[openssl-dev] OpenSSL Security Advisory
Hubert Kario
hkario at redhat.com
Wed Mar 2 14:21:45 UTC 2016
On Tuesday 01 March 2016 19:50:51 Nounou Dadoun wrote:
> I'm interested in your tlsfuzzer tool (of which this appears to be a
> part), is there a larger test suite available? Is there any
> documentation out there?
> Thanks again .. N
No, for now there isn't one. The plan is to have a full featured
"engine" for running reproducers like this one before working on writing
more detailed and comprehensive test cases, and later still, automated
generation of test cases (so that it really is a fuzzer for a TLS
protocol).
All documentation is on github, if you have questions feel free to mail
me or open tickets.
If you are interested in helping the project, I can for now only point
you to a project that implements the crypto itself, for later use in
tlsfuzzer, here:
https://github.com/tomato42/tlslite-ng/issues
As I'm not sure that the tlsfuzzer architecture is correct for task at
hand, for now I'm not asking for help on it directly, I'd prefer not to
have to throw away somebody else's months of work because the whole
approach of tlsfuzzer was incorrect...
That being said, I'm open for test ideas.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160302/3c520da8/attachment.sig>
More information about the openssl-dev
mailing list