nss/tests-data-adjust-for-policy.patch

102 lines
15 KiB
Diff
Raw Normal View History

diff -up ./tests/ssl/sslauth.txt.expected_result ./tests/ssl/sslauth.txt
--- ./tests/ssl/sslauth.txt.expected_result 2016-05-17 00:58:45.000000000 -0700
+++ ./tests/ssl/sslauth.txt 2016-05-28 15:21:11.800761721 -0700
@@ -14,12 +14,12 @@
noECC 254 -r_-r -w_nss_-n_none TLS Require client auth (client does not provide auth)
noECC 254 -r_-r -w_bogus_-n_TestUser TLS Require client auth (bad password)
noECC 0 -r_-r -w_nss_-n_TestUser_ TLS Require client auth (client auth)
- noECC 0 -r -V_:ssl3_-w_nss_-n_none SSL3 Request don't require client auth (client does not provide auth)
- noECC 0 -r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password)
- noECC 0 -r -V_:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth)
+ noECC 254 -r -V_:ssl3_-w_nss_-n_none SSL3 Request don't require client auth (client does not provide auth)
+ noECC 254 -r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password)
+ noECC 254 -r -V_:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth)
noECC 254 -r_-r -V_:ssl3_-w_nss_-n_none SSL3 Require client auth (client does not provide auth)
noECC 254 -r_-r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth (bad password)
- noECC 0 -r_-r -V_:ssl3_-n_TestUser_-w_nss SSL3 Require client auth (client auth)
+ noECC 254 -r_-r -V_:ssl3_-n_TestUser_-w_nss SSL3 Require client auth (client auth)
noECC 0 -r_-r_-r -V_ssl3:_-w_nss_-n_none TLS Request don't require client auth on 2nd hs (client does not provide auth)
noECC 0 -r_-r_-r -V_ssl3:_-w_bogus_-n_TestUser TLS Request don't require client auth on 2nd hs (bad password)
noECC 0 -r_-r_-r -V_ssl3:_-w_nss_-n_TestUser TLS Request don't require client auth on 2nd hs (client auth)
@@ -32,9 +32,9 @@
noECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_none TLS 1.0 Require client auth on 2nd hs (client does not provide auth)
noECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_bogus_-n_TestUser TLS 1.0 Require client auth on 2nd hs (bad password)
noECC 0 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser TLS 1.0 Require client auth on 2nd hs (client auth)
- noECC 0 -r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
- noECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
- noECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
+ noECC 254 -r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
+ noECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
+ noECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
noECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Require client auth on 2nd hs (client does not provide auth)
noECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password)
noECC 0 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth)
@@ -57,17 +57,17 @@
ECC 0 -r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec TLS 1.0 Request don't require client auth on 2nd hs (EC) (client auth)
ECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec TLS 1.0 Require client auth on 2nd hs (EC) (bad password)
ECC 0 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec_ TLS 1.0 Require client auth on 2nd hs (EC) (client auth)
- ECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
- ECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
+ ECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
+ ECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
ECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Require client auth on 2nd hs (EC) (bad password)
- ECC 0 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)
+ ECC 254 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)
#
# SNI Tests
#
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
- SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI
+ SNI 254 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI
SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
diff -up ./tests/ssl/sslpolicy.txt.expected_result ./tests/ssl/sslpolicy.txt
--- ./tests/ssl/sslpolicy.txt.expected_result 2016-05-17 00:58:45.000000000 -0700
+++ ./tests/ssl/sslpolicy.txt 2016-05-28 15:21:11.800761721 -0700
@@ -148,26 +148,26 @@
# Exp Enable Enable Cipher Config Policy Test Name
# Ret EC TLS
# turn on single cipher
- 0 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
- 0 noECC SSL3 d disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/cert-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
- 0 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
- 1 noECC SSL3 d disallow=all Disallow All Explicitly.
+# 0 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
+# 0 noECC SSL3 d disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/cert-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
+# 0 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
+# 1 noECC SSL3 d disallow=all Disallow All Explicitly.
# turn off signature only
- 1 noECC SSL3 d disallow=sha256 Disallow SHA256 Signatures Explicitly.
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow.
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly.
+# 1 noECC SSL3 d disallow=sha256 Disallow SHA256 Signatures Explicitly.
+# 1 noECC SSL3 d disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow.
+# 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly.
# turn off single cipher
- 1 noECC SSL3 d disallow=des-ede3-cbc Disallow Cipher Explicitly
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow.
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly.
+# 1 noECC SSL3 d disallow=des-ede3-cbc Disallow Cipher Explicitly
+# 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow.
+# 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly.
# turn off H-Mac
- 1 noECC SSL3 d disallow=hmac-sha1 Disallow HMAC Explicitly
- 1 noECC SSL3 d disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow.
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly.
+# 1 noECC SSL3 d disallow=hmac-sha1 Disallow HMAC Explicitly
+# 1 noECC SSL3 d disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow.
+# 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly.
# turn off key exchange
- 1 noECC SSL3 d disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly.
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow.
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchnage Signatures Implicitly.
+# 1 noECC SSL3 d disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly.
+# 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow.
+# 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchnage Signatures Implicitly.
# turn off version
1 noECC SSL3 d allow=tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Exlicitly
1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow.