Peter Wu
742b5b3053
Fixed PartialEncryptedExtensionsWithServerHello test
...
Problem was in the TLS 1.3 client implementation of tls-tris, fixed in:
"crypto/tls: prevent handshake messages crossing key boundaries"
2017-10-04 15:52:40 +01:00
Peter Wu
3fbd902fed
Document TLS13-WrongOuterRecord
...
The spec only says that the "opaque_type" field is always set to 23
(application_data), but that is not a MUST check.
https://github.com/cloudflare/tls-tris/issues/47
2017-10-04 15:06:11 +01:00
Peter Wu
961b387c76
Fixed BadCBCPadding255 test
...
https://go-review.googlesource.com/c/go/+/68070
2017-10-04 14:40:44 +01:00
Peter Wu
57e3e08e16
Fold LargeRecord tests
...
See https://github.com/cloudflare/tls-tris/issues/46 , current
implementations may send one byte too much since they do not include the
content type in the calculation.
2017-10-03 18:46:07 +01:00
Peter Wu
ae4cad4eb9
Improve description for some disabled tests
2017-10-03 12:52:34 +01:00
Peter Wu
3b70371d64
Enable client tests
...
Tested with the initial tls-tris client support branch which includes
basic RSASSA-PSS support. Coverage changed from ... to ...:
0/3509/3692/3692/4136
0/2784/3195/3195/4136
2017-10-02 16:54:31 +01:00
Peter Wu
e12c7d5ba7
shim: support -min-version and -max-version
...
Required for test case RSA-PSS-Default-Sign which is currently the only
test that fails with tls-tris.
2017-09-06 15:33:03 +01:00
Peter Wu
8d196e3081
Fix "dial tcp 127.0.0.1:63890: getsockopt: connection refused"
...
Since 2d04cf08cb3413ba9c7271a1884ceca00c56c7e2 ("Test with IPv6 by
default, and IPv4 only if that fails."), the test runner listens on ::1
by default instead of 127.0.0.1.
2017-09-05 16:57:59 -04:00
Peter Wu
87979f9592
Disable KeyUpdate tests
...
KeyUpdate is not implemented in tls-tris yet
2017-09-05 16:57:59 -04:00
Peter Wu
cd01f9ce21
Update to latest boringssl tests
...
Go 1.8 includes "crypto/tls: disable CBC cipher suites with SHA-256 by
default." which breaks the "TLS12-AES128-SHA256-server" test (among
others). Since this was fixed upstream (by removing the CBC tests), just
update the vendored copy using:
gvt update github.com/google/boringssl/ssl/test
Removed tests from config.json that are no longer present while at it.
2017-09-05 16:57:59 -04:00
Filippo Valsorda
145b2cd402
Temporarily ignore the renegotiation tests
2017-01-24 13:22:51 +00:00
Filippo Valsorda
1f2998de6f
Unbundle tls-tris to run from the Tris CI
2017-01-18 17:56:30 +00:00
Filippo Valsorda
eab3c72dbe
Reach 0 failed / 217 passed on Tris
2017-01-18 17:47:47 +00:00
Filippo Valsorda
85a7969e65
(c) 2016 Cloudflare
2017-01-09 19:12:09 -05:00
Filippo Valsorda
b6d73d9163
Switch to Tris and get basic server tests to run
2017-01-09 18:24:36 -05:00
Filippo Valsorda
6f6a519c21
First shim that does... nothing
2017-01-09 16:47:43 -05:00
Filippo Valsorda
7d0e00e93b
Initial commit
2016-11-06 23:35:51 -08:00