<div dir="ltr">Thank you, Matt.<div><br></div><div>I actually am _not_ familiar with the spec. I was looking for some work on OpenSSL exactly because I want to know TLS better.</div><div><br></div><div>Your suggestion seems like a good start. It is pretty dense, but that was exactly what I was looking for.</div><div><br></div><div><span style="line-height:1.5">Thank you again.</span><br></div><div><br></div><div>-- Arrais</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Apr 4, 2017 at 2:10 PM Matt Caswell <<a href="mailto:matt@openssl.org">matt@openssl.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br class="gmail_msg">
<br class="gmail_msg">
On 04/04/17 15:34, Thiago Arrais wrote:<br class="gmail_msg">
> Hmmm... The Getting Started page talks about writing test cases.<br class="gmail_msg">
><br class="gmail_msg">
> It seems like a good start. Is there any area that needs special attention?<br class="gmail_msg">
<br class="gmail_msg">
Actually I have a suggestion for a fairly small self-contained piece of<br class="gmail_msg">
work suitable for a starting project.<br class="gmail_msg">
<br class="gmail_msg">
The spec has this requirement:<br class="gmail_msg">
<br class="gmail_msg">
As of TLS 1.3, servers are permitted to send the "supported_groups"<br class="gmail_msg">
extension to the client. If the server has a group it prefers to the<br class="gmail_msg">
ones in the "key_share" extension but is still willing to accept the<br class="gmail_msg">
ClientHello, it SHOULD send "supported_groups" to update the client's<br class="gmail_msg">
view of its preferences; this extension SHOULD contain all groups the<br class="gmail_msg">
server supports, regardless of whether they are currently supported<br class="gmail_msg">
by the client. Clients MUST NOT act upon any information found in<br class="gmail_msg">
"supported_groups" prior to successful completion of the handshake,<br class="gmail_msg">
but MAY use the information learned from a successfully completed<br class="gmail_msg">
handshake to change what groups they use in their "key_share"<br class="gmail_msg">
extension in subsequent connections.<br class="gmail_msg">
<br class="gmail_msg">
At the moment we only ever send supported_groups client -> server. Never<br class="gmail_msg">
server -> client. I wouldn't worry about the client acting on this<br class="gmail_msg">
information at this stage. Just start with the server sending it if the<br class="gmail_msg">
selected key_share is not for the most preferred group.<br class="gmail_msg">
<br class="gmail_msg">
Hint: you will need to look at ssl/statem/extensions.c and you will also<br class="gmail_msg">
need to add code to ssl/statem/extensions_srvr.c.<br class="gmail_msg">
<br class="gmail_msg">
I strongly suggest you spend some time looking at some other github pull<br class="gmail_msg">
requests to get a feel for how our submission and review process works,<br class="gmail_msg">
and the kind of review comments that come up. You should also<br class="gmail_msg">
familiarise yourself with our coding style:<br class="gmail_msg">
<br class="gmail_msg">
<a href="https://www.openssl.org/policies/codingstyle.html" rel="noreferrer" class="gmail_msg" target="_blank">https://www.openssl.org/policies/codingstyle.html</a><br class="gmail_msg">
<br class="gmail_msg">
All submissions should include tests. Adding something to<br class="gmail_msg">
test/recipes/70-test_tls13messages.t would probably be sufficient, i.e.<br class="gmail_msg">
a test to demonstrate that sending a preferred key_share results in no<br class="gmail_msg">
supported_groups extension in the EncryptedExtensions message, and then<br class="gmail_msg">
a test to demonstrate that sending an acceptable but non-preferred<br class="gmail_msg">
key_share results in the supported_groups extension being sent.<br class="gmail_msg">
<br class="gmail_msg">
If you are not already familiar with the TLSv1.3 spec then you will need<br class="gmail_msg">
to be. Make sure you read it through and gain a good understanding of it<br class="gmail_msg">
before you start.<br class="gmail_msg">
<br class="gmail_msg">
Matt<br class="gmail_msg">
--<br class="gmail_msg">
openssl-dev mailing list<br class="gmail_msg">
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-dev" rel="noreferrer" class="gmail_msg" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-dev</a><br class="gmail_msg">
</blockquote></div>