tests/suite/tls-fuzzer/gnutls-nocert.json


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

[
    {"server_command": ["@SERVER@", "--http",
                 "--x509keyfile", "tests/serverX509Key.pem",
                 "--x509certfile", "tests/serverX509Cert.pem",
                 "--x509keyfile", "../../../certs/ecc256.pem",
                 "--x509certfile", "../../../certs/cert-ecc256.pem",
                 "--debug=3",
                 "--priority=@PRIORITY@",
                 "--disable-client-cert", "--port=@PORT@"],
     "tests" : [
         {"name" : "test-ecdsa-sig-flexibility.py"},
         {"name" : "test-ocsp-stapling.py",
          "arguments" : ["--no-status"] },
         {"name" : "test-encrypt-then-mac-renegotiation.py",
          "comment" : "we are not strict in EtM required behavior in renegotiation",
          "arguments" : ["-e", "Encrypt-then-MAC renegotiation crash"]},
         {"name" : "test-x25519.py",
          "comment" : "x448 is not supported",
          "arguments" : ["-e", "all zero x448 key share",
          "-e", "empty x448 key share",
          "-e", "sanity - negotiate x448",
          "-e", "too big x448 key share",
          "-e", "too small x448 key share",
          "-e", "x448 key share of \"1\""
          ]},
         {"name" : "test-cve-2016-7054.py",
          "arguments" : ["-e", "sanity"]},
         {"name" : "test-cve-2016-6309.py"},
         {"name" : "test-invalid-server-name-extension.py",
          "comment" : "we don't parse past the first valid name, and we don't validate input received",
          "arguments" : ["-e", "SNI name with UTF-8",
          "-e", "multiple host_names in SNI, RFC 6066 compliance",
          "-e", "incorrect SNI"]},
         {"name" : "test-invalid-server-name-extension-resumption.py",
          "comment" : "we don't follow the RFC precisely on SNI resumption, we cache the SNI and ignore the extensions",
          "arguments" : ["-e", "Sanity check, bad SNI",
          "-e", "session resume with different SNI",
          "-e", "session resume with malformed SNI"]},
         {"name" : "test-chacha20.py"},
         {"name" : "test-aes-gcm-nonces.py" },
         {"name" : "test-atypical-padding.py" },
         {"name" : "test-bleichenbacher-workaround.py" },
         {"name" : "test-clienthello-md5.py"},
         {"name" : "test-client-compatibility.py"},
         {"name" : "test-conversation.py"},
	 {"name" : "test-client-hello-max-size.py",
	  "comment" : "FIXME: we fail with: Handshake buffer length is 131400 (max: 131072)",
	  "arguments" : ["-e", "max client hello"]},
	 {"name" : "test-atypical-padding.py" },
	 {"name" : "test-ffdhe-negotiation.py" ,
	  "comment" : ["Check if DHE preferred: we don't prefer DHE over RSA if RSA is preferred by peer",
	  "ffdhe6144: we don't support that group"],
	  "arguments" : ["-e", "ffdhe6144 negotiation",
	  "-e", "tolerate ECC curve in groups without ECC cipher, negotiate ffdhe6144 ",
	  "-e", "Check if DHE preferred",
	  "-e", "unassigned tolerance, ffdhe6144 negotiation"]},
         {"name" : "test-cve-2016-2107.py"},
         {"name" : "test-dhe-rsa-key-exchange.py"},
         {"name" : "test-dhe-rsa-key-exchange-signatures.py"},
         {"name" : "test-dhe-rsa-key-exchange-with-bad-messages.py"},
         {"name" : "test-early-application-data.py"},
         {"name" : "test-ecdhe-rsa-key-exchange.py"},
         {"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py"},
         {"name" : "test-empty-extensions.py"},
         {"name" : "test-export-ciphers-rejected.py",
          "comment" : "we negotiate AES even in SSL3.0",
          "arguments" : ["--ssl3"] },
         {"name" : "test-extensions.py"},
         {"name" : "test-extended-master-secret-extension.py",
          "comment" : "gnutls does not allow switching from EMS to no EMS, and w/ECDHE test is incomplete",
          "arguments" : ["-e", "renegotiate without EMS in session with EMS",
                         "-e", "EMS with session resume without extension"]},
         {"name" : "test-fallback-scsv.py"},
         {"name" : "test-fuzzed-ciphertext.py"},
         {"name" : "test-fuzzed-finished.py"},
         {"name" : "test-fuzzed-MAC.py"},
         {"name" : "test-fuzzed-padding.py"},
         {"name" : "test-hello-request-by-client.py"},
         {"name" : "test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py",
          "comment" : "gnutls doesn't support interleaved data with handshake",
          "exp_pass" : false},
         {"name" : "test-interleaved-application-data-in-renegotiation.py",
          "comment" : "gnutls doesn't support interleaved data with handshake",
          "exp_pass" : false},
         {"name" : "test-invalid-cipher-suites.py"},
         {"name" : "test-invalid-client-hello.py"},
         {"name" : "test-invalid-client-hello-w-record-overflow.py"},
         {"name" : "test-invalid-compression-methods.py"},
         {"name" : "test-invalid-content-type.py"},
         {"name" : "test-invalid-rsa-key-exchange-messages.py"},
         {"name" : "test-invalid-session-id.py"},
         {"name" : "test-invalid-version.py"},
         {"name" : "test-large-number-of-extensions.py"},
         {"name" : "test-message-duplication.py"},
         {"name" : "test-message-skipping.py"},
         {"name" : "test-ocsp-stapling.py",
          "comment" : "test requires OCSP setup",
          "exp_pass" : false},
         {"name" : "test-openssl-3712.py",
          "comment" : "gnutls doesn't support interleaved data with handshake",
          "exp_pass" : false},
         {"name" : "test-record-layer-fragmentation.py",
          "comment" : "FIXME: these need investigation",
          "arguments" : ["-e", "non fragmented, over fragmentation limit: 65535 fragment - 16332B extension",
                         "-e", "small, maximum fragmentation: 1 fragment - 20B extension",
                         "-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]},
         {"name" : "test-sessionID-resumption.py"},
         {"name" : "test-sig-algs.py",
          "comment" : "FIXME: these fail, but most likely due to tls-fuzzer issue",
          "arguments" : ["-e", "RSA-PSS only - fails in verify if server selects PSS",
                         "-e", "with RSA-PSS - fails in verify if server selects PSS"]},
         {"name" : "test-signature-algorithms.py",
          "comment" : "gnutls doesn't tolerate that much",
          "arguments" : ["-e", "tolerance max (32764) number of methods"]
         },
         {"name" : "test-sslv2-connection.py"},
         {"name" : "test-sslv2-force-cipher-3des.py"},
         {"name" : "test-sslv2-force-cipher-non3des.py"},
         {"name" : "test-sslv2-force-cipher.py"},
         {"name" : "test-sslv2-force-export-cipher.py"},
         {"name" : "test-sslv2hello-protocol.py"},
         {"name" : "test-SSLv3-padding.py",
                   "comment" : "we accept zero filled padding in SSLv3",
                   "exp_pass" : false},
         {"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py"},
         {"name" : "test-truncating-of-client-hello.py" },
         {"name" : "test-truncating-of-finished.py"},
         {"name" : "test-truncating-of-kRSA-client-key-exchange.py"},
         {"name" : "test-unsupported-cuve-fallback.py"},
         {"name" : "test-version-numbers.py"},
         {"name" : "test-zero-length-data.py"}
     ]
    }
]