{ "DisabledTests": { "*HelloRetryRequest*": "HelloRetryRequest not implemented yet", "*HRR*": "HelloRetryRequest not implemented yet", "*SecondClientHello*": "HelloRetryRequest not implemented yet", "SupportTicketsWithSessionID": "Session IDs not supported", "*-NoTickets-*": "Session IDs not supported", "*-AES128-SHA256-*": "AES128-CBC-SHA256 not supported", "*-AES256-SHA256-*": "AES256-CBC-SHA256 not supported", "*-AES256-SHA384-*": "AES256-CBC-SHA384 not supported", "BadRSAClientKeyExchange-4": "See comment in processClientKeyExchange", "GREASE-Server-TLS13": "TODO", "DuplicateExtensionServer-*": "TODO", "DuplicateKeyShares": "TODO", "SkipEarlyData-TooMuchData": "TODO", "KeyUpdate-*": "TODO", "Renegotiate-Server-Forbidden": "9b812d006d made OpenSSL tests lock up", "SendEmptyRecords*": "client: no protection implemented against flood of empty records", "SendWarningAlerts*": "client: no protection implemented against flood of warning alerts", "SendBogusAlertType": "client: TODO send IllegalParam instead of UnexpectedMessage", "SkipNewSessionTicket": "client: TODO enable session cache", "InvalidCompressionMethod": "client: TODO send IllegalParam instead of UnexpectedMessage", "LargeMessage": "client: bogo violates draft -21 and sends a too large message", "TLS13-AEAD-*-LargeRecord": "client: bogo violates draft -21 and sends a too large message", "NoClientCertificate-TLS13": "client: TODO implement client certs", "TLS13-Client-CertAuth-*": "client: TODO implement client certs", "SupportedVersionSelection-TLS12": "client: TODO send Unexpected Extension if server sends SV", "DuplicateExtensionClient-*": "TODO", "UnsolicitedServerNameAck-*": "client: TODO send Unexpected Extension if SNI was not advertised", "RenegotiationInfo-Forbidden-TLS13": "client: TODO reject ext", "EMS-Forbidden-TLS13": "client: TODO reject ext", "SendUnsolicitedOCSPOnCertificate-TLS13": "client: N/A, we always send status_request", "SendUnsolicitedSCTOnCertificate-TLS13": "client: N/A, we always send SCT", "SendUnknownExtensionOnCertificate-TLS13": "client: TODO reject unknown exts", "Resume-Client-CipherMismatch-TLS13": "client: TODO implement resumption", "ExtendedMasterSecret-NoToNo-Client": "client: TODO implement resumption", "Renegotiate-Client-Forbidden-1": "client: TODO correct alert was sent, but why is the local error EOF?", "TLS13-Client-ClientAuth-*": "client: TODO implement client certs", "ClientAuth-*-TLS13*": "client: TODO implement client certs", "ClientAuth-SHA1-Fallback-*": "client: what to do on empty SigAlg ext?", "RSA-PSS-Default-Verify": "client: TODO enable PSS by default for TLS 1.2", "ECDSACurveMismatch-Verify-TLS13": "client: we do advertise the SigAlg by default", "Ed25519DefaultDisable-NoAccept": "client: expected IllegalParam instead of Unsupported Cert", "UnofferedExtension-Client*": "client: TODO reject unadvertised extension", "UnknownExtension-Client*": "client: TODO reject unadvertised extension", "PointFormat-EncryptedExtensions-TLS13": "client: TODO reject forbidden extension", "PointFormat-Client-MissingUncompressed": "client: TODO should reject", "TLS13-TestBadTicketAge-Client": "client: TODO implement resumption", "TLS13-DuplicateTicketEarlyDataInfo": "client: TODO implement resumption", "TLS13-WrongOuterRecord": "client: checking record content type is not a MUST", "Basic-Client-*":"client: TODO implement resumption", "TLS13-1RTT-Client-*": "client: TODO implement resumption", "PartialEncryptedExtensionsWithServerHello": "client: TODO prevent overlap SH and EE exts", "WrongMessageType-*": "client: TODO expected different alert", "TrailingMessageData-*": "client: TODO expected different alert", "EncryptedExtensionsWithKeyShare": "client: TODO reject invalid extension", "EmptyEncryptedExtensions": "client: TODO require non-empty EE", "TLS13-*PSKIdentity": "client: TODO", "TLS13-ClientSkipCertificateVerify": "client: TODO implement client certs", "CheckRecordVersion-*": "client: enforce record version", "GarbageCertificate-Client-*": "client: TODO implement client certs", "OmitExtensions-ServerHello-*": "client: N/A, we always send status_request and SCT", "EmptyExtensions-ServerHello-*": "client: N/A, we always send status_request and SCT", "ECDSAKeyUsage-*": "client: TODO reject cert with invalid KU", "*V2ClientHello*": "Unsupported version", "*SSL3*": "Unsupported version", "*SSLv3*": "Unsupported version" } }