sync": "TODO: first pass, this should be fixed",
145 "Basic-Client-NoTicket-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
146 "Basic-Server-RSA-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
147 "Basic-Client-NoTicket-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
148 "Basic-Server-RSA-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
149 "PartialSecondClientHelloAfterFirst": "TODO: first pass, this should be fixed",
150 "PartialServerHelloWithHelloRetryRequest": "TODO: first pass, this should be fixed",
151 "TrailingDataWithFinished-Server-TLS1": "TODO: first pass, this should be fixed",
152 "PartialClientKeyExchangeWithClientHello": "TODO: first pass, this should be fixed",
153 "TrailingDataWithFinished-Resume-Server-TLS1": "TODO: first pass, this should be fixed",
154 "TrailingDataWithFinished-Resume-Client-TLS11": "TODO: first pass, this should be fixed",
155 "TrailingDataWithFinished-Client-TLS1": "TODO: first pass, this should be fixed",
156 "TrailingDataWithFinished-Client-TLS11": "TODO: first pass, this should be fixed",
157 "TrailingDataWithFinished-Client-TLS12": "TODO: first pass, this should be fixed",
158 "TrailingDataWithFinished-Client-TLS13": "TODO: first pass, this should be fixed",
159 "PartialNewSessionTicketWithServerHelloDone": "TODO: first pass, this should be fixed",
160 "TrailingDataWithFinished-Server-TLS11": "TODO: first pass, this should be fixed",
161 "TrailingDataWithFinished-Server-TLS12": "TODO: first pass, this should be fixed",
162 "TrailingDataWithFinished-Resume-Server-TLS11": "TODO: first pass, this should be fixed",
163 "TrailingDataWithFinished-Resume-Client-TLS12": "TODO: first pass, this should be fixed",
164 "TrailingDataWithFinished-Resume-Server-TLS12": "TODO: first pass, this should be fixed",
165 "TrailingDataWithFinished-Resume-Client-TLS13": "TODO: first pass, this should be fixed",
166 "TrailingDataWithFinished-Resume-Client-TLS1": "TODO: first pass, this should be fixed",
167 "TrailingMessageData-ClientHello-TLS": "TODO: first pass, this should be fixed",
168 "TrailingMessageData-ServerHello-TLS": "TODO: first pass, this should be fixed",
169 "TrailingMessageData-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
170 "TrailingMessageData-ServerHelloDone-TLS": "TODO: first pass, this should be fixed",
171 "TrailingMessageData-ServerKeyExchange-TLS": "TODO: first pass, this should be fixed",
172 "TrailingMessageData-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
173 "TrailingMessageData-CertificateVerify-TLS": "TODO: first pass, this should be fixed",
174 "TrailingMessageData-ServerFinished-TLS": "TODO: first pass, this should be fixed",
175 "TrailingMessageData-ClientKeyExchange-TLS": "TODO: first pass, this should be fixed",
176 "TrailingMessageData-TLS13-ClientHello-TLS": "TODO: first pass, this should be fixed",
177 "TrailingMessageData-ClientFinished-TLS": "TODO: first pass, this should be fixed",
178 "TrailingMessageData-NewSessionTicket-TLS": "TODO: first pass, this should be fixed",
179 "TrailingMessageData-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
180 "TrailingMessageData-TLS13-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
181 "TrailingMessageData-TLS13-ServerCertificateVerify-TLS": "TODO: first pass, this should be fixed",
182 "TrailingMessageData-TLS13-EncryptedExtensions-TLS": "TODO: first pass, this should be fixed",
183 "TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
184 "TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed",
185 "TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
186 "ResumeTLS12SessionID-TLS13": "TODO: first pass, this should be fixed",
187 "SkipEarlyData-TLS13": "TODO: first pass, this should be fixed",
188 "DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed",
189 "Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed",
190 "Client-TooLongSessionID": "TODO: first pass, this should be fixed",
191 "Client-ShortSessionID": "TODO: first pass, this should be fixed",
192 "TLS12NoSessionID-TLS13": "TODO: first pass, this should be fixed",
193 "Server-TooLongSessionID-TLS12": "TODO: first pass, this should be fixed",
194 "EmptyEncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
195 "SkipEarlyData-SecondClientHelloEarlyData-TLS13": "TODO: first pass, this should be fixed",
196 "EncryptedExtensionsWithKeyShare-TLS13": "TODO: first pass, this should be fixed",
197 "HelloRetryRequest-DuplicateCurve-TLS13": "TODO: first pass, this should be fixed",
198 "HelloRetryRequest-DuplicateCookie-TLS13": "TODO: first pass, this should be fixed",
199 "HelloRetryRequest-Unknown-TLS13": "TODO: first pass, this should be fixed",
200 "SendPostHandshakeChangeCipherSpec-TLS13": "TODO: first pass, this should be fixed",
201 "ECDSAKeyUsage-Server-TLS12": "TODO: first pass, this should be fixed",
202 "ECDSAKeyUsage-Server-TLS13": "TODO: first pass, this should be fixed",
203 "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS1": "TODO: first pass, this should be fixed",
204 "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS1": "TODO: first pass, this should be fixed",
205 "RSAKeyUsage-Client-WantSignature-GotSignature-TLS1": "TODO: first pass, this should be fixed",
206 "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS11": "TODO: first pass, this should be fixed",
207 "RSAKeyUsage-Client-WantSignature-GotSignature-TLS11": "TODO: first pass, this should be fixed",
208 "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS12": "TODO: first pass, this should be fixed",
209 "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS12": "TODO: first pass, this should be fixed",
210 "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS11": "TODO: first pass, this should be fixed",
211 "RSAKeyUsage-Client-WantSignature-GotSignature-TLS12": "TODO: first pass, this should be fixed",
212 "RSAKeyUsage-Client-WantSignature-GotSignature-TLS13": "TODO: first pass, this should be fixed",
213 "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS13": "TODO: first pass, this should be fixed",
214 "EmptyExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
215 "OmitExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
216 "EmptyExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
217 "OmitExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
218 "EmptyExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
219 "OmitExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
220 "DuplicateCertCompressionExt-TLS12": "TODO: first pass, this should be fixed",
221 "DuplicateCertCompressionExt-TLS13": "TODO: first pass, this should be fixed",
222 "Client-RejectJDK11DowngradeRandom": "TODO: first pass, this should be fixed",
223 "CheckClientCertificateTypes": "TODO: first pass, this should be fixed",
224 "CheckECDSACurve-TLS12": "TODO: first pass, this should be fixed",
225 "ALPNClient-RejectUnknown-TLS-TLS1": "TODO: first pass, this should be fixed",
226 "ALPNClient-RejectUnknown-TLS-TLS11": "TODO: first pass, this should be fixed",
227 "ALPNClient-RejectUnknown-TLS-TLS12": "TODO: first pass, this should be fixed",
228 "ALPNClient-RejectUnknown-TLS-TLS13": "TODO: first pass, this should be fixed",
229 "ClientHelloPadding": "TODO: first pass, this should be fixed",
230 "TLS13-ExpectTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
231 "TLS13-EarlyData-TooMuchData-Client-TLS-Sync": "TODO: first pass, this should be fixed",
232 "TLS13-EarlyData-TooMuchData-Client-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
233 "TLS13-EarlyData-TooMuchData-Client-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
234 "WrongMessageType-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
235 "TrailingMessageData-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
236 "SendHelloRetryRequest-2-TLS13": "TODO: first pass, this should be fixed",
237 "EarlyData-SkipEndOfEarlyData-TLS13": "TODO: first pass, this should be fixed",
238 "EarlyData-Server-BadFinished-TLS13": "TODO: first pass, this should be fixed",
239 "EarlyData-UnexpectedHandshake-Server-TLS13": "TODO: first pass, this should be fixed",
240 "EarlyData-CipherMismatch-Client-TLS13": "TODO: first pass, this should be fixed",
241 "Resume-Server-UnofferedCipher-TLS13": "TODO: first pass, this should be fixed"
242 },
243 "AllCurves": [
244 23,
245 24,
246 25,
247 29,
248 4588
249 ],
250 "ErrorMap": {
251 ":ECH_REJECTED:": "tls: server rejected ECH"
252 }
253}
View as plain text