<div dir="ltr"><div dir="ltr">I had tried TLS Fuzzer, and it worked for me.<br></div><div>I just wished that OpenSSL can do the similar things.<br><br></div><div>Thanks!<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 26, 2019 at 9:56 PM Hubert Kario <<a href="mailto:hkario@redhat.com">hkario@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Tuesday, 26 February 2019 07:22:52 CET John Jiang wrote:<br>
> Is it possible to check if peer implements middlebox compatibility by<br>
> s_server/s_client?<br>
> It looks the test tools don't care this point.<br>
> For example, if a server doesn't send change_cipher_spec after<br>
> HelloRetryRequest, s_client still feels fine.That's not bad. But can I<br>
> setup these tools to check middlebox compatibility?<br>
<br>
As Matt said, there's no human-readable output that shows that.<br>
<br>
tlsfuzzer does verify if the server sends ChangeCipherSpec and at what<br>
point in the connection (all scripts expect it right after ServerHello or<br>
right after HelloRetryRequest depending on connection).<br>
<br>
You can use<br>
<a href="https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-conversation.py" rel="noreferrer" target="_blank">https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-conversation.py</a><br>
<a href="https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-hrr.py" rel="noreferrer" target="_blank">https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-hrr.py</a><br>
and<br>
<a href="https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-session-resumption.py" rel="noreferrer" target="_blank">https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-session-resumption.py</a><br>
respectively to test regular handshake, one with HelloRetryRequest<br>
and one that performs session resumption.<br>
<br>
-- <br>
Regards,<br>
Hubert Kario<br>
Senior Quality Engineer, QE BaseOS Security team<br>
Web: <a href="http://www.cz.redhat.com" rel="noreferrer" target="_blank">www.cz.redhat.com</a><br>
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic</blockquote></div></div>