summaryrefslogtreecommitdiff
path: root/tests/suite/tls-fuzzer/gnutls-nocert.json
blob: 2e3c6df36b09a11a52a81280bc989e324ff97858 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

[
    {"server_command": ["@SERVER@", "--http",
                 "--x509keyfile", "tests/serverX509Key.pem",
                 "--x509certfile", "tests/serverX509Cert.pem",
                 "--x509keyfile", "../../../certs/ecc256.pem",
                 "--x509certfile", "../../../certs/cert-ecc256.pem",
                 "--debug=3",
                 "--priority=@PRIORITY@",
                 "--disable-client-cert", "--port=@PORT@"],
     "tests" : [
         {"name" : "test-ecdsa-sig-flexibility.py"},
         {"name" : "test-ocsp-stapling.py",
          "arguments" : ["--no-status"] },
         {"name" : "test-encrypt-then-mac-renegotiation.py",
          "comment" : "we are not strict in EtM required behavior in renegotiation",
          "arguments" : ["-e", "Encrypt-then-MAC renegotiation crash"]},
         {"name" : "test-cve-2016-7054.py",
          "arguments" : ["-e", "sanity"]},
         {"name" : "test-cve-2016-6309.py"},
         {"name" : "test-invalid-server-name-extension.py",
          "comment" : "we don't parse past the first valid name, and we don't validate input received",
          "arguments" : ["-e", "SNI name with UTF-8",
          "-e", "multiple host_names in SNI, RFC 6066 compliance",
          "-e", "incorrect SNI"]},
         {"name" : "test-invalid-server-name-extension-resumption.py",
          "comment" : "we don't follow the RFC precisely on SNI resumption, we cache the SNI and ignore the extensions",
          "arguments" : ["-e", "Sanity check, bad SNI",
          "-e", "session resume with different SNI",
          "-e", "session resume with malformed SNI"]},
         {"name" : "test-chacha20.py"},
         {"name" : "test-aes-gcm-nonces.py" },
         {"name" : "test-atypical-padding.py" },
         {"name" : "test-bleichenbacher-workaround.py" },
         {"name" : "test-clienthello-md5.py"},
         {"name" : "test-client-compatibility.py"},
         {"name" : "test-conversation.py"},
	 {"name" : "test-client-hello-max-size.py",
	  "comment" : "FIXME: we fail with: Handshake buffer length is 131400 (max: 131072)",
	  "arguments" : ["-e", "max client hello"]},
	 {"name" : "test-atypical-padding.py" },
	 {"name" : "test-ffdhe-negotiation.py" ,
	  "comment" : ["Check if DHE preferred: we don't prefer DHE over RSA if RSA is preferred by peer",
	  "ffdhe6144: we don't support that group"],
	  "arguments" : ["-e", "ffdhe6144 negotiation",
	  "-e", "tolerate ECC curve in groups without ECC cipher, negotiate ffdhe6144 ",
	  "-e", "Check if DHE preferred",
	  "-e", "unassigned tolerance, ffdhe6144 negotiation"]},
         {"name" : "test-cve-2016-2107.py"},
         {"name" : "test-dhe-rsa-key-exchange.py"},
         {"name" : "test-dhe-rsa-key-exchange-signatures.py"},
         {"name" : "test-dhe-rsa-key-exchange-with-bad-messages.py"},
         {"name" : "test-early-application-data.py"},
         {"name" : "test-ecdhe-rsa-key-exchange.py"},
         {"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py"},
         {"name" : "test-empty-extensions.py"},
         {"name" : "test-export-ciphers-rejected.py",
          "comment" : "we negotiate AES even in SSL3.0",
          "arguments" : ["--ssl3"] },
         {"name" : "test-extensions.py"},
         {"name" : "test-extended-master-secret-extension.py",
          "comment" : "gnutls does not allow switching from EMS to no EMS, and w/ECDHE test is incomplete",
          "arguments" : ["-e", "renegotiate without EMS in session with EMS",
                         "-e", "EMS with session resume without extension"]},
         {"name" : "test-fallback-scsv.py"},
         {"name" : "test-fuzzed-ciphertext.py"},
         {"name" : "test-fuzzed-finished.py"},
         {"name" : "test-fuzzed-MAC.py"},
         {"name" : "test-fuzzed-padding.py"},
         {"name" : "test-hello-request-by-client.py"},
         {"name" : "test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py",
          "comment" : "gnutls doesn't support interleaved data with handshake",
          "exp_pass" : false},
         {"name" : "test-interleaved-application-data-in-renegotiation.py",
          "comment" : "gnutls doesn't support interleaved data with handshake",
          "exp_pass" : false},
         {"name" : "test-invalid-cipher-suites.py"},
         {"name" : "test-invalid-client-hello.py"},
         {"name" : "test-invalid-client-hello-w-record-overflow.py"},
         {"name" : "test-invalid-compression-methods.py"},
         {"name" : "test-invalid-content-type.py"},
         {"name" : "test-invalid-rsa-key-exchange-messages.py"},
         {"name" : "test-invalid-session-id.py"},
         {"name" : "test-invalid-version.py"},
         {"name" : "test-large-number-of-extensions.py"},
         {"name" : "test-message-duplication.py"},
         {"name" : "test-message-skipping.py"},
         {"name" : "test-ocsp-stapling.py",
          "comment" : "test requires OCSP setup",
          "exp_pass" : false},
         {"name" : "test-openssl-3712.py",
          "comment" : "gnutls doesn't support interleaved data with handshake",
          "exp_pass" : false},
         {"name" : "test-record-layer-fragmentation.py",
          "comment" : "FIXME: these need investigation",
          "arguments" : ["-e", "non fragmented, over fragmentation limit: 65535 fragment - 16332B extension",
                         "-e", "small, maximum fragmentation: 1 fragment - 20B extension",
                         "-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]},
         {"name" : "test-sessionID-resumption.py"},
         {"name" : "test-sig-algs.py",
          "comment" : "FIXME: these fail, but most likely due to tls-fuzzer issue",
          "arguments" : ["-e", "RSA-PSS only - fails in verify if server selects PSS",
                         "-e", "with RSA-PSS - fails in verify if server selects PSS"]},
         {"name" : "test-signature-algorithms.py",
          "comment" : "gnutls doesn't tolerate that much",
          "arguments" : ["-e", "tolerance max (32764) number of methods"]
         },
         {"name" : "test-sslv2-connection.py"},
         {"name" : "test-sslv2-force-cipher-3des.py"},
         {"name" : "test-sslv2-force-cipher-non3des.py"},
         {"name" : "test-sslv2-force-cipher.py"},
         {"name" : "test-sslv2-force-export-cipher.py"},
         {"name" : "test-sslv2hello-protocol.py"},
         {"name" : "test-SSLv3-padding.py",
                   "comment" : "we accept zero filled padding in SSLv3",
                   "exp_pass" : false},
         {"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py"},
         {"name" : "test-truncating-of-client-hello.py" },
         {"name" : "test-truncating-of-finished.py"},
         {"name" : "test-truncating-of-kRSA-client-key-exchange.py"},
         {"name" : "test-unsupported-cuve-fallback.py"},
         {"name" : "test-version-numbers.py"},
         {"name" : "test-zero-length-data.py"}
     ]
    }
]
View Lorry Controller Status