mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-04 04:27:36 +03:00
ade44c2ba6
When ECH is rejected, properly take retry configs from the encrypted extensions message. Also fix the bogo shim to properly test for this behavior. We should properly map the full BoringSSL -> Go errors so that we don't run into a similar failure in the future, but this is left for a follow up CL. Fixes #70915 Change-Id: Icc1878ff6f87df059e7b83e0a431f50f1fea833c Reviewed-on: https://go-review.googlesource.com/c/go/+/638583 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
253 lines
20 KiB
JSON
253 lines
20 KiB
JSON
{
|
|
"DisabledTests": {
|
|
"*-Async": "We don't support boringssl concept of async",
|
|
|
|
"TLS-ECH-Client-Reject-NoClientCertificate-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Reject-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12-RejectRetryConfigs": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Rejected-OverrideName-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Reject-TLS12-NoFalseStart": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12SessionTicket": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12SessionID": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
|
|
"TLS-ECH-Client-Reject-ResumeInnerSession-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled (we could possibly test this if we had the ability to indicate not to send ECH on resumption?)",
|
|
|
|
"TLS-ECH-Client-Reject-EarlyDataRejected": "Go does not support early (0-RTT) data",
|
|
|
|
"TLS-ECH-Client-NoNPN": "We don't support NPN",
|
|
|
|
"TLS-ECH-Client-ChannelID": "We don't support sending channel ID",
|
|
"TLS-ECH-Client-Reject-NoChannelID-TLS13": "We don't support sending channel ID",
|
|
"TLS-ECH-Client-Reject-NoChannelID-TLS12": "We don't support sending channel ID",
|
|
|
|
"TLS-ECH-Client-GREASE-IgnoreHRRExtension": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-NoSupportedConfigs-GREASE": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-GREASEExtensions": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-GREASE-NoOverrideName": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
|
|
"TLS-ECH-Client-UnsolicitedInnerServerNameAck": "We don't allow sending empty SNI without skipping certificate verification, TODO: could add special flag to bogo to indicate 'empty sni'",
|
|
|
|
"TLS-ECH-Client-NoSupportedConfigs": "We don't support fallback to cleartext when there are no valid ECH configs",
|
|
"TLS-ECH-Client-SkipInvalidPublicName": "We don't support fallback to cleartext when there are no valid ECH configs",
|
|
|
|
"TLS-ECH-Server-EarlyData": "Go does not support early (0-RTT) data",
|
|
"TLS-ECH-Server-EarlyDataRejected": "Go does not support early (0-RTT) data",
|
|
|
|
"MLKEMKeyShareIncludedSecond": "BoGo wants us to order the key shares based on its preference, but we don't support that",
|
|
"MLKEMKeyShareIncludedThird": "BoGo wants us to order the key shares based on its preference, but we don't support that",
|
|
"PostQuantumNotEnabledByDefaultInClients": "We do enable it by default!",
|
|
"*-Kyber-TLS13": "We don't support Kyber, only ML-KEM (BoGo bug ignoring AllCurves?)",
|
|
|
|
"SendEmptySessionTicket-TLS13": "https://github.com/golang/go/issues/70513",
|
|
|
|
"*-SignDefault-*": "TODO, partially it encodes BoringSSL defaults, partially we might be missing some implicit behavior of a missing flag",
|
|
|
|
"SendV2ClientHello*": "We don't support SSLv2",
|
|
"*QUIC*": "No QUIC support",
|
|
"Compliance-fips*": "No FIPS",
|
|
"*DTLS*": "No DTLS",
|
|
"SendEmptyRecords*": "crypto/tls doesn't implement spam protections",
|
|
"SendWarningAlerts*": "crypto/tls doesn't implement spam protections",
|
|
"TooManyKeyUpdates": "crypto/tls doesn't implement spam protections (TODO: I think?)",
|
|
"KyberNotEnabledByDefaultInClients": "crypto/tls intentionally enables it",
|
|
"JustConfiguringKyberWorks": "we always send a X25519 key share with Kyber",
|
|
"KyberKeyShareIncludedSecond": "we always send the Kyber key share first",
|
|
"KyberKeyShareIncludedThird": "we always send the Kyber key share first",
|
|
"SkipNewSessionTicket": "TODO confusing? maybe bug",
|
|
"SendUserCanceledAlerts*": "TODO may be a real bug?",
|
|
"GREASE-Server-TLS13": "TODO ???",
|
|
"GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
|
|
"SendBogusAlertType": "sending wrong alert type",
|
|
"EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",
|
|
"*Client-P-224*": "no P-224 support",
|
|
"*Server-P-224*": "no P-224 support",
|
|
"CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
|
|
"CheckLeafCurve": "TODO: first pass, this should be fixed",
|
|
"DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnsupportedCurve": "TODO: first pass, this should be fixed",
|
|
"SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
|
|
"NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
|
|
"KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
|
|
"TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
|
|
"InvalidCompressionMethod": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed",
|
|
"ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed",
|
|
"MinorVersionTolerance": "TODO: first pass, this should be fixed",
|
|
"IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
|
|
"SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
|
|
"MajorVersionTolerance": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed",
|
|
"EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnsolicitedOCSPOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnsolicitedSCTOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnknownExtensionOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS1-TLS1-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS11-TLS11-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS12-TLS12-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoPSKBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-PSKBinderFirstExtension": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-PSKBinderFirstExtension-SecondBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoPSKBinder-SecondBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-OmitPSKsOnSecondClientHello": "TODO: first pass, this should be fixed",
|
|
"Renegotiate-Server-Forbidden": "TODO: first pass, this should be fixed",
|
|
"Renegotiate-Client-Forbidden-1": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA1-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA256-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA384-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA512-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-ECDSA_SHA1-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-ECDSA_P224_SHA256-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-ECDSA": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-RSA": "TODO: first pass, this should be fixed",
|
|
"ECDSACurveMismatch-Verify-TLS13": "TODO: first pass, this should be fixed",
|
|
"Ed25519DefaultDisable-NoAdvertise": "TODO: first pass, this should be fixed",
|
|
"Ed25519DefaultDisable-NoAccept": "TODO: first pass, this should be fixed",
|
|
"NoCommonSignatureAlgorithms-TLS12-Fallback": "TODO: first pass, this should be fixed",
|
|
"UnknownExtension-Client": "TODO: first pass, this should be fixed",
|
|
"UnknownUnencryptedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnofferedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnknownExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendClientVersion-RSA": "TODO: first pass, this should be fixed",
|
|
"NoCommonCurves": "TODO: first pass, this should be fixed",
|
|
"PointFormat-EncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
|
|
"PointFormat-Client-MissingUncompressed": "TODO: first pass, this should be fixed",
|
|
"TLS13-SendNoKEMModesWithPSK-Server": "TODO: first pass, this should be fixed",
|
|
"TLS13-DuplicateTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"PartialSecondClientHelloAfterFirst": "TODO: first pass, this should be fixed",
|
|
"PartialServerHelloWithHelloRetryRequest": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS1": "TODO: first pass, this should be fixed",
|
|
"PartialClientKeyExchangeWithClientHello": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"PartialNewSessionTicketWithServerHelloDone": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerHelloDone-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerKeyExchange-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-CertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerFinished-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientKeyExchange-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientFinished-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-NewSessionTicket-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ServerCertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-EncryptedExtensions-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"ResumeTLS12SessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"SkipEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed",
|
|
"Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-TooLongSessionID": "TODO: first pass, this should be fixed",
|
|
"Client-ShortSessionID": "TODO: first pass, this should be fixed",
|
|
"TLS12NoSessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"Server-TooLongSessionID-TLS12": "TODO: first pass, this should be fixed",
|
|
"EmptyEncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
|
|
"SkipEarlyData-SecondClientHelloEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"EncryptedExtensionsWithKeyShare-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-DuplicateCurve-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-DuplicateCookie-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-Unknown-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendPostHandshakeChangeCipherSpec-TLS13": "TODO: first pass, this should be fixed",
|
|
"ECDSAKeyUsage-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"ECDSAKeyUsage-Server-TLS13": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS13": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS13": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateCertCompressionExt-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateCertCompressionExt-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-RejectJDK11DowngradeRandom": "TODO: first pass, this should be fixed",
|
|
"CheckClientCertificateTypes": "TODO: first pass, this should be fixed",
|
|
"CheckECDSACurve-TLS12": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientHelloPadding": "TODO: first pass, this should be fixed",
|
|
"TLS13-ExpectTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"WrongMessageType-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
|
|
"SendHelloRetryRequest-2-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-SkipEndOfEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-Server-BadFinished-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-UnexpectedHandshake-Server-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-CipherMismatch-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-UnofferedCipher-TLS13": "TODO: first pass, this should be fixed"
|
|
},
|
|
"AllCurves": [
|
|
23,
|
|
24,
|
|
25,
|
|
29,
|
|
4588
|
|
],
|
|
"ErrorMap": {
|
|
":ECH_REJECTED:": "tls: server rejected ECH"
|
|
}
|
|
}
|