diff --git a/bogo/config.json b/bogo/config.json index ab8ccfc7..cd5981cd 100644 --- a/bogo/config.json +++ b/bogo/config.json @@ -34,20 +34,27 @@ "SendHelloRetryRequest-2-TLS13": "we accept any supported keyshare", "OmitExtensions-ServerHello-TLS12": "bug in bogo if sct offered", "EmptyExtensions-ServerHello-TLS12": "", + "Server-JDK11*": "workarounds for oracle engineering quality", + "Client-RejectJDK11DowngradeRandom": "", "CBCRecordSplitting*": "insane ciphersuites", "*CBCPadding*": "", "RSAEphemeralKey": "", "BadRSAClientKeyExchange-*": "", "SendClientVersion-RSA": "", "Basic-Server-RSA-*": "", + "RSAKeyUsage-*": "", "*-3DES-*": "", + "*-RSA_WITH_3DES_EDE_CBC_SHA-*": "", "*-AES128-SHA*": "", "*-AES256-SHA*": "", - "*-ECDSA-SHA1-*": "no ecdsa-sha1", - "*-Sign-RSA-PKCS1-SHA1-*": "no sha1", - "*-P-224-*": "no p224", - "*-P224-*": "", - "*-P521-*": "no p521", + "*_WITH_AES_128_CBC_*": "", + "*_WITH_AES_256_CBC_*": "", + "*-ECDSA_SHA1-*": "no ecdsa-sha1", + "*-Sign-RSA_PKCS1_SHA1-*": "no sha1", + "*-VerifyDefault-RSA_PKCS1_SHA1-*": "no sha1", + "*_P224_*": "no p224", + "*-P-224-*": "", + "*_P521_*": "no p521", "CurveTest-Client-P-521-TLS12": "", "CurveTest-Server-P-521-TLS12": "", "CurveTest-Client-Compressed-P-521-TLS12": "", @@ -60,8 +67,15 @@ "*-Ed25519-*": "", "GREASE-*": "not implemented", "LargeMessage-Reject": "", + "DelegatedCredentials-*": "not implemented", + "CECPQ2*": "no PQC experiments", + "*CECPQ2*": "", + "KeyUpdate-FromClient": "not implemented (no API yet)", + "KeyUpdate-FromServer": "", + "ExportTrafficSecrets-*": "", "SkipEarlyData*": "no 0rtt support", "TLS13-DuplicateTicketEarlyDataInfo": "", + "TLS13-DuplicateTicketEarlyDataSupport": "", "*-InvalidSignature-*-SHA1-*": "no sha1", "NoCommonCurves": "nothing to fall back to", "ClientHelloPadding": "hello padding extension not implemented", @@ -70,12 +84,18 @@ "RSA-PSS-Large": "", "TLS12-AES128-GCM-*": "no pfs", "TLS12-AES256-GCM-*": "", + "*-RSA_WITH_AES_128_GCM_SHA256-*": "", + "*-RSA_WITH_AES_256_GCM_SHA384-*": "", + "*-RSA_WITH_AES_128_CBC_SHA-*": "", + "*-RSA_WITH_AES_256_CBC_SHA-*": "", "OmitExtensions-ClientHello-TLS12": "", "EmptyExtensions-ClientHello-TLS12": "", + "Resume-Server-OmitPSKsOnSecondClientHello": "not required by RFC", "FallbackSCSV*": "fallback countermeasure not yet implemented", "RequireAnyClientCertificate-TLS12": "we don't send an alert in this case", "TooManyKeyUpdates": "no limit implemented", "TooManyChangeCipherSpec-*": "", + "SendUserCanceledAlerts-TooMany-TLS13": "", "ServerBogusVersion": "we ignore legacy_version if there's an extension", "Renegotiate-Client-*": "no reneg", "Shutdown-Shim-Renegotiate-*": "", @@ -90,7 +110,10 @@ "Draft-Downgrade-Server": "not implemented; TODO", "EarlyData-*ALPN*-*": "no alpn change in resumed sessions", "*EarlyKeyingMaterial-Client-*": "early exporter NYI", - "QUICTransportParams-*": "Bogo assumes this can be tested over TLS1.3 framing" + "QUICTransportParams-*": "Bogo assumes this can be tested over TLS1.3 framing", + "*-QUIC-*" :"", + "QUIC-*": "", + "*-QUIC": "" }, "ErrorMap": { ":HTTP_REQUEST:": ":GARBAGE:", @@ -110,26 +133,28 @@ "NoSharedCipher-TLS13": ":HANDSHAKE_FAILURE:", "InvalidECDHPoint-Client": ":PEER_MISBEHAVIOUR:", "InvalidECDHPoint-Server": ":PEER_MISBEHAVIOUR:", - "TrailingMessageData-ClientHello": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-ServerHello": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-ServerCertificate": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-CertificateRequest": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-ClientCertificate": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-CertificateVerify": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-NewSessionTicket": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-ServerHelloDone": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-ServerKeyExchange": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-ClientKeyExchange": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-CertificateStatus": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-TLS13-ClientHello": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-TLS13-ServerHello": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-TLS13-EncryptedExtensions": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-TLS13-CertificateRequest": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-TLS13-ServerCertificate": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-TLS13-ServerCertificateVerify": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-TLS13-ServerFinished": ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", - "TrailingMessageData-TLS13-ClientCertificate": ":BAD_HANDSHAKE_MSG:", - "TrailingMessageData-TLS13-ClientCertificateVerify": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-ClientHello-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-ServerHello-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-ServerCertificate-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-CertificateRequest-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-ClientCertificate-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-CertificateVerify-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-NewSessionTicket-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-ServerHelloDone-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-ServerKeyExchange-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-ClientKeyExchange-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-CertificateStatus-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-TLS13-ClientHello-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-TLS13-ServerHello-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-TLS13-EncryptedExtensions-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-TLS13-CertificateRequest-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-TLS13-ServerCertificate-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-TLS13-ServerCertificateVerify-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-TLS13-ServerFinished-TLS": ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", + "TrailingMessageData-TLS13-ClientCertificate-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingMessageData-TLS13-ClientCertificateVerify-TLS": ":BAD_HANDSHAKE_MSG:", + "TrailingDataWithFinished-Server-TLS13": ":PEER_MISBEHAVIOUR:", + "TrailingDataWithFinished-Resume-Server-TLS13": ":PEER_MISBEHAVIOUR:", "MissingKeyShare-Client-TLS13": ":PEER_MISBEHAVIOUR:", "MissingKeyShare-Server-TLS13": ":INCOMPATIBLE:", "EmptyEncryptedExtensions-TLS13": ":BAD_HANDSHAKE_MSG:", @@ -157,53 +182,62 @@ "TLS13-AES128-GCM-client": ":PEER_MISBEHAVIOUR:", "TLS13-AES256-GCM-server": ":INCOMPATIBLE:", "TLS13-AES256-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13-ECDHE-ECDSA-AES128-GCM-server": ":INCOMPATIBLE:", - "TLS13-ECDHE-ECDSA-AES128-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13-ECDHE-ECDSA-AES256-GCM-server": ":INCOMPATIBLE:", - "TLS13-ECDHE-ECDSA-AES256-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13-ECDHE-ECDSA-CHACHA20-POLY1305-server": ":INCOMPATIBLE:", - "TLS13-ECDHE-ECDSA-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:", - "TLS13-ECDHE-RSA-AES128-GCM-server": ":INCOMPATIBLE:", - "TLS13-ECDHE-RSA-AES128-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13-ECDHE-RSA-AES256-GCM-server": ":INCOMPATIBLE:", - "TLS13-ECDHE-RSA-AES256-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13-ECDHE-RSA-CHACHA20-POLY1305-server": ":INCOMPATIBLE:", - "TLS13-ECDHE-RSA-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:", - "TLS12-AEAD-CHACHA20-POLY1305-server": ":INCOMPATIBLE:", - "TLS12-AEAD-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:", - "TLS12-AEAD-AES128-GCM-SHA256-server": ":INCOMPATIBLE:", - "TLS12-AEAD-AES128-GCM-SHA256-client": ":PEER_MISBEHAVIOUR:", - "TLS12-AEAD-AES256-GCM-SHA384-server": ":INCOMPATIBLE:", - "TLS12-AEAD-AES256-GCM-SHA384-client": ":PEER_MISBEHAVIOUR:", + "TLS-TLS13-ECDHE_ECDSA_WITH_AES_128_GCM_SHA256-server": ":INCOMPATIBLE:", + "TLS-TLS13-ECDHE_ECDSA_WITH_AES_128_GCM_SHA256-client": ":PEER_MISBEHAVIOUR:", + "TLS-TLS13-ECDHE_ECDSA_WITH_AES_256_GCM_SHA384-server": ":INCOMPATIBLE:", + "TLS-TLS13-ECDHE_ECDSA_WITH_AES_256_GCM_SHA384-client": ":PEER_MISBEHAVIOUR:", + "TLS-TLS13-ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256-server": ":INCOMPATIBLE:", + "TLS-TLS13-ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256-client": ":PEER_MISBEHAVIOUR:", + "TLS-TLS13-ECDHE_RSA_WITH_AES_128_GCM_SHA256-server": ":INCOMPATIBLE:", + "TLS-TLS13-ECDHE_RSA_WITH_AES_128_GCM_SHA256-client": ":PEER_MISBEHAVIOUR:", + "TLS-TLS13-ECDHE_RSA_WITH_AES_256_GCM_SHA384-server": ":INCOMPATIBLE:", + "TLS-TLS13-ECDHE_RSA_WITH_AES_256_GCM_SHA384-client": ":PEER_MISBEHAVIOUR:", + "TLS-TLS13-ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256-server": ":INCOMPATIBLE:", + "TLS-TLS13-ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256-client": ":PEER_MISBEHAVIOUR:", + "TLS-TLS12-CHACHA20_POLY1305_SHA256-server": ":INCOMPATIBLE:", + "TLS-TLS12-CHACHA20_POLY1305_SHA256-client": ":PEER_MISBEHAVIOUR:", + "TLS-TLS12-AES_128_GCM_SHA256-server": ":INCOMPATIBLE:", + "TLS-TLS12-AES_128_GCM_SHA256-client": ":PEER_MISBEHAVIOUR:", + "TLS-TLS12-AES_256_GCM_SHA384-server": ":INCOMPATIBLE:", + "TLS-TLS12-AES_256_GCM_SHA384-client": ":PEER_MISBEHAVIOUR:", "SkipHelloRetryRequest-TLS13": ":PEER_MISBEHAVIOUR:", "NoSupportedVersions": ":INCOMPATIBLE:", - "ClientAuth-Verify-RSA-PKCS1-SHA1-TLS12": ":PEER_ALERT_INTERNAL_ERROR:", - "ServerAuth-Verify-RSA-PKCS1-SHA1-TLS12": ":HANDSHAKE_FAILURE:", - "ClientAuth-Verify-RSA-PKCS1-SHA1-TLS13": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Verify-RSA-PKCS1-SHA1-TLS13": ":PEER_MISBEHAVIOUR:", - "ClientAuth-Verify-RSA-PKCS1-SHA256-TLS13": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Verify-RSA-PKCS1-SHA256-TLS13": ":PEER_MISBEHAVIOUR:", - "ClientAuth-Verify-RSA-PKCS1-SHA384-TLS13": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Verify-RSA-PKCS1-SHA384-TLS13": ":PEER_MISBEHAVIOUR:", - "ClientAuth-Verify-RSA-PKCS1-SHA512-TLS13": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Verify-RSA-PKCS1-SHA512-TLS13": ":PEER_MISBEHAVIOUR:", + "Client-VerifyDefault-RSA_PKCS1_SHA1-TLS12": ":PEER_ALERT_INTERNAL_ERROR:", + "Server-VerifyDefault-RSA_PKCS1_SHA1-TLS12": ":HANDSHAKE_FAILURE:", + "Client-VerifyDefault-RSA_PKCS1_SHA1-TLS13": ":PEER_MISBEHAVIOUR:", + "Server-VerifyDefault-RSA_PKCS1_SHA1-TLS13": ":PEER_MISBEHAVIOUR:", + "Client-VerifyDefault-RSA_PKCS1_SHA256-TLS13": ":PEER_MISBEHAVIOUR:", + "Server-VerifyDefault-RSA_PKCS1_SHA256-TLS13": ":PEER_MISBEHAVIOUR:", + "Client-VerifyDefault-RSA_PKCS1_SHA384-TLS13": ":PEER_MISBEHAVIOUR:", + "Server-VerifyDefault-RSA_PKCS1_SHA384-TLS13": ":PEER_MISBEHAVIOUR:", + "Client-VerifyDefault-RSA_PKCS1_SHA512-TLS13": ":PEER_MISBEHAVIOUR:", + "Server-VerifyDefault-RSA_PKCS1_SHA512-TLS13": ":PEER_MISBEHAVIOUR:", "ClientAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12": ":PEER_MISBEHAVIOUR:", "ServerAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Sign-RSA-PKCS1-SHA256-TLS13": ":INCOMPATIBLE:", - "ServerAuth-Sign-RSA-PKCS1-SHA384-TLS13": ":INCOMPATIBLE:", - "ServerAuth-Sign-RSA-PKCS1-SHA512-TLS13": ":INCOMPATIBLE:", - "ClientAuth-Sign-RSA-PKCS1-SHA256-TLS13": ":INCOMPATIBLE:", - "ClientAuth-Sign-RSA-PKCS1-SHA384-TLS13": ":INCOMPATIBLE:", - "ClientAuth-Sign-RSA-PKCS1-SHA512-TLS13": ":INCOMPATIBLE:", + "Server-Sign-RSA_PKCS1_SHA256-TLS13": ":INCOMPATIBLE:", + "Server-Sign-RSA_PKCS1_SHA384-TLS13": ":INCOMPATIBLE:", + "Server-Sign-RSA_PKCS1_SHA512-TLS13": ":INCOMPATIBLE:", + "Client-Sign-RSA_PKCS1_SHA256-TLS13": ":INCOMPATIBLE:", + "Client-Sign-RSA_PKCS1_SHA384-TLS13": ":INCOMPATIBLE:", + "Client-Sign-RSA_PKCS1_SHA512-TLS13": ":INCOMPATIBLE:", "ALPNClient-EmptyProtocolName-TLS13": ":PEER_MISBEHAVIOUR:", "ALPNServer-EmptyProtocolName-TLS13": ":PEER_MISBEHAVIOUR:", "ALPNClient-RejectUnknown-TLS13": ":PEER_MISBEHAVIOUR:", + "ClientAuth-NoFallback-RSA": ":BAD_HANDSHAKE_MSG:", + "ClientAuth-NoFallback-ECDSA": ":BAD_HANDSHAKE_MSG:", "ClientAuth-NoFallback-TLS13": ":BAD_HANDSHAKE_MSG:", "ServerAuth-NoFallback-TLS13": ":INCOMPATIBLE:", "ClientAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:", "ServerAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:", "SecondClientHelloWrongCurve-TLS13": ":PEER_MISBEHAVIOUR:", "SecondClientHelloMissingKeyShare-TLS13": ":INCOMPATIBLE:", + "Resume-Server-BinderWrongLength-SecondBinder": ":PEER_MISBEHAVIOUR:", + "Resume-Server-NoPSKBinder-SecondBinder": ":PEER_MISBEHAVIOUR:", + "Resume-Server-ExtraPSKBinder-SecondBinder": ":PEER_MISBEHAVIOUR:", + "Resume-Server-ExtraIdentityNoBinder-SecondBinder": ":PEER_MISBEHAVIOUR:", + "Resume-Server-InvalidPSKBinder-SecondBinder": ":PEER_MISBEHAVIOUR:", + "Resume-Server-PSKBinderFirstExtension-SecondBinder": ":PEER_MISBEHAVIOUR:", + "Resume-Server-OmitPSKsOnSecondClientHello": ":PEER_MISBEHAVIOUR:", "Resume-Server-BinderWrongLength": ":PEER_MISBEHAVIOUR:", "Resume-Server-NoPSKBinder": ":PEER_MISBEHAVIOUR:", "Resume-Server-ExtraPSKBinder": ":PEER_MISBEHAVIOUR:", @@ -211,8 +245,8 @@ "Resume-Server-InvalidPSKBinder": ":PEER_MISBEHAVIOUR:", "Resume-Server-PSKBinderFirstExtension": ":PEER_MISBEHAVIOUR:", "Resume-Client-PRFMismatch-TLS13": ":PEER_MISBEHAVIOUR:", - "Resume-Client-Mismatch-TLS12-TLS13": ":PEER_MISBEHAVIOUR:", - "Resume-Client-Mismatch-TLS13-TLS12": ":PEER_MISBEHAVIOUR:", + "Resume-Client-Mismatch-TLS12-TLS13-TLS": ":PEER_MISBEHAVIOUR:", + "Resume-Client-Mismatch-TLS13-TLS12-TLS": ":PEER_MISBEHAVIOUR:", "NoSupportedCurves-TLS13": ":INCOMPATIBLE:", "BadECDHECurve-TLS13": ":PEER_MISBEHAVIOUR:", "InvalidECDHPoint-Client-TLS13": ":PEER_MISBEHAVIOUR:", @@ -236,10 +270,35 @@ "HelloRetryRequest-Empty-TLS13": ":PEER_MISBEHAVIOUR:", "HelloRetryRequest-EmptyCookie-TLS13": ":PEER_MISBEHAVIOUR:", "HelloRetryRequest-Unknown-TLS13": ":INCOMPATIBLE:", - "MinimumVersion-Client-TLS13-TLS12": ":INCOMPATIBLE:", - "MinimumVersion-Client2-TLS13-TLS12": ":INCOMPATIBLE:", - "MinimumVersion-Server-TLS13-TLS12": ":INCOMPATIBLE:", - "MinimumVersion-Server2-TLS13-TLS12": ":INCOMPATIBLE:", + "TrailingDataWithFinished-Client-TLS12": ":PEER_MISBEHAVIOUR:", + "TrailingDataWithFinished-Resume-Client-TLS12": ":PEER_MISBEHAVIOUR:", + "TrailingDataWithFinished-Server-TLS12": ":PEER_MISBEHAVIOUR:", + "TrailingDataWithFinished-Resume-Server-TLS12": ":PEER_MISBEHAVIOUR:", + "TrailingDataWithFinished-Client-TLS13": ":PEER_MISBEHAVIOUR:", + "TrailingDataWithFinished-Server-TLS13": ":PEER_MISBEHAVIOUR:", + "TrailingDataWithFinished-Resume-Client-TLS13": ":PEER_MISBEHAVIOUR:", + "TrailingDataWithFinished-Resume-Server-TLS13": ":PEER_MISBEHAVIOUR:", + "PartialSecondClientHelloAfterFirst": ":PEER_MISBEHAVIOUR:", + "PartialClientFinishedWithSecondClientHello": ":PEER_MISBEHAVIOUR:", + "PartialClientFinishedWithClientHello-TLS12-Resume": ":PEER_MISBEHAVIOUR:", + "PartialServerHelloWithHelloRetryRequest": ":PEER_MISBEHAVIOUR:", + "PartialNewSessionTicketWithServerHelloDone": ":PEER_MISBEHAVIOUR:", + "FragmentAcrossChangeCipherSpec-Client": ":PEER_MISBEHAVIOUR:", + "FragmentAcrossChangeCipherSpec-Server-Packed": ":PEER_MISBEHAVIOUR:", + "FragmentAcrossChangeCipherSpec-Client-Resume-Packed": ":PEER_MISBEHAVIOUR:", + "FragmentAcrossChangeCipherSpec-Client-Resume": ":PEER_MISBEHAVIOUR:", + "FragmentAcrossChangeCipherSpec-Server-Resume": ":PEER_MISBEHAVIOUR:", + "FragmentAcrossChangeCipherSpec-Server": ":PEER_MISBEHAVIOUR:", + "FragmentAcrossChangeCipherSpec-Client-Packed": ":PEER_MISBEHAVIOUR:", + "FragmentAcrossChangeCipherSpec-Server-Resume-Packed": ":PEER_MISBEHAVIOUR:", + "PartialFinishedWithServerHelloDone": ":PEER_MISBEHAVIOUR:", + "PartialClientFinishedWithClientHello-TLS12-Resume": ":PEER_MISBEHAVIOUR:", + "UnsupportedCurve-ServerHello-TLS13": ":PEER_MISBEHAVIOUR:", + "PartialClientKeyExchangeWithClientHello": ":PEER_MISBEHAVIOUR:", + "MinimumVersion-Client-TLS13-TLS12-TLS": ":INCOMPATIBLE:", + "MinimumVersion-Client2-TLS13-TLS12-TLS": ":INCOMPATIBLE:", + "MinimumVersion-Server-TLS13-TLS12-TLS": ":INCOMPATIBLE:", + "MinimumVersion-Server2-TLS13-TLS12-TLS": ":INCOMPATIBLE:", "DuplicateKeyShares-TLS13": ":PEER_MISBEHAVIOUR:", "PartialEncryptedExtensionsWithServerHello": ":PEER_MISBEHAVIOUR:", "PartialClientFinishedWithClientHello": ":PEER_MISBEHAVIOUR:", @@ -284,13 +343,17 @@ "CurveTest-Server-Compressed-P-384-TLS12": ":PEER_MISBEHAVIOUR:", "CurveTest-Client-Compressed-P-384-TLS13": ":PEER_MISBEHAVIOUR:", "CurveTest-Server-Compressed-P-384-TLS13": ":PEER_MISBEHAVIOUR:", + "Client-Sign-RSA_PKCS1_SHA512-TLS13": ":INCOMPATIBLE:", "ExtendedMasterSecret-NoToYes-Client": ":PEER_MISBEHAVIOUR:", "ExtendedMasterSecret-YesToNo-Server": ":PEER_MISBEHAVIOUR:", "ExtendedMasterSecret-YesToNo-Client": ":PEER_MISBEHAVIOUR:", "ServerAcceptsEarlyDataOnHRR-Client-TLS13": ":PEER_MISBEHAVIOUR:", "Downgrade-TLS12-Client": ":PEER_MISBEHAVIOUR:", + "Downgrade-TLS10-Client": ":HANDSHAKE_FAILURE:", + "Downgrade-TLS10-Server": ":INCOMPATIBLE:", "SecondServerHelloNoVersion-TLS13": ":PEER_MISBEHAVIOUR:", "SecondServerHelloWrongVersion-TLS13": ":INCOMPATIBLE:", + "EarlyData-CipherMismatch-Client-TLS13": ":PEER_MISBEHAVIOUR:", "EarlyDataVersionDowngrade-Client-TLS13": ":WRONG_VERSION:", "EarlyDataWithoutResume-Client-TLS13": ":PEER_MISBEHAVIOUR:", "EarlyDataVersionDowngrade-Client-TLS13": ":PEER_MISBEHAVIOUR:" @@ -299,7 +362,11 @@ "SendServerHelloAsHelloRetryRequest": "remote error: error decoding message", "GarbageCertificate-Server-TLS12": "remote error: access denied", "GarbageCertificate-Server-TLS13": "remote error: access denied", - "ClientAuth-Verify-RSA-PKCS1-SHA1-TLS12": "tls: no common signature algorithms", - "ServerAuth-Verify-RSA-PKCS1-SHA1-TLS12": "tls: no common signature algorithms" + "Client-VerifyDefault-RSA_PKCS1_SHA1-TLS12": "tls: no common signature algorithms", + "Server-VerifyDefault-RSA_PKCS1_SHA1-TLS12": "tls: no common signature algorithms", + "Downgrade-TLS10-Client": "tls: no cipher suite supported by both client and server", + "Downgrade-TLS10-Server": "remote error: protocol version not supported", + "TrailingDataWithFinished-Client-TLS13": "local error: bad record MAC", + "TrailingDataWithFinished-Resume-Client-TLS13": "local error: bad record MAC" } } diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 7e332fa2..cab951a8 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -716,6 +716,9 @@ fn main() { "-expect-signed-cert-timestamps" | "-expect-certificate-types" | "-expect-client-ca-list" | + "-on-retry-expect-early-data-reason" | + "-on-resume-expect-early-data-reason" | + "-on-initial-expect-early-data-reason" | "-handshaker-path" | "-expect-msg-callback" => { println!("not checking {} {}; NYI", arg, args.remove(0)); @@ -724,6 +727,11 @@ fn main() { "-expect-secure-renegotiation" | "-expect-no-session-id" | "-enable-ed25519" | + "-expect-hrr" | + "-expect-no-hrr" | + "-on-resume-expect-no-offer-early-data" | + "-key-update" | //< we could implement an API for this + "-expect-tls13-downgrade" | "-expect-session-id" => { println!("not checking {}; NYI", arg); } @@ -744,7 +752,7 @@ fn main() { opts.quic_transport_params = base64::decode(args.remove(0).as_bytes()) .expect("invalid base64"); } - "-expected-quic-transport-params" => { + "-expect-quic-transport-params" => { opts.expect_quic_transport_params = base64::decode(args.remove(0).as_bytes()) .expect("invalid base64"); } @@ -804,10 +812,25 @@ fn main() { "-expect-ticket-supports-early-data" => { opts.expect_ticket_supports_early_data = true; } - "-expect-accept-early-data" => { + "-expect-accept-early-data" | + "-on-resume-expect-accept-early-data" => { opts.expect_accept_early_data = true; } - "-expect-reject-early-data" => { + "-expect-early-data-reason" | + "-on-resume-expect-reject-early-data-reason" => { + let reason = args.remove(0); + match reason.as_str() { + "disabled" | "protocol_version" => { + opts.expect_reject_early_data = true; + } + _ => { + println!("NYI early data reason: {}", reason); + process::exit(1); + } + } + } + "-expect-reject-early-data" | + "-on-resume-expect-reject-early-data" => { opts.expect_reject_early_data = true; } "-expect-version" => { @@ -855,6 +878,7 @@ fn main() { "-use-exporter-between-reads" | "-ticket-key" | "-tls-unique" | + "-curves" | "-enable-server-custom-extension" | "-enable-client-custom-extension" | "-expect-dhe-group-size" | @@ -881,6 +905,7 @@ fn main() { "-on-resume-read-with-unfinished-write" | "-expect-peer-cert-file" | "-no-rsa-pss-rsae-certs" | + "-ignore-tls13-downgrade" | "-on-initial-expect-peer-cert-file" => { println!("NYI option {:?}", arg); process::exit(BOGO_NACK);