Current bogo tests for draft18, patch that to use draft22. Patch from
https://boringssl-review.googlesource.com/c/boringssl/+/23704/2
Upstream commit e1068b76bd1d7f6ea06c90faa523ad8d562ec11b ("Test RSA
premaster unpad better.") added another version-specific test, disable
that since no protection is implemented.
This test checks for a handshake failure when the server sends
supported_versions, but draft 22 will start using this extension. Do not
bother checking for it.
PSS test is disabled because its implementation is not accepted yet
(https://go-review.googlesource.com/c/go/+/79738). Do not check for
UnknownUnencryptedExtension-Client-TLS13, the client currently does not
check for extensions that it did not advertise.
Tested with the initial tls-tris client support branch which includes
basic RSASSA-PSS support. Coverage changed from ... to ...:
0/3509/3692/3692/4136
0/2784/3195/3195/4136
Since 2d04cf08cb3413ba9c7271a1884ceca00c56c7e2 ("Test with IPv6 by
default, and IPv4 only if that fails."), the test runner listens on ::1
by default instead of 127.0.0.1.
Go 1.8 includes "crypto/tls: disable CBC cipher suites with SHA-256 by
default." which breaks the "TLS12-AES128-SHA256-server" test (among
others). Since this was fixed upstream (by removing the CBC tests), just
update the vendored copy using:
gvt update github.com/google/boringssl/ssl/test
Removed tests from config.json that are no longer present while at it.
