mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 03:57:36 +03:00
ce1cbd081a
This CL adds a (very opinionated) client-side ECH implementation. In particular, if a user configures a ECHConfigList, by setting the Config.EncryptedClientHelloConfigList, but we determine that none of the configs are appropriate, we will not fallback to plaintext SNI, and will instead return an error. It is then up to the user to decide if they wish to fallback to plaintext themselves (by removing the config list). Additionally if Config.EncryptedClientHelloConfigList is provided, we will not offer TLS support lower than 1.3, since negotiating any other version, while offering ECH, is a hard error anyway. Similarly, if a user wishes to fallback to plaintext SNI by using 1.2, they may do so by removing the config list. With regard to PSK GREASE, we match the boringssl behavior, which does not include PSK identities/binders in the outer hello when doing ECH. If the server rejects ECH, we will return a ECHRejectionError error, which, if provided by the server, will contain a ECHConfigList in the RetryConfigList field containing configs that should be used if the user wishes to retry. It is up to the user to replace their existing Config.EncryptedClientHelloConfigList with the retry config list. Fixes #63369 Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest Change-Id: I9bc373c044064221a647a388ac61624efd6bbdbf Reviewed-on: https://go-review.googlesource.com/c/go/+/578575 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
240 lines
20 KiB
JSON
240 lines
20 KiB
JSON
{
|
|
"DisabledTests": {
|
|
"*-Async": "We don't support boringssl concept of async",
|
|
|
|
"TLS-ECH-Client-Reject-NoClientCertificate-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Reject-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12-RejectRetryConfigs": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Rejected-OverrideName-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-Reject-TLS12-NoFalseStart": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12SessionTicket": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
"TLS-ECH-Client-TLS12SessionID": "We won't attempt to negotiate 1.2 if ECH is enabled",
|
|
|
|
"TLS-ECH-Client-Reject-ResumeInnerSession-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled (we could possibly test this if we had the ability to indicate not to send ECH on resumption?)",
|
|
|
|
"TLS-ECH-Client-Reject-EarlyDataRejected": "We don't support switiching out ECH configs with this level of granularity",
|
|
|
|
"TLS-ECH-Client-NoNPN": "We don't support NPN",
|
|
|
|
"TLS-ECH-Client-ChannelID": "We don't support sending channel ID",
|
|
"TLS-ECH-Client-Reject-NoChannelID-TLS13": "We don't support sending channel ID",
|
|
"TLS-ECH-Client-Reject-NoChannelID-TLS12": "We don't support sending channel ID",
|
|
|
|
"TLS-ECH-Client-GREASE-IgnoreHRRExtension": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-NoSupportedConfigs-GREASE": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-GREASEExtensions": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
"TLS-ECH-Client-GREASE-NoOverrideName": "We don't support ECH GREASE because we don't fallback to plaintext",
|
|
|
|
"TLS-ECH-Client-UnsolicitedInnerServerNameAck": "We don't allow sending empty SNI without skipping certificate verification, TODO: could add special flag to bogo to indicate 'empty sni'",
|
|
|
|
"TLS-ECH-Client-NoSupportedConfigs": "We don't support fallback to cleartext when there are no valid ECH configs",
|
|
"TLS-ECH-Client-SkipInvalidPublicName": "We don't support fallback to cleartext when there are no valid ECH configs",
|
|
|
|
"TLS-ECH-Client-Reject-RandomHRRExtension": "TODO: bogo test cases have mismatching public certificates and public names in ECH configs. Can be removed once bogo fixed",
|
|
"TLS-ECH-Client-Reject-UnsupportedRetryConfigs": "TODO: bogo test cases have mismatching public certificates and public names in ECH configs. Can be removed once bogo fixed",
|
|
"TLS-ECH-Client-Reject-NoRetryConfigs": "TODO: bogo test cases have mismatching public certificates and public names in ECH configs. Can be removed once bogo fixed",
|
|
"TLS-ECH-Client-Reject": "TODO: bogo test cases have mismatching public certificates and public names in ECH configs. Can be removed once bogo fixed",
|
|
"TLS-ECH-Client-Reject-HelloRetryRequest": "TODO: bogo test cases have mismatching public certificates and public names in ECH configs. Can be removed once bogo fixed",
|
|
"TLS-ECH-Client-Reject-NoClientCertificate-TLS13": "TODO: bogo test cases have mismatching public certificates and public names in ECH configs. Can be removed once bogo fixed",
|
|
"TLS-ECH-Client-Reject-OverrideName-TLS13": "TODO: bogo test cases have mismatching public certificates and public names in ECH configs. Can be removed once bogo fixed",
|
|
|
|
"*ECH-Server*": "no ECH server support",
|
|
"SendV2ClientHello*": "We don't support SSLv2",
|
|
"*QUIC*": "No QUIC support",
|
|
"Compliance-fips*": "No FIPS",
|
|
"*DTLS*": "No DTLS",
|
|
"SendEmptyRecords*": "crypto/tls doesn't implement spam protections",
|
|
"SendWarningAlerts*": "crypto/tls doesn't implement spam protections",
|
|
"TooManyKeyUpdates": "crypto/tls doesn't implement spam protections (TODO: I think?)",
|
|
"KyberNotEnabledByDefaultInClients": "crypto/tls intentionally enables it",
|
|
"JustConfiguringKyberWorks": "we always send a X25519 key share with Kyber",
|
|
"KyberKeyShareIncludedSecond": "we always send the Kyber key share first",
|
|
"KyberKeyShareIncludedThird": "we always send the Kyber key share first",
|
|
"SkipNewSessionTicket": "TODO confusing? maybe bug",
|
|
"SendUserCanceledAlerts*": "TODO may be a real bug?",
|
|
"GREASE-Server-TLS13": "TODO ???",
|
|
"GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
|
|
"SendBogusAlertType": "sending wrong alert type",
|
|
"EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",
|
|
"*Client-P-224*": "no P-224 support",
|
|
"*Server-P-224*": "no P-224 support",
|
|
"CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
|
|
"CheckLeafCurve": "TODO: first pass, this should be fixed",
|
|
"DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnsupportedCurve": "TODO: first pass, this should be fixed",
|
|
"SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
|
|
"NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
|
|
"KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
|
|
"TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
|
|
"InvalidCompressionMethod": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed",
|
|
"RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed",
|
|
"ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed",
|
|
"MinorVersionTolerance": "TODO: first pass, this should be fixed",
|
|
"IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
|
|
"SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
|
|
"MajorVersionTolerance": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed",
|
|
"EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnsolicitedOCSPOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnsolicitedSCTOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendUnknownExtensionOnCertificate-TLS13": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS1-TLS1-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS11-TLS11-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoTickets-TLS12-TLS12-TLS": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoPSKBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-PSKBinderFirstExtension": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-PSKBinderFirstExtension-SecondBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-NoPSKBinder-SecondBinder": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-OmitPSKsOnSecondClientHello": "TODO: first pass, this should be fixed",
|
|
"Renegotiate-Server-Forbidden": "TODO: first pass, this should be fixed",
|
|
"Renegotiate-Client-Forbidden-1": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA1-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA256-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA384-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-RSA_PKCS1_SHA512-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-ECDSA_SHA1-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-Sign-ECDSA_P224_SHA256-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-ECDSA": "TODO: first pass, this should be fixed",
|
|
"ClientAuth-NoFallback-RSA": "TODO: first pass, this should be fixed",
|
|
"ECDSACurveMismatch-Verify-TLS13": "TODO: first pass, this should be fixed",
|
|
"Ed25519DefaultDisable-NoAdvertise": "TODO: first pass, this should be fixed",
|
|
"Ed25519DefaultDisable-NoAccept": "TODO: first pass, this should be fixed",
|
|
"NoCommonSignatureAlgorithms-TLS12-Fallback": "TODO: first pass, this should be fixed",
|
|
"UnknownExtension-Client": "TODO: first pass, this should be fixed",
|
|
"UnknownUnencryptedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnofferedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"UnknownExtension-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendClientVersion-RSA": "TODO: first pass, this should be fixed",
|
|
"NoCommonCurves": "TODO: first pass, this should be fixed",
|
|
"PointFormat-EncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
|
|
"PointFormat-Client-MissingUncompressed": "TODO: first pass, this should be fixed",
|
|
"TLS13-SendNoKEMModesWithPSK-Server": "TODO: first pass, this should be fixed",
|
|
"TLS13-DuplicateTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"Basic-Client-NoTicket-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"Basic-Server-RSA-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"PartialSecondClientHelloAfterFirst": "TODO: first pass, this should be fixed",
|
|
"PartialServerHelloWithHelloRetryRequest": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS1": "TODO: first pass, this should be fixed",
|
|
"PartialClientKeyExchangeWithClientHello": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"PartialNewSessionTicketWithServerHelloDone": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS11": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"TrailingDataWithFinished-Resume-Client-TLS1": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerHelloDone-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerKeyExchange-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-CertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ServerFinished-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientKeyExchange-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientHello-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientFinished-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-NewSessionTicket-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ServerCertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-EncryptedExtensions-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
|
|
"ResumeTLS12SessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"SkipEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed",
|
|
"Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-TooLongSessionID": "TODO: first pass, this should be fixed",
|
|
"Client-ShortSessionID": "TODO: first pass, this should be fixed",
|
|
"TLS12NoSessionID-TLS13": "TODO: first pass, this should be fixed",
|
|
"Server-TooLongSessionID-TLS12": "TODO: first pass, this should be fixed",
|
|
"EmptyEncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
|
|
"SkipEarlyData-SecondClientHelloEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"EncryptedExtensionsWithKeyShare-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-DuplicateCurve-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-DuplicateCookie-TLS13": "TODO: first pass, this should be fixed",
|
|
"HelloRetryRequest-Unknown-TLS13": "TODO: first pass, this should be fixed",
|
|
"SendPostHandshakeChangeCipherSpec-TLS13": "TODO: first pass, this should be fixed",
|
|
"ECDSAKeyUsage-Server-TLS12": "TODO: first pass, this should be fixed",
|
|
"ECDSAKeyUsage-Server-TLS13": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS1": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS11": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS12": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Client-WantSignature-GotSignature-TLS13": "TODO: first pass, this should be fixed",
|
|
"RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS13": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
|
|
"EmptyExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
|
|
"OmitExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
|
|
"DuplicateCertCompressionExt-TLS12": "TODO: first pass, this should be fixed",
|
|
"DuplicateCertCompressionExt-TLS13": "TODO: first pass, this should be fixed",
|
|
"Client-RejectJDK11DowngradeRandom": "TODO: first pass, this should be fixed",
|
|
"CheckClientCertificateTypes": "TODO: first pass, this should be fixed",
|
|
"CheckECDSACurve-TLS12": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS1": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS11": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS12": "TODO: first pass, this should be fixed",
|
|
"ALPNClient-RejectUnknown-TLS-TLS13": "TODO: first pass, this should be fixed",
|
|
"ClientHelloPadding": "TODO: first pass, this should be fixed",
|
|
"TLS13-ExpectTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
|
|
"TLS13-EarlyData-TooMuchData-Client-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
|
|
"WrongMessageType-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
|
|
"TrailingMessageData-TLS13-EndOfEarlyData-TLS": "TODO: first pass, this should be fixed",
|
|
"SendHelloRetryRequest-2-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-SkipEndOfEarlyData-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-Server-BadFinished-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-UnexpectedHandshake-Server-TLS13": "TODO: first pass, this should be fixed",
|
|
"EarlyData-CipherMismatch-Client-TLS13": "TODO: first pass, this should be fixed",
|
|
"Resume-Server-UnofferedCipher-TLS13": "TODO: first pass, this should be fixed"
|
|
}
|
|
}
|