1 files changed, 10 insertions, 64 deletions

diff --git a/security/nss/gtests/nss_bogo_shim/config.json b/security/nss/gtests/nss_bogo_shim/config.json
index 03f8754662..6dc155befa 100644
--- a/security/nss/gtests/nss_bogo_shim/config.json
+++ b/security/nss/gtests/nss_bogo_shim/config.json
@@ -1,69 +1,16 @@
 {
     "DisabledTests": {
         "### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"",
-        "SendWarningAlerts-Pass":"BoringSSL updated",
-        "SendBogusAlertType":"BoringSSL updated",
-        "SendEmptyRecords-Pass":"BoringSSL updated",
-        "ExtraCompressionMethods-TLS12":"BoringSSL updated",
-        "SendSNIWarningAlert":"BoringSSL updated",
-        "NoNullCompression-TLS12":"BoringSSL updated",
-        "InvalidCompressionMethod":"BoringSSL updated",
-        "SupportTicketsWithSessionID":"BoringSSL updated",
-        "NoSharedCipher":"BoringSSL updated",
-        "ServerHelloBogusCipher":"BoringSSL updated",
-        "ClientHelloVersionTooHigh":"BoringSSL updated",
-        "ServerAuth-SignatureType":"BoringSSL updated",
-        "ECDSACurveMismatch-Verify-TLS12":"BoringSSL updated",
-        "UnknownExtension-Client":"BoringSSL updated",
-        "UnofferedExtension-Client":"BoringSSL updated",
-        "SendClientVersion-RSA":"BoringSSL updated",
-        "SupportedCurves-ServerHello-TLS12":"BoringSSL updated",
-        "Basic-Client*Sync":"BoringSSL updated",
-        "Resume-Client-CipherMismatch":"BoringSSL updated",
-        "ClientAuth-SignatureType":"BoringSSL updated",
-        "Agree-Digest-Default":"BoringSSL updated",
-        "Basic-Server*Sync":"BoringSSL updated",
-        "ClientAuth-*-Sync":"BoringSSL updated",
-        "RSA-PSS-Default*":"BoringSSL updated",
-        "Renegotiate-Server-NoExt*":"BoringSSL updated",
-        "Downgrade-TLS12*":"BoringSSL updated",
-        "MaxCBCPadding":"BoringSSL updated",
-        "UnknownCipher":"BoringSSL updated",
-        "LargeMessage":"BoringSSL updated",
-        "NoCommonCurves":"BoringSSL updated",
-        "UnknownCurve":"BoringSSL updated",
-        "SessionTicketsDisabled*":"BoringSSL updated",
-        "BadFinished-*":"BoringSSL updated",
-        "ServerSkipCertificateVerify":"BoringSSL updated",
-        "*VersionTolerance":"BoringSSL updated",
-        "ConflictingVersionNegotiation*":"BoringSSL updated",
-        "Ed25519DefaultDisable*":"BoringSSL updated",
-        "*SHA1-Fallback*":"BoringSSL updated",
-        "ExtendedMasterSecret-NoToNo*":"BoringSSL updated",
-        "ServerNameExtensionClientMissing*":"BoringSSL updated",
-        "NoClientCertificate*":"BoringSSL updated",
-        "ServerCipherFilter*":"BoringSSL updated",
-        "*FallbackSCSV*":"BoringSSL updated",
-        "LooseInitialRecordVersion*":"BoringSSL updated",
-        "ALPNClient*":"BoringSSL updated",
-        "MinimumVersion*":"BoringSSL updated",
-        "VersionNegotiation*":"BoringSSL updated",
-        "*Client-ClientAuth*":"BoringSSL updated",
-        "*Server-ClientAuth*":"BoringSSL updated",
-        "NoExtendedMasterSecret*":"BoringSSL updated",
-        "PointFormat*":"BoringSSL updated",
-        "*Sync-SplitHandshakeRecords*":"BoringSSL updated",
-        "*Sync-PackHandshakeFlight*":"BoringSSL updated",
-        "TicketSessionIDLength*":"BoringSSL updated",
-        "*LargeRecord*":"BoringSSL updated",
-        "WrongMessageType-NewSessionTicket":"BoringSSL updated",
-        "WrongMessageType*Certificate*":"BoringSSL updated",
-        "WrongMessageType*Client*":"BoringSSL updated",
-        "WrongMessageType*Server*":"BoringSSL updated",
-        "WrongMessageType*DTLS":"BoringSSL updated",
-        "GarbageCertificate*":"BoringSSL updated",
-        "EmptyExtensions*":"BoringSSL updated",
-        "*OmitExtensions*":"BoringSSL updated",
+        "ServerBogusVersion":"Check that SH.legacy_version=TLS12 when the server picks TLS 1.3 (Bug 1443761)",
+        "DummyPQPadding-Server*":"Boring is testing a dummy PQ padding extension",
+        "VerifyPreferences-Enforced":"NSS sends alerts in response to errors in protected handshake messages in the clear",
+        "Draft-Downgrade-Server":"Boring implements a draft downgrade sentinel used for measurements.",
+        "FilterExtraAlgorithms":"NSS doesn't allow sending unsupported signature algorithms",
+        "SendBogusAlertType":"Unexpected TLS alerts should abort connections (Bug 1438263)",
+        "VerifyPreferences-Ed25519":"Add Ed25519 support (Bug 1325335)",
+        "Ed25519DefaultDisable*":"Add Ed25519 support (Bug 1325335)",
+        "ServerCipherFilter*":"Add Ed25519 support (Bug 1325335)",
+        "GarbageCertificate*":"Send bad_certificate alert when certificate parsing fails (Bug 1441565)",
         "SupportedVersionSelection-TLS12":"Should maybe reject TLS 1.2 in SH.supported_versions (Bug 1438266)",
         "*TLS13*":"(NSS=19, BoGo=18)",
         "*HelloRetryRequest*":"(NSS=19, BoGo=18)",
@@ -108,7 +55,6 @@
         "WrongMessageType-TLS13-ServerCertificateVerify":"nss updated/broken",
         "WrongMessageType-TLS13-ServerCertificate":"nss updated/broken",
         "WrongMessageType-TLS13-ServerFinished":"nss updated/broken",
-        "EncryptedExtensionsWithKeyShare":"nss updated/broken",
         "EmptyEncryptedExtensions":"nss updated/broken",
         "TrailingMessageData-*": "Bug 1304575",
         "DuplicateKeyShares":"Bug 1304578",