2017-01-11 16:34:52 +00:00
|
|
|
SSL,277,ALPN_MISMATCH_ON_EARLY_DATA
|
2015-06-29 04:36:21 +01:00
|
|
|
SSL,100,APP_DATA_IN_HANDSHAKE
|
|
|
|
SSL,101,ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT
|
|
|
|
SSL,102,BAD_ALERT
|
|
|
|
SSL,103,BAD_CHANGE_CIPHER_SPEC
|
|
|
|
SSL,104,BAD_DATA_RETURNED_BY_CALLBACK
|
|
|
|
SSL,105,BAD_DH_P_LENGTH
|
|
|
|
SSL,106,BAD_DIGEST_LENGTH
|
|
|
|
SSL,107,BAD_ECC_CERT
|
|
|
|
SSL,108,BAD_ECPOINT
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,109,BAD_HANDSHAKE_RECORD
|
|
|
|
SSL,110,BAD_HELLO_REQUEST
|
|
|
|
SSL,111,BAD_LENGTH
|
|
|
|
SSL,112,BAD_PACKET_LENGTH
|
|
|
|
SSL,113,BAD_RSA_ENCRYPT
|
|
|
|
SSL,114,BAD_SIGNATURE
|
|
|
|
SSL,115,BAD_SRTP_MKI_VALUE
|
|
|
|
SSL,116,BAD_SRTP_PROTECTION_PROFILE_LIST
|
|
|
|
SSL,117,BAD_SSL_FILETYPE
|
|
|
|
SSL,118,BAD_WRITE_RETRY
|
|
|
|
SSL,119,BIO_NOT_SET
|
2016-08-17 20:54:36 +01:00
|
|
|
SSL,261,BLOCK_CIPHER_PAD_IS_WRONG
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,120,BN_LIB
|
2016-07-15 04:10:43 +01:00
|
|
|
SSL,255,BUFFERED_MESSAGES_ON_CIPHER_CHANGE
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,121,BUFFER_TOO_SMALL
|
2017-02-28 19:26:51 +00:00
|
|
|
SSL,275,CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD
|
2016-12-12 19:37:43 +00:00
|
|
|
SSL,272,CANNOT_PARSE_LEAF_CERT
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,122,CA_DN_LENGTH_MISMATCH
|
|
|
|
SSL,123,CA_DN_TOO_LONG
|
|
|
|
SSL,124,CCS_RECEIVED_EARLY
|
2017-02-28 19:26:51 +00:00
|
|
|
SSL,274,CERTIFICATE_AND_PRIVATE_KEY_MISMATCH
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,125,CERTIFICATE_VERIFY_FAILED
|
|
|
|
SSL,126,CERT_CB_ERROR
|
|
|
|
SSL,127,CERT_LENGTH_MISMATCH
|
|
|
|
SSL,128,CHANNEL_ID_NOT_P256
|
2017-03-26 02:54:16 +01:00
|
|
|
SSL,279,CHANNEL_ID_ON_EARLY_DATA
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,129,CHANNEL_ID_SIGNATURE_INVALID
|
|
|
|
SSL,130,CIPHER_OR_HASH_UNAVAILABLE
|
|
|
|
SSL,131,CLIENTHELLO_PARSE_FAILED
|
|
|
|
SSL,132,CLIENTHELLO_TLSEXT
|
|
|
|
SSL,133,CONNECTION_REJECTED
|
|
|
|
SSL,134,CONNECTION_TYPE_NOT_SET
|
|
|
|
SSL,135,CUSTOM_EXTENSION_ERROR
|
|
|
|
SSL,136,DATA_LENGTH_TOO_LONG
|
|
|
|
SSL,137,DECODE_ERROR
|
|
|
|
SSL,138,DECRYPTION_FAILED
|
|
|
|
SSL,139,DECRYPTION_FAILED_OR_BAD_RECORD_MAC
|
|
|
|
SSL,140,DH_PUBLIC_VALUE_LENGTH_IS_WRONG
|
|
|
|
SSL,141,DH_P_TOO_LONG
|
|
|
|
SSL,142,DIGEST_CHECK_FAILED
|
2016-07-10 17:20:35 +01:00
|
|
|
SSL,254,DOWNGRADE_DETECTED
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,143,DTLS_MESSAGE_TOO_BIG
|
2016-07-11 18:19:03 +01:00
|
|
|
SSL,257,DUPLICATE_EXTENSION
|
2016-09-21 00:24:40 +01:00
|
|
|
SSL,264,DUPLICATE_KEY_SHARE
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,144,ECC_CERT_NOT_FOR_SIGNING
|
|
|
|
SSL,145,EMS_STATE_INCONSISTENT
|
|
|
|
SSL,146,ENCRYPTED_LENGTH_TOO_LONG
|
|
|
|
SSL,147,ERROR_ADDING_EXTENSION
|
|
|
|
SSL,148,ERROR_IN_RECEIVED_CIPHER_LIST
|
|
|
|
SSL,149,ERROR_PARSING_EXTENSION
|
|
|
|
SSL,150,EXCESSIVE_MESSAGE_SIZE
|
|
|
|
SSL,151,EXTRA_DATA_IN_MESSAGE
|
|
|
|
SSL,152,FRAGMENT_MISMATCH
|
|
|
|
SSL,153,GOT_NEXT_PROTO_WITHOUT_EXTENSION
|
|
|
|
SSL,154,HANDSHAKE_FAILURE_ON_CLIENT_HELLO
|
|
|
|
SSL,155,HTTPS_PROXY_REQUEST
|
|
|
|
SSL,156,HTTP_REQUEST
|
|
|
|
SSL,157,INAPPROPRIATE_FALLBACK
|
2016-08-11 16:52:23 +01:00
|
|
|
SSL,259,INVALID_ALPN_PROTOCOL
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,158,INVALID_COMMAND
|
2016-07-11 18:19:03 +01:00
|
|
|
SSL,256,INVALID_COMPRESSION_LIST
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,159,INVALID_MESSAGE
|
2016-06-25 03:56:37 +01:00
|
|
|
SSL,251,INVALID_OUTER_RECORD_TYPE
|
2016-11-18 22:21:03 +00:00
|
|
|
SSL,269,INVALID_SCT_LIST
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,160,INVALID_SSL_SESSION
|
|
|
|
SSL,161,INVALID_TICKET_KEYS_LENGTH
|
|
|
|
SSL,162,LENGTH_MISMATCH
|
|
|
|
SSL,164,MISSING_EXTENSION
|
2016-07-11 18:19:03 +01:00
|
|
|
SSL,258,MISSING_KEY_SHARE
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,165,MISSING_RSA_CERTIFICATE
|
|
|
|
SSL,166,MISSING_TMP_DH_KEY
|
|
|
|
SSL,167,MISSING_TMP_ECDH_KEY
|
|
|
|
SSL,168,MIXED_SPECIAL_OPERATOR_WITH_GROUPS
|
|
|
|
SSL,169,MTU_TOO_SMALL
|
|
|
|
SSL,170,NEGOTIATED_BOTH_NPN_AND_ALPN
|
|
|
|
SSL,171,NESTED_GROUP
|
|
|
|
SSL,172,NO_CERTIFICATES_RETURNED
|
|
|
|
SSL,173,NO_CERTIFICATE_ASSIGNED
|
|
|
|
SSL,174,NO_CERTIFICATE_SET
|
|
|
|
SSL,175,NO_CIPHERS_AVAILABLE
|
|
|
|
SSL,176,NO_CIPHERS_PASSED
|
2016-08-17 20:54:36 +01:00
|
|
|
SSL,262,NO_CIPHERS_SPECIFIED
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,177,NO_CIPHER_MATCH
|
2016-07-08 23:52:59 +01:00
|
|
|
SSL,253,NO_COMMON_SIGNATURE_ALGORITHMS
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,178,NO_COMPRESSION_SPECIFIED
|
Only predict X25519 in TLS 1.3.
We'd previously been assuming we'd want to predict P-256 and X25519 but,
on reflection, that's nonsense. Although, today, P-256 is widespread and
X25519 is less so, that's not the right question to ask. Those servers
are all 1.2.
The right question is whether we believe enough servers will get to TLS
1.3 before X25519 to justify wasting 64 bytes on all other connections.
Given that OpenSSL has already shipped X25519 and Microsoft was doing
interop testing on X25519 around when we were shipping it, I think the
answer is no.
Moreover, if we are wrong, it will be easier to go from predicting one
group to two rather than the inverse (provided we send a fake one with
GREASE). I anticipate prediction-miss HelloRetryRequest logic across the
TLS/TCP ecosystem will be largely untested (no one wants to pay an RTT),
so taking a group out of the predicted set will likely be a risky
operation.
Only predicting one group also makes things a bit simpler. I haven't
done this here, but we'll be able to fold the 1.2 and 1.3 ecdh_ctx's
together, even.
Change-Id: Ie7e42d3105aca48eb9d97e2e05a16c5379aa66a3
Reviewed-on: https://boringssl-review.googlesource.com/10960
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-09-09 04:47:48 +01:00
|
|
|
SSL,265,NO_GROUPS_SPECIFIED
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,179,NO_METHOD_SPECIFIED
|
|
|
|
SSL,180,NO_P256_SUPPORT
|
|
|
|
SSL,181,NO_PRIVATE_KEY_ASSIGNED
|
|
|
|
SSL,182,NO_RENEGOTIATION
|
|
|
|
SSL,183,NO_REQUIRED_DIGEST
|
|
|
|
SSL,184,NO_SHARED_CIPHER
|
2016-09-06 19:13:43 +01:00
|
|
|
SSL,266,NO_SHARED_GROUP
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,185,NULL_SSL_CTX
|
|
|
|
SSL,186,NULL_SSL_METHOD_PASSED
|
|
|
|
SSL,187,OLD_SESSION_CIPHER_NOT_RETURNED
|
2016-11-16 07:25:58 +00:00
|
|
|
SSL,268,OLD_SESSION_PRF_HASH_MISMATCH
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,188,OLD_SESSION_VERSION_NOT_RETURNED
|
|
|
|
SSL,189,OUTPUT_ALIASES_INPUT
|
|
|
|
SSL,190,PARSE_TLSEXT
|
|
|
|
SSL,191,PATH_TOO_LONG
|
|
|
|
SSL,192,PEER_DID_NOT_RETURN_A_CERTIFICATE
|
|
|
|
SSL,193,PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
|
2016-11-01 17:39:36 +00:00
|
|
|
SSL,267,PRE_SHARED_KEY_MUST_BE_LAST
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,194,PROTOCOL_IS_SHUTDOWN
|
2016-12-01 21:47:56 +00:00
|
|
|
SSL,271,PSK_IDENTITY_BINDER_COUNT_MISMATCH
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,195,PSK_IDENTITY_NOT_FOUND
|
|
|
|
SSL,196,PSK_NO_CLIENT_CB
|
|
|
|
SSL,197,PSK_NO_SERVER_CB
|
|
|
|
SSL,198,READ_TIMEOUT_EXPIRED
|
|
|
|
SSL,199,RECORD_LENGTH_MISMATCH
|
|
|
|
SSL,200,RECORD_TOO_LARGE
|
2016-08-30 04:14:17 +01:00
|
|
|
SSL,263,RENEGOTIATION_EMS_MISMATCH
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,201,RENEGOTIATION_ENCODING_ERR
|
|
|
|
SSL,202,RENEGOTIATION_MISMATCH
|
|
|
|
SSL,203,REQUIRED_CIPHER_MISSING
|
|
|
|
SSL,204,RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION
|
|
|
|
SSL,205,RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION
|
|
|
|
SSL,206,SCSV_RECEIVED_WHEN_RENEGOTIATING
|
|
|
|
SSL,207,SERVERHELLO_TLSEXT
|
2017-03-01 01:54:28 +00:00
|
|
|
SSL,273,SERVER_CERT_CHANGED
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,208,SESSION_ID_CONTEXT_UNINITIALIZED
|
|
|
|
SSL,209,SESSION_MAY_NOT_BE_CREATED
|
2016-02-24 15:47:52 +00:00
|
|
|
SSL,250,SHUTDOWN_WHILE_IN_INIT
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,210,SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER
|
|
|
|
SSL,211,SRTP_COULD_NOT_ALLOCATE_PROFILES
|
|
|
|
SSL,212,SRTP_UNKNOWN_PROTECTION_PROFILE
|
|
|
|
SSL,213,SSL3_EXT_INVALID_SERVERNAME
|
2015-06-29 04:36:21 +01:00
|
|
|
SSL,1042,SSLV3_ALERT_BAD_CERTIFICATE
|
|
|
|
SSL,1020,SSLV3_ALERT_BAD_RECORD_MAC
|
|
|
|
SSL,1045,SSLV3_ALERT_CERTIFICATE_EXPIRED
|
|
|
|
SSL,1044,SSLV3_ALERT_CERTIFICATE_REVOKED
|
|
|
|
SSL,1046,SSLV3_ALERT_CERTIFICATE_UNKNOWN
|
|
|
|
SSL,1000,SSLV3_ALERT_CLOSE_NOTIFY
|
|
|
|
SSL,1030,SSLV3_ALERT_DECOMPRESSION_FAILURE
|
|
|
|
SSL,1040,SSLV3_ALERT_HANDSHAKE_FAILURE
|
|
|
|
SSL,1047,SSLV3_ALERT_ILLEGAL_PARAMETER
|
|
|
|
SSL,1041,SSLV3_ALERT_NO_CERTIFICATE
|
|
|
|
SSL,1010,SSLV3_ALERT_UNEXPECTED_MESSAGE
|
|
|
|
SSL,1043,SSLV3_ALERT_UNSUPPORTED_CERTIFICATE
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,214,SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION
|
|
|
|
SSL,215,SSL_HANDSHAKE_FAILURE
|
|
|
|
SSL,216,SSL_SESSION_ID_CONTEXT_TOO_LONG
|
2017-03-09 03:33:21 +00:00
|
|
|
SSL,276,TICKET_ENCRYPTION_FAILED
|
2015-06-29 04:36:21 +01:00
|
|
|
SSL,1049,TLSV1_ALERT_ACCESS_DENIED
|
|
|
|
SSL,1050,TLSV1_ALERT_DECODE_ERROR
|
|
|
|
SSL,1021,TLSV1_ALERT_DECRYPTION_FAILED
|
|
|
|
SSL,1051,TLSV1_ALERT_DECRYPT_ERROR
|
|
|
|
SSL,1060,TLSV1_ALERT_EXPORT_RESTRICTION
|
|
|
|
SSL,1086,TLSV1_ALERT_INAPPROPRIATE_FALLBACK
|
|
|
|
SSL,1071,TLSV1_ALERT_INSUFFICIENT_SECURITY
|
|
|
|
SSL,1080,TLSV1_ALERT_INTERNAL_ERROR
|
|
|
|
SSL,1100,TLSV1_ALERT_NO_RENEGOTIATION
|
|
|
|
SSL,1070,TLSV1_ALERT_PROTOCOL_VERSION
|
|
|
|
SSL,1022,TLSV1_ALERT_RECORD_OVERFLOW
|
|
|
|
SSL,1048,TLSV1_ALERT_UNKNOWN_CA
|
|
|
|
SSL,1090,TLSV1_ALERT_USER_CANCELLED
|
|
|
|
SSL,1114,TLSV1_BAD_CERTIFICATE_HASH_VALUE
|
|
|
|
SSL,1113,TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE
|
2016-10-08 01:51:43 +01:00
|
|
|
SSL,1116,TLSV1_CERTIFICATE_REQUIRED
|
2015-06-29 04:36:21 +01:00
|
|
|
SSL,1111,TLSV1_CERTIFICATE_UNOBTAINABLE
|
2016-10-08 01:51:43 +01:00
|
|
|
SSL,1115,TLSV1_UNKNOWN_PSK_IDENTITY
|
2015-06-29 04:36:21 +01:00
|
|
|
SSL,1112,TLSV1_UNRECOGNIZED_NAME
|
|
|
|
SSL,1110,TLSV1_UNSUPPORTED_EXTENSION
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,217,TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
|
|
|
|
SSL,218,TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG
|
|
|
|
SSL,219,TOO_MANY_EMPTY_FRAGMENTS
|
2016-08-16 16:25:03 +01:00
|
|
|
SSL,260,TOO_MANY_KEY_UPDATES
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,220,TOO_MANY_WARNING_ALERTS
|
2016-11-29 18:36:45 +00:00
|
|
|
SSL,270,TOO_MUCH_SKIPPED_EARLY_DATA
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,221,UNABLE_TO_FIND_ECDH_PARAMETERS
|
|
|
|
SSL,222,UNEXPECTED_EXTENSION
|
|
|
|
SSL,223,UNEXPECTED_MESSAGE
|
|
|
|
SSL,224,UNEXPECTED_OPERATOR_IN_GROUP
|
|
|
|
SSL,225,UNEXPECTED_RECORD
|
|
|
|
SSL,226,UNINITIALIZED
|
|
|
|
SSL,227,UNKNOWN_ALERT_TYPE
|
|
|
|
SSL,228,UNKNOWN_CERTIFICATE_TYPE
|
|
|
|
SSL,229,UNKNOWN_CIPHER_RETURNED
|
|
|
|
SSL,230,UNKNOWN_CIPHER_TYPE
|
|
|
|
SSL,231,UNKNOWN_DIGEST
|
|
|
|
SSL,232,UNKNOWN_KEY_EXCHANGE_TYPE
|
|
|
|
SSL,233,UNKNOWN_PROTOCOL
|
|
|
|
SSL,234,UNKNOWN_SSL_VERSION
|
|
|
|
SSL,235,UNKNOWN_STATE
|
|
|
|
SSL,236,UNSAFE_LEGACY_RENEGOTIATION_DISABLED
|
|
|
|
SSL,237,UNSUPPORTED_CIPHER
|
|
|
|
SSL,238,UNSUPPORTED_COMPRESSION_ALGORITHM
|
|
|
|
SSL,239,UNSUPPORTED_ELLIPTIC_CURVE
|
|
|
|
SSL,240,UNSUPPORTED_PROTOCOL
|
2016-06-30 18:27:23 +01:00
|
|
|
SSL,252,UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,241,WRONG_CERTIFICATE_TYPE
|
|
|
|
SSL,242,WRONG_CIPHER_RETURNED
|
|
|
|
SSL,243,WRONG_CURVE
|
|
|
|
SSL,244,WRONG_MESSAGE_TYPE
|
|
|
|
SSL,245,WRONG_SIGNATURE_TYPE
|
|
|
|
SSL,246,WRONG_SSL_VERSION
|
|
|
|
SSL,247,WRONG_VERSION_NUMBER
|
2017-01-11 16:34:52 +00:00
|
|
|
SSL,278,WRONG_VERSION_ON_EARLY_DATA
|
2015-12-06 18:37:52 +00:00
|
|
|
SSL,248,X509_LIB
|
|
|
|
SSL,249,X509_VERIFICATION_SETUP_PROBLEMS
|