[openssl-dev] Known apps supporting tls max frag size extn
Hubert Kario
hkario at redhat.com
Mon Dec 4 19:09:49 UTC 2017
On Monday, 4 December 2017 13:43:32 CET Jitendra Lulla via openssl-dev wrote:
> Thanks Joey.
>
> And I found the url for listing a server's tls extensions here:
>
> http://possible.lv/tools/hb/?domain=yahoo.com
>
> Do you know how we can enable/test the extensions using firefox or any other
> browser?
Can't speak for other browsers, but for Firefox it is not possible - the
underlying library - NSS - does not expose API that allows addition of
arbitrary extensions.
in general, tests like these are usually performed either using modified
libraries or by using completely custom implementations of TLS
> --------------------------------------------
> On Mon, 12/4/17, Joey Yandle <xoloki at gmail.com> wrote:
>
> Subject: Re: [openssl-dev] Known apps supporting tls max frag size extn
> To: "Jitendra Lulla" <lullajd at yahoo.com>, openssl-dev at openssl.org
> Date: Monday, December 4, 2017, 5:13 AM
>
> > Also, I have lost the url of a website
>
> which used to analyze any given server ( eg www.yahoo.com)
> for its supporting various tls extensions. You provide the
> server url and it will display all the tls extns supported
> by that server. If you know of any such url, could you
> please help me with that also.
>
>
>
> openssl s_client has an
> argument -tlsextdebug:
>
> $
> openssl s_client -connect www.yahoo.com:443 -tlsextdebug
> CONNECTED(00000003)
> TLS server
> extension "renegotiation info" (id=65281),
> len=1
> 0001 - <SPACES/NULS>
> TLS server extension "EC point
> formats" (id=11), len=4
> 0000 - 03 00 01
> 02
> ....
> TLS server extension "session
> ticket" (id=35), len=0
> TLS server
> extension "heartbeat" (id=15), len=1
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20171204/daf6ddbb/attachment.sig>
More information about the openssl-dev
mailing list