mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
212bbb2c77
Adds support for server-side ECH. We make a couple of implementation decisions that are not completely in-line with the spec. In particular, we don't enforce that the SNI matches the ECHConfig public_name, and we implement a hybrid shared/backend mode (rather than shared or split mode, as described in Section 7). Both of these match the behavior of BoringSSL. The hybrid server mode will either act as a shared mode server, where-in the server accepts "outer" client hellos and unwraps them before processing the "inner" hello, or accepts bare "inner" hellos initially. This lets the server operate either transparently as a shared mode server, or a backend server, in Section 7 terminology. This seems like the best implementation choice for a TLS library. Fixes #68500 Change-Id: Ife69db7c1886610742e95e76b0ca92587e6d7ed4 Reviewed-on: https://go-review.googlesource.com/c/go/+/623576 Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
243 lines
20 KiB
JSON
243 lines
20 KiB
JSON
{
|
|
"DisabledTests": {
|
|
"*-Async": "We don't support boringssl concept of async",
|
|
|
|
"TLS-ECH-Client-Reject-NoClientCertificate-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Reject-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12-RejectRetryConfigs": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Rejected-OverrideName-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Reject-TLS12-NoFalseStart": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12SessionTicket": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12SessionID": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
|
|
"TLS-ECH-Client-Reject-ResumeInnerSession-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled (we could possibly test this if we had the ability to indicate not to send ECH on resumption?)",
|
|
|
|
"TLS-ECH-Client-Reject-EarlyDataRejected": "Go does not support early (0-RTT) data",
|
|
|
|
"TLS-ECH-Client-NoNPN": "We don't support NPN",
|
|
|
|
"TLS-ECH-Client-ChannelID": "We don't support sending channel ID",
|
|
"TLS-ECH-Client-Reject-NoChannelID-TLS13": "We don't support sending channel ID",
|
|
"TLS-ECH-Client-Reject-NoChannelID-TLS12": "We don't support sending channel ID",
|
|
|
|
"TLS-ECH-Client-GREASE-IgnoreHRRExtension": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-NoSupportedConfigs-GREASE": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-GREASEExtensions": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-GREASE-NoOverrideName": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
|
|
"TLS-ECH-Client-UnsolicitedInnerServerNameAck": "We don't allow sending empty SNI without skipping certificate verification, TODO: could add special flag to bogo to indicate 'empty sni'",
|
|
|
|
"TLS-ECH-Client-NoSupportedConfigs": "We don't support fallback to cleartext when there are no valid ECH configs",
|
|
"TLS-ECH-Client-SkipInvalidPublicName": "We don't support fallback to cleartext when there are no valid ECH configs",
|
|
|
|
"TLS-ECH-Server-EarlyData": "Go does not support early (0-RTT) data",
|
|
"TLS-ECH-Server-EarlyDataRejected": "Go does not support early (0-RTT) data",
|
|
|
|
"CurveTest-Client-Kyber-TLS13": "Temporarily disabled since the curve ID is not exposed and it cannot be correctly configured",
|
|
"CurveTest-Server-Kyber-TLS13": "Temporarily disabled since the curve ID is not exposed and it cannot be correctly configured",
|
|
|
|
"SendV2ClientHello*": "We don't support SSLv2",
|
|
"*QUIC*": "No QUIC support",
|
|
"Compliance-fips*": "No FIPS",
|
|
"*DTLS*": "No DTLS",
|
|
"SendEmptyRecords*": "crypto/tls doesn't implement spam protections",
|
|
"SendWarningAlerts*": "crypto/tls doesn't implement spam protections",
|
|
"TooManyKeyUpdates": "crypto/tls doesn't implement spam protections (TODO: I think?)",
|
|
"KyberNotEnabledByDefaultInClients": "crypto/tls intentionally enables it",
|
|
"JustConfiguringKyberWorks": "we always send a X25519 key share with Kyber",
|
|
"KyberKeyShareIncludedSecond": "we always send the Kyber key share first",
|
|
"KyberKeyShareIncludedThird": "we always send the Kyber key share first",
|
|
"SkipNewSessionTicket": "TODO confusing? maybe bug",
|
|
"SendUserCanceledAlerts*": "TODO may be a real bug?",
|
|
"GREASE-Server-TLS13": "TODO ???",
|
|
"GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
|
|
"SendBogusAlertType": "sending wrong alert type",
|
|
"EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",
|
|
"*Client-P-224*": "no P-224 support",
|
|
"*Server-P-224*": "no P-224 support",
|
|
"CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
|
|
"CheckLeafCurve": "TODO: first pass, this should be fixed",
|
|
"DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnsupportedCurve": "TODO: first pass, this should be fixed",
|
|
"SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
|
|
"NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
|
|
"KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
|
|
"TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
|
|
"InvalidCompressionMethod": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed",
|
|
"ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed",
|
|
"MinorVersionTolerance": "TODO: first pass, this should be fixed",
|
|
"IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
|
|
"SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
|
|
"MajorVersionTolerance": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed",
|
|
"EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnsolicitedOCSPOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnsolicitedSCTOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnknownExtensionOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS1-TLS1-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS11-TLS11-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS12-TLS12-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoPSKBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-PSKBinderFirstExtension": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-PSKBinderFirstExtension-SecondBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoPSKBinder-SecondBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-OmitPSKsOnSecondClientHello": "TODO: first pass, this should be fixed",
|
|
"Renegotiate-Server-Forbidden": "TODO: first pass, this should be fixed",
|
|
"Renegotiate-Client-Forbidden-1": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA1-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA256-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA384-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA512-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-ECDSA_SHA1-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-ECDSA_P224_SHA256-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-ECDSA": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-RSA": "TODO: first pass, this should be fixed",
|
|
"ECDSACurveMismatch-Verify-TLS13": "TODO: first pass, this should be fixed",
|
|
"Ed25519DefaultDisable-NoAdvertise": "TODO: first pass, this should be fixed",
|
|
"Ed25519DefaultDisable-NoAccept": "TODO: first pass, this should be fixed",
|
|
"NoCommonSignatureAlgorithms-TLS12-Fallback": "TODO: first pass, this should be fixed",
|
|
"UnknownExtension-Client": "TODO: first pass, this should be fixed",
|
|
"UnknownUnencryptedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnofferedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnknownExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendClientVersion-RSA": "TODO: first pass, this should be fixed",
|
|
"NoCommonCurves": "TODO: first pass, this should be fixed",
|
|
"PointFormat-EncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
|
|
"PointFormat-Client-MissingUncompressed": "TODO: first pass, this should be fixed",
|
|
"TLS13-SendNoKEMModesWithPSK-Server": "TODO: first pass, this should be fixed",
|
|
"TLS13-DuplicateTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"PartialSecondClientHelloAfterFirst": "TODO: first pass, this should be fixed",
|
|
"PartialServerHelloWithHelloRetryRequest": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS1": "TODO: first pass, this should be fixed",
|
|
"PartialClientKeyExchangeWithClientHello": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"PartialNewSessionTicketWithServerHelloDone": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerHelloDone-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerKeyExchange-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-CertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerFinished-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientKeyExchange-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientFinished-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-NewSessionTicket-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ServerCertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-EncryptedExtensions-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"ResumeTLS12SessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"SkipEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed",
|
|
"Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-TooLongSessionID": "TODO: first pass, this should be fixed",
|
|
"Client-ShortSessionID": "TODO: first pass, this should be fixed",
|
|
"TLS12NoSessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"Server-TooLongSessionID-TLS12": "TODO: first pass, this should be fixed",
|
|
"EmptyEncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
|
|
"SkipEarlyData-SecondClientHelloEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"EncryptedExtensionsWithKeyShare-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-DuplicateCurve-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-DuplicateCookie-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-Unknown-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendPostHandshakeChangeCipherSpec-TLS13": "TODO: first pass, this should be fixed",
|
|
"ECDSAKeyUsage-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"ECDSAKeyUsage-Server-TLS13": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS13": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS13": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateCertCompressionExt-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateCertCompressionExt-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-RejectJDK11DowngradeRandom": "TODO: first pass, this should be fixed",
|
|
"CheckClientCertificateTypes": "TODO: first pass, this should be fixed",
|
|
"CheckECDSACurve-TLS12": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientHelloPadding": "TODO: first pass, this should be fixed",
|
|
"TLS13-ExpectTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"WrongMessageType-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
|
|
"SendHelloRetryRequest-2-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-SkipEndOfEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-Server-BadFinished-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-UnexpectedHandshake-Server-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-CipherMismatch-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-UnofferedCipher-TLS13": "TODO: first pass, this should be fixed"
|
|
},
|
|
"AllCurves": [
|
|
23,
|
|
24,
|
|
25,
|
|
29
|
|
]
|
|
}
|