1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
[
{"server_command": ["@SERVER@", "--http",
"--x509keyfile", "tests/serverX509Key.pem",
"--x509certfile", "tests/serverX509Cert.pem",
"--x509keyfile", "tests/serverRSAPSSKey.pem",
"--x509certfile", "tests/serverRSAPSSCert.pem",
"--x509keyfile", "../../../certs/ecc256.pem",
"--x509certfile", "../../../certs/cert-ecc256.pem",
"--debug=3",
"--httpdata=../http.dat",
"--priority=@PRIORITY@",
"--disable-client-cert", "--port=@PORT@"],
"server_hostname": "localhost",
"server_port": @PORT@,
"tests" : [
{"name" : "test-record-size-limit.py",
"comment" : "changed extension after HRR is not supported #617",
"arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024",
"--minimal-size", "512",
"-e", "change size in TLS 1.2 resumption",
"-e", "check if server accepts maximum size in TLS 1.0",
"-e", "check if server accepts maximum size in TLS 1.1",
"-e", "check if server accepts maximum size in TLS 1.2",
"-e", "check if server accepts minimal size in TLS 1.0",
"-e", "check if server accepts minimal size in TLS 1.1",
"-e", "check if server accepts minimal size in TLS 1.2",
"-e", "check interaction with sha256 prf",
"-e", "check interaction with sha384 prf",
"-e", "check server sent size in TLS 1.0",
"-e", "check server sent size in TLS 1.1",
"-e", "check server sent size in TLS 1.2",
"-e", "drop extension in TLS 1.2 resumption",
"-e", "modified extension in 2nd CH in HRR handshake",
"-e", "renegotiation with changed limit",
"-e", "renegotiation with dropped extension",
"-e", "added extension in 2nd CH in HRR handshake",
"-e", "check server sent size in TLS 1.0 with max_fragment_length",
"-e", "check server sent size in TLS 1.1 with max_fragment_length",
"-e", "check server sent size in TLS 1.2 with max_fragment_length",
"-e", "removed extension in 2nd CH in HRR handshake"] },
{"name" : "test-tls13-0rtt-garbage.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-ccs.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-crfg-curves.py",
"comment": "We do not support x448",
"arguments": ["-p", "@PORT@",
"-e", "empty x448 key share",
"-e", "sanity x448 with compression ansiX962_compressed_char2",
"-e", "sanity x448 with compression ansiX962_compressed_prime",
"-e", "sanity x448 with compression uncompressed",
"-e", "too big x448 key share",
"-e", "too small x448 key share",
"-e", "x448 key share of \"1\"",
"-e", "all zero x448 key share"]},
{"name" : "test-tls13-conversation.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-count-tickets.py",
"arguments": ["-p", "@PORT@", "-t", "2"]},
{"name" : "test-tls13-dhe-shared-secret-padding.py",
"comment": "We do not support x448",
"arguments": ["-p", "@PORT@",
"-e", "TLS 1.3 with x448",
"-n", "5"]},
{"name" : "test-tls13-empty-alert.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-ffdhe-sanity.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-finished.py",
"comment" : "the disabled tests timeout very often due to slow tls-fuzzer implementation",
"arguments": ["-p", "@PORT@", "-n", "5",
"-e", "padding - cipher TLS_AES_128_GCM_SHA256, pad_byte 0, pad_left 0, pad_right 16777183",
"-e", "padding - cipher TLS_AES_256_GCM_SHA384, pad_byte 0, pad_left 0, pad_right 16777167"]},
{"name" : "test-tls13-hrr.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-invalid-ciphers.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-keyshare-omitted.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-legacy-version.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-nociphers.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-pkcs-signature.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-record-padding.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-rsapss-signatures.py",
"arguments": ["-p", "@PORT@", "-b"]},
{"name" : "test-tls13-rsa-signatures.py",
"arguments": ["-p", "@PORT@", "-b"]},
{"name" : "test-tls13-session-resumption.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-serverhello-random.py",
"arguments": ["-p", "@PORT@",
"-e", "TLS 1.3 with x448"]},
{"name" : "test-tls13-signature-algorithms.py",
"comment" : "gnutls doesn't handle well duplicated signature algorithms; this is not an issue in practice",
"arguments": ["-p", "@PORT@",
"-e", "213 invalid schemes",
"-e", "2353 invalid schemes",
"-e", "8130 invalid schemes",
"-e", "23752 invalid schemes",
"-e", "32715 invalid schemes"]},
{"name" : "test-tls13-unrecognised-groups.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-version-negotiation.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-zero-length-data.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-downgrade-protection.py",
"comment" : "1/n-1 splitting in TLS 1.0 is not supported",
"arguments": ["-p", "@PORT@", "--server-max-protocol", "TLSv1.3",
"-e", "TLS 1.3 downgrade check for Protocol (3, 1)"]}
]
}
]
|
