Hi folks, BoringSSL has developed a test harness[1] that consists of a fork of Go’s crypto/tls package (recently dubbed “BoGo" at the Berlin hackathon) plus a test runner that allows BoGo to be run against the TLS stack under test. BoGo can be configured to behave in a number of unexpected ways that violate the TLS standard, thus enabling the testing of many scenarios that would be otherwise difficult to obtain with a standard stack. We (David Benjamin and Eric Rescorla) have been getting it to work with NSS and wanted to let others know in case they might find it useful.
This system was initially designed to work with BoringSSL, but in principle can be used with any stack. The portability is still a little rough, and we'll likely make changes as we get more experience here, but it has already been used to test NSS[2] and OpenSSL[3]. We've written up some notes at [4]. The test suite should be fairly extensive for DTLS and TLS 1.2 (giving around 75% line coverage in BoringSSL’s TLS code at last count). It tests TLS 1.3 as well, though those tests are still in progress. They track BoringSSL’s in-progress TLS 1.3 implementation. David and Eric [1] https://boringssl.googlesource.com/boringssl/+/master/ssl/test/ [2] https://hg.mozilla.org/projects/nss/file/tip/external_tests/nss_bogo_shim [3] https://github.com/google/openssl-tests [4] https://boringssl.googlesource.com/boringssl/+/master/ssl/test/PORTING.md
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
