kris/crypto-tls-bogo-shim
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
20 Commits 6 Branches 0 Tags 806 KiB
fc9d5b3aad
Commit Graph

14 Commits

Author SHA1 Message Date
Peter Wu
fc9d5b3aad Disable PSS test for TLS 1.2, disable unknown extension client test 
PSS test is disabled because its implementation is not accepted yet
(https://go-review.googlesource.com/c/go/+/79738). Do not check for
UnknownUnencryptedExtension-Client-TLS13, the client currently does not
check for extensions that it did not advertise.
 2017-11-27 18:13:31 +00:00
Peter Wu
3726fac5b8 Fixes LargeMessage test 
Fixed in tls-tris: "crypto/tls: accept 2^14+1 TLSInnerPlaintext"
 2017-10-04 16:31:12 +01:00
Peter Wu
742b5b3053 Fixed PartialEncryptedExtensionsWithServerHello test 
Problem was in the TLS 1.3 client implementation of tls-tris, fixed in:
"crypto/tls: prevent handshake messages crossing key boundaries"
 2017-10-04 15:52:40 +01:00
Peter Wu
3fbd902fed Document TLS13-WrongOuterRecord 
The spec only says that the "opaque_type" field is always set to 23
(application_data), but that is not a MUST check.

https://github.com/cloudflare/tls-tris/issues/47
 2017-10-04 15:06:11 +01:00
Peter Wu
961b387c76 Fixed BadCBCPadding255 test 
https://go-review.googlesource.com/c/go/+/68070
 2017-10-04 14:40:44 +01:00
Peter Wu
57e3e08e16 Fold LargeRecord tests 
See https://github.com/cloudflare/tls-tris/issues/46, current
implementations may send one byte too much since they do not include the
content type in the calculation.
 2017-10-03 18:46:07 +01:00
Peter Wu
ae4cad4eb9 Improve description for some disabled tests 2017-10-03 12:52:34 +01:00
Peter Wu
3b70371d64 Enable client tests 
Tested with the initial tls-tris client support branch which includes
basic RSASSA-PSS support. Coverage changed from ... to ...:

    0/3509/3692/3692/4136
    0/2784/3195/3195/4136
 2017-10-02 16:54:31 +01:00
Peter Wu
87979f9592 Disable KeyUpdate tests 
KeyUpdate is not implemented in tls-tris yet
 2017-09-05 16:57:59 -04:00
Peter Wu
cd01f9ce21 Update to latest boringssl tests 
Go 1.8 includes "crypto/tls: disable CBC cipher suites with SHA-256 by
default." which breaks the "TLS12-AES128-SHA256-server" test (among
others). Since this was fixed upstream (by removing the CBC tests), just
update the vendored copy using:

    gvt update github.com/google/boringssl/ssl/test

Removed tests from config.json that are no longer present while at it.
 2017-09-05 16:57:59 -04:00
Filippo Valsorda
145b2cd402 Temporarily ignore the renegotiation tests 2017-01-24 13:22:51 +00:00
Filippo Valsorda
eab3c72dbe Reach 0 failed / 217 passed on Tris 2017-01-18 17:47:47 +00:00
Filippo Valsorda
b6d73d9163 Switch to Tris and get basic server tests to run 2017-01-09 18:24:36 -05:00
Filippo Valsorda
6f6a519c21 First shim that does... nothing 2017-01-09 16:47:43 -05:00