mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-02 03:27:35 +03:00
77ea502eee
This makes three related changes that work particularly well together and would require significant extra work to do separately: it replaces X25519Kyber768Draft00 with X25519MLKEM768, it makes CurvePreferences ordering crypto/tls-selected, and applies a preference to PQ key exchange methods over key shares (to mitigate downgrades). TestHandshakeServerUnsupportedKeyShare was removed because we are not rejecting unsupported key shares anymore (nor do we select them, and rejecting them actively is a MAY). It would have been nice to keep the test to check we still continue successfully, but testClientHelloFailure is broken in the face of any server-side behavior which requires writing any other messages back to the client, or reading them. Updates #69985 Fixes #69393 Change-Id: I58de76f5b8742a9bd4543fd7907c48e038507b19 Reviewed-on: https://go-review.googlesource.com/c/go/+/630775 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
250 lines
20 KiB
JSON
250 lines
20 KiB
JSON
{
|
|
"DisabledTests": {
|
|
"*-Async": "We don't support boringssl concept of async",
|
|
|
|
"TLS-ECH-Client-Reject-NoClientCertificate-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Reject-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12-RejectRetryConfigs": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Rejected-OverrideName-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Reject-TLS12-NoFalseStart": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12SessionTicket": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12SessionID": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
|
|
"TLS-ECH-Client-Reject-ResumeInnerSession-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled (we could possibly test this if we had the ability to indicate not to send ECH on resumption?)",
|
|
|
|
"TLS-ECH-Client-Reject-EarlyDataRejected": "Go does not support early (0-RTT) data",
|
|
|
|
"TLS-ECH-Client-NoNPN": "We don't support NPN",
|
|
|
|
"TLS-ECH-Client-ChannelID": "We don't support sending channel ID",
|
|
"TLS-ECH-Client-Reject-NoChannelID-TLS13": "We don't support sending channel ID",
|
|
"TLS-ECH-Client-Reject-NoChannelID-TLS12": "We don't support sending channel ID",
|
|
|
|
"TLS-ECH-Client-GREASE-IgnoreHRRExtension": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-NoSupportedConfigs-GREASE": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-GREASEExtensions": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-GREASE-NoOverrideName": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
|
|
"TLS-ECH-Client-UnsolicitedInnerServerNameAck": "We don't allow sending empty SNI without skipping certificate verification, TODO: could add special flag to bogo to indicate 'empty sni'",
|
|
|
|
"TLS-ECH-Client-NoSupportedConfigs": "We don't support fallback to cleartext when there are no valid ECH configs",
|
|
"TLS-ECH-Client-SkipInvalidPublicName": "We don't support fallback to cleartext when there are no valid ECH configs",
|
|
|
|
"TLS-ECH-Server-EarlyData": "Go does not support early (0-RTT) data",
|
|
"TLS-ECH-Server-EarlyDataRejected": "Go does not support early (0-RTT) data",
|
|
|
|
"MLKEMKeyShareIncludedSecond": "BoGo wants us to order the key shares based on its preference, but we don't support that",
|
|
"MLKEMKeyShareIncludedThird": "BoGo wants us to order the key shares based on its preference, but we don't support that",
|
|
"PostQuantumNotEnabledByDefaultInClients": "We do enable it by default!",
|
|
"*-Kyber-TLS13": "We don't support Kyber, only ML-KEM (BoGo bug ignoring AllCurves?)",
|
|
|
|
"SendEmptySessionTicket-TLS13": "https://github.com/golang/go/issues/70513",
|
|
|
|
"*-SignDefault-*": "TODO, partially it encodes BoringSSL defaults, partially we might be missing some implicit behavior of a missing flag",
|
|
|
|
"SendV2ClientHello*": "We don't support SSLv2",
|
|
"*QUIC*": "No QUIC support",
|
|
"Compliance-fips*": "No FIPS",
|
|
"*DTLS*": "No DTLS",
|
|
"SendEmptyRecords*": "crypto/tls doesn't implement spam protections",
|
|
"SendWarningAlerts*": "crypto/tls doesn't implement spam protections",
|
|
"TooManyKeyUpdates": "crypto/tls doesn't implement spam protections (TODO: I think?)",
|
|
"KyberNotEnabledByDefaultInClients": "crypto/tls intentionally enables it",
|
|
"JustConfiguringKyberWorks": "we always send a X25519 key share with Kyber",
|
|
"KyberKeyShareIncludedSecond": "we always send the Kyber key share first",
|
|
"KyberKeyShareIncludedThird": "we always send the Kyber key share first",
|
|
"SkipNewSessionTicket": "TODO confusing? maybe bug",
|
|
"SendUserCanceledAlerts*": "TODO may be a real bug?",
|
|
"GREASE-Server-TLS13": "TODO ???",
|
|
"GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
|
|
"SendBogusAlertType": "sending wrong alert type",
|
|
"EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",
|
|
"*Client-P-224*": "no P-224 support",
|
|
"*Server-P-224*": "no P-224 support",
|
|
"CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
|
|
"CheckLeafCurve": "TODO: first pass, this should be fixed",
|
|
"DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnsupportedCurve": "TODO: first pass, this should be fixed",
|
|
"SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
|
|
"NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
|
|
"KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
|
|
"TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
|
|
"InvalidCompressionMethod": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed",
|
|
"ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed",
|
|
"MinorVersionTolerance": "TODO: first pass, this should be fixed",
|
|
"IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
|
|
"SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
|
|
"MajorVersionTolerance": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed",
|
|
"EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnsolicitedOCSPOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnsolicitedSCTOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnknownExtensionOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS1-TLS1-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS11-TLS11-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS12-TLS12-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoPSKBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-PSKBinderFirstExtension": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-PSKBinderFirstExtension-SecondBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoPSKBinder-SecondBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-OmitPSKsOnSecondClientHello": "TODO: first pass, this should be fixed",
|
|
"Renegotiate-Server-Forbidden": "TODO: first pass, this should be fixed",
|
|
"Renegotiate-Client-Forbidden-1": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA1-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA256-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA384-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA512-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-ECDSA_SHA1-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-ECDSA_P224_SHA256-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-ECDSA": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-RSA": "TODO: first pass, this should be fixed",
|
|
"ECDSACurveMismatch-Verify-TLS13": "TODO: first pass, this should be fixed",
|
|
"Ed25519DefaultDisable-NoAdvertise": "TODO: first pass, this should be fixed",
|
|
"Ed25519DefaultDisable-NoAccept": "TODO: first pass, this should be fixed",
|
|
"NoCommonSignatureAlgorithms-TLS12-Fallback": "TODO: first pass, this should be fixed",
|
|
"UnknownExtension-Client": "TODO: first pass, this should be fixed",
|
|
"UnknownUnencryptedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnofferedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnknownExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendClientVersion-RSA": "TODO: first pass, this should be fixed",
|
|
"NoCommonCurves": "TODO: first pass, this should be fixed",
|
|
"PointFormat-EncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
|
|
"PointFormat-Client-MissingUncompressed": "TODO: first pass, this should be fixed",
|
|
"TLS13-SendNoKEMModesWithPSK-Server": "TODO: first pass, this should be fixed",
|
|
"TLS13-DuplicateTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"PartialSecondClientHelloAfterFirst": "TODO: first pass, this should be fixed",
|
|
"PartialServerHelloWithHelloRetryRequest": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS1": "TODO: first pass, this should be fixed",
|
|
"PartialClientKeyExchangeWithClientHello": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"PartialNewSessionTicketWithServerHelloDone": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerHelloDone-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerKeyExchange-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-CertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerFinished-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientKeyExchange-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientFinished-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-NewSessionTicket-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ServerCertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-EncryptedExtensions-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"ResumeTLS12SessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"SkipEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed",
|
|
"Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-TooLongSessionID": "TODO: first pass, this should be fixed",
|
|
"Client-ShortSessionID": "TODO: first pass, this should be fixed",
|
|
"TLS12NoSessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"Server-TooLongSessionID-TLS12": "TODO: first pass, this should be fixed",
|
|
"EmptyEncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
|
|
"SkipEarlyData-SecondClientHelloEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"EncryptedExtensionsWithKeyShare-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-DuplicateCurve-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-DuplicateCookie-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-Unknown-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendPostHandshakeChangeCipherSpec-TLS13": "TODO: first pass, this should be fixed",
|
|
"ECDSAKeyUsage-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"ECDSAKeyUsage-Server-TLS13": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS13": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS13": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateCertCompressionExt-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateCertCompressionExt-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-RejectJDK11DowngradeRandom": "TODO: first pass, this should be fixed",
|
|
"CheckClientCertificateTypes": "TODO: first pass, this should be fixed",
|
|
"CheckECDSACurve-TLS12": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientHelloPadding": "TODO: first pass, this should be fixed",
|
|
"TLS13-ExpectTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"WrongMessageType-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
|
|
"SendHelloRetryRequest-2-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-SkipEndOfEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-Server-BadFinished-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-UnexpectedHandshake-Server-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-CipherMismatch-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-UnofferedCipher-TLS13": "TODO: first pass, this should be fixed"
|
|
},
|
|
"AllCurves": [
|
|
23,
|
|
24,
|
|
25,
|
|
29,
|
|
4588
|
|
]
|
|
}
|