1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
[
{"server_command": ["@SERVER@", "--http",
"--x509keyfile", "tests/serverX509Key.pem",
"--x509certfile", "tests/serverX509Cert.pem",
"--x509keyfile", "../../../certs/ecc256.pem",
"--x509certfile", "../../../certs/cert-ecc256.pem",
"--debug=3",
"--priority=@PRIORITY@",
"--disable-client-cert", "--port=@PORT@"],
"tests" : [
{"name" : "test-large-hello.py",
"arguments" : [
"two ext, #80 61384 bytes",
"two ext, #80 12276 bytes",
"ciphers even 8199",
"ciphers odd 8090",
"multiple extensions 9212",
"multiple extensions 1",
"multiple extensions 16353",
"ext padding, 16130 bytes",
"ext padding, 65367 bytes"]},
{"name" : "test-large-hello.py",
"comment" : "These tests rely on fragmenting the first bytes of the handshake header. Gnutls is limited on that, and doesn't accept handshake header fragmentation.",
"arguments" :
["sanity check - fragmented",
"fragmented, padding ext 0 bytes",
"fragmented, padding ext 65354 bytes",
"fragmented, padding ext 16213 bytes"],
"exp_pass" : false},
{"name" : "test-ecdsa-sig-flexibility.py"},
{"name" : "test-ocsp-stapling.py",
"arguments" : ["--no-status"] },
{"name" : "test-encrypt-then-mac-renegotiation.py",
"comment" : "we are not strict in EtM required behavior in renegotiation",
"arguments" : ["-e", "Encrypt-then-MAC renegotiation crash"]},
{"name" : "test-x25519.py",
"comment" : "x448 is not supported",
"arguments" : ["-e", "all zero x448 key share",
"-e", "empty x448 key share",
"-e", "sanity - negotiate x448",
"-e", "too big x448 key share",
"-e", "too small x448 key share",
"-e", "x448 key share of \"1\""
]},
{"name" : "test-cve-2016-7054.py",
"arguments" : ["-e", "sanity"]},
{"name" : "test-cve-2016-6309.py"},
{"name" : "test-invalid-server-name-extension.py",
"comment" : "we don't parse past the first valid name, and we don't validate input received",
"arguments" : ["-e", "SNI name with UTF-8",
"-e", "multiple host_names in SNI, RFC 6066 compliance",
"-e", "incorrect SNI"]},
{"name" : "test-invalid-server-name-extension-resumption.py",
"comment" : "we don't follow the RFC precisely on SNI resumption, we cache the SNI and ignore the extensions",
"arguments" : ["-e", "Sanity check, bad SNI",
"-e", "session resume with different SNI",
"-e", "session resume with malformed SNI"]},
{"name" : "test-chacha20.py"},
{"name" : "test-aes-gcm-nonces.py" },
{"name" : "test-atypical-padding.py" },
{"name" : "test-bleichenbacher-workaround.py" },
{"name" : "test-clienthello-md5.py"},
{"name" : "test-client-compatibility.py"},
{"name" : "test-conversation.py"},
{"name" : "test-client-hello-max-size.py",
"comment" : "FIXME: we fail with: Handshake buffer length is 131400 (max: 131072)",
"arguments" : ["-e", "max client hello"]},
{"name" : "test-atypical-padding.py" },
{"name" : "test-ffdhe-negotiation.py" ,
"comment" : ["Check if DHE preferred: we don't prefer DHE over RSA if RSA is preferred by peer",
"ffdhe6144: we don't support that group"],
"arguments" : ["-e", "ffdhe6144 negotiation",
"-e", "tolerate ECC curve in groups without ECC cipher, negotiate ffdhe6144 ",
"-e", "Check if DHE preferred",
"-e", "unassigned tolerance, ffdhe6144 negotiation"]},
{"name" : "test-cve-2016-2107.py"},
{"name" : "test-dhe-rsa-key-exchange.py"},
{"name" : "test-dhe-rsa-key-exchange-signatures.py",
"comment" : "gnutls no longer allows sha224",
"arguments" : ["-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature",
"-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature",
"-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature",
"-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 sha224 signature",
"-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature"]
},
{"name" : "test-dhe-rsa-key-exchange-with-bad-messages.py"},
{"name" : "test-early-application-data.py"},
{"name" : "test-ecdhe-rsa-key-exchange.py"},
{"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py"},
{"name" : "test-empty-extensions.py"},
{"name" : "test-export-ciphers-rejected.py",
"comment" : "we negotiate AES even in SSL3.0",
"arguments" : ["--ssl3"] },
{"name" : "test-extensions.py"},
{"name" : "test-extended-master-secret-extension.py",
"comment" : "gnutls does not allow switching from EMS to no EMS, and w/ECDHE test is incomplete",
"arguments" : ["-e", "renegotiate without EMS in session with EMS",
"-e", "EMS with session resume without extension"]},
{"name" : "test-fallback-scsv.py"},
{"name" : "test-fuzzed-ciphertext.py"},
{"name" : "test-fuzzed-finished.py"},
{"name" : "test-fuzzed-MAC.py"},
{"name" : "test-fuzzed-padding.py"},
{"name" : "test-hello-request-by-client.py"},
{"name" : "test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py",
"comment" : "gnutls doesn't support interleaved data with handshake",
"exp_pass" : false},
{"name" : "test-interleaved-application-data-in-renegotiation.py",
"comment" : "gnutls doesn't support interleaved data with handshake",
"exp_pass" : false},
{"name" : "test-invalid-cipher-suites.py"},
{"name" : "test-invalid-client-hello.py"},
{"name" : "test-invalid-client-hello-w-record-overflow.py"},
{"name" : "test-invalid-compression-methods.py"},
{"name" : "test-invalid-content-type.py"},
{"name" : "test-invalid-rsa-key-exchange-messages.py"},
{"name" : "test-invalid-session-id.py"},
{"name" : "test-invalid-version.py"},
{"name" : "test-large-number-of-extensions.py"},
{"name" : "test-message-duplication.py"},
{"name" : "test-message-skipping.py"},
{"name" : "test-ocsp-stapling.py",
"comment" : "test requires OCSP setup",
"exp_pass" : false},
{"name" : "test-openssl-3712.py",
"comment" : "gnutls doesn't support interleaved data with handshake",
"exp_pass" : false},
{"name" : "test-record-layer-fragmentation.py",
"comment" : "These tests rely on fragmenting the first bytes of the handshake header. Gnutls is limited on that, and doesn't accept handshake header fragmentation.",
"arguments" : ["-e", "non fragmented, over fragmentation limit: 65535 fragment - 16332B extension",
"-e", "small, maximum fragmentation: 1 fragment - 20B extension",
"-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]},
{"name" : "test-sessionID-resumption.py"},
{"name" : "test-sig-algs.py",
"comment" : "FIXME: these fail, but most likely due to tls-fuzzer issue",
"arguments" : ["-e", "RSA-PSS only - fails in verify if server selects PSS",
"-e", "with RSA-PSS - fails in verify if server selects PSS"]},
{"name" : "test-signature-algorithms.py",
"comment" : "gnutls doesn't tolerate that much",
"arguments" : ["-e", "tolerance max (32764) number of methods"]
},
{"name" : "test-sslv2-connection.py"},
{"name" : "test-sslv2-force-cipher-3des.py"},
{"name" : "test-sslv2-force-cipher-non3des.py"},
{"name" : "test-sslv2-force-cipher.py"},
{"name" : "test-sslv2-force-export-cipher.py"},
{"name" : "test-sslv2hello-protocol.py"},
{"name" : "test-SSLv3-padding.py",
"comment" : "we accept zero filled padding in SSLv3",
"exp_pass" : false},
{"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py"},
{"name" : "test-truncating-of-client-hello.py" },
{"name" : "test-truncating-of-finished.py"},
{"name" : "test-truncating-of-kRSA-client-key-exchange.py"},
{"name" : "test-unsupported-cuve-fallback.py"},
{"name" : "test-version-numbers.py"},
{"name" : "test-zero-length-data.py"}
]
}
]
|
