| { |
| "DisabledTests": { |
| "### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"", |
| "*TLS13Draft*":"NSS supports RFC 8446 only.", |
| "IgnoreClientVersionOrder":"Uses draft23", |
| "DuplicateCertCompressionExt*":"BoGo expects that an alert is sent if more than one compression algorithm is sent.", |
| "ServerBogusVersion":"Check that SH.legacy_version=TLS12 when the server picks TLS 1.3 (Bug 1443761)", |
| "DummyPQPadding-Server*":"Boring is testing a dummy PQ padding extension", |
| "VerifyPreferences-Enforced":"NSS sends alerts in response to errors in protected handshake messages in the clear", |
| "Draft-Downgrade-Server":"Boring implements a draft downgrade sentinel used for measurements.", |
| "FilterExtraAlgorithms":"NSS doesn't allow sending unsupported signature algorithms", |
| "SendBogusAlertType":"Unexpected TLS alerts should abort connections (Bug 1438263)", |
| "VerifyPreferences-Ed25519":"Add Ed25519 support (Bug 1325335)", |
| "Ed25519DefaultDisable*":"Add Ed25519 support (Bug 1325335)", |
| "ServerCipherFilter*":"Add Ed25519 support (Bug 1325335)", |
| "GarbageCertificate*":"Send bad_certificate alert when certificate parsing fails (Bug 1441565)", |
| "SupportedVersionSelection-TLS12":"Should maybe reject TLS 1.2 in SH.supported_versions (Bug 1438266)", |
| "Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)", |
| "Resume-Server-NoPSKBinder":"Alert disagreement (Bug 1317633)", |
| "CheckRecordVersion-TLS*":"Bug 1317634", |
| "GarbageInitialRecordVersion-TLS*":"NSS doesn't strictly check the ClientHello record version", |
| "GREASE-Server-TLS13":"BoringSSL GREASEs without a flag, but we ignore it", |
| "TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"Bug in NSS. Don't send ticket when not permitted by KE modes (Bug 1317635)", |
| "*KeyUpdate*":"KeyUpdate Unimplemented", |
| "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975", |
| "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts", |
| "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3", |
| "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records", |
| "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978", |
| "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup", |
| "*SSL3*":"NSS disables SSLv3", |
| "*SSLv3*":"NSS disables SSLv3", |
| "*AES256*":"Inconsistent support for AES256", |
| "*AES128-SHA256*":"No support for Suite B ciphers", |
| "DuplicateExtension*":"NSS sends unexpected_extension alert", |
| "WeakDH":"NSS supports 768-bit DH", |
| "SillyDH":"NSS supports 4097-bit DH", |
| "SendWarningAlerts":"This appears to be Boring-specific", |
| "TLS12-AES128-GCM-client":"Bug 1292895", |
| "*TLS12-AES128-GCM-LargeRecord*":"Bug 1292895", |
| "Renegotiate-Client-Forbidden-1":"Bug 1292898", |
| "Renegotiate-Server-Forbidden":"NSS doesn't disable renegotiation by default", |
| "Renegotiate-Client-NoIgnore":"NSS doesn't disable renegotiation by default", |
| "StrayHelloRequest*":"NSS doesn't disable renegotiation by default", |
| "NoSupportedCurves-TLS13":"wanted SSL_ERROR_NO_CYPHER_OVERLAP, got missing extension error", |
| "FragmentedClientVersion":"received a malformed Client Hello handshake message", |
| "WrongMessageType-TLS13-EncryptedExtensions":"Boring expects CCS (Bugs 1481209, 1304603)", |
| "TrailingMessageData-TLS13-EncryptedExtensions":"Boring expects CCS (Bugs 1481209, 1304603)", |
| "UnofferedExtension-Client-TLS13":"Boring expects CCS (Bugs 1481209, 1304603)", |
| "UnknownExtension-Client-TLS13":"Boring expects CCS (Bugs 1481209, 1304603)", |
| "WrongMessageType-TLS13-CertificateRequest":"Boring expects CCS (Bugs 1481209, 1304603)", |
| "WrongMessageType-TLS13-ServerCertificateVerify":"Boring expects CCS (Bugs 1481209, 1304603)", |
| "WrongMessageType-TLS13-ServerCertificate":"Boring expects CCS (Bugs 1481209, 1304603)", |
| "WrongMessageType-TLS13-ServerFinished":"Boring expects CCS (Bugs 1481209, 1304603)", |
| "TrailingMessageData-*": "Bug 1304575", |
| "DuplicateKeyShares":"Bug 1304578", |
| "Resume-Server-TLS13-TLS13":"Bug 1314351", |
| "SkipEarlyData-Interleaved":"Bug 1336916", |
| "ECDSAKeyUsage-TLS1*":"Bug 1338194", |
| "PointFormat-Client-MissingUncompressed":"We ignore ec_point_formats extensions sent by servers.", |
| "SkipEarlyData-SecondClientHelloEarlyData":"Boring doesn't reject early_data in the 2nd CH but fails later with bad_record_mac.", |
| "SkipEarlyData-*TooMuchData":"Bug 1339373", |
| "UnsolicitedServerNameAck-TLS1*":"Boring wants us to fail with an unexpected_extension alert, we simply ignore ssl_server_name_xtn.", |
| "RequireAnyClientCertificate-TLS1*":"Bug 1339387", |
| "SendExtensionOnClientCertificate-TLS13":"Bug 1339392", |
| "ALPNClient-Mismatch-TLS13":"NSS sends alerts in response to errors in protected handshake messages in the clear", |
| "P224-Server":"NSS doesn't support P-224", |
| "ClientAuth-SHA1-Fallback*":"Boring wants us to fall back to SHA-1 if supported_signature_algorithms in CR is empty." |
| }, |
| "ErrorMap" : { |
| ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP", |
| ":UNKNOWN_CIPHER_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP", |
| ":OLD_SESSION_CIPHER_NOT_RETURNED:":"SSL_ERROR_RX_MALFORMED_SERVER_HELLO", |
| ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP", |
| ":DIGEST_CHECK_FAILED:":"SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE" |
| } |
| } |