[openssl-dev] Known apps supporting tls max frag size extn

Hubert Kario hkario at redhat.com
Mon Dec 4 19:09:49 UTC 2017 

On Monday, 4 December 2017 13:43:32 CET Jitendra Lulla via openssl-dev wrote:
> Thanks Joey.
> 
> And I found the url for listing a server's tls extensions here:
> 
> http://possible.lv/tools/hb/?domain=yahoo.com
> 
> Do you know how we can enable/test the extensions using firefox or any other
> browser?

Can't speak for other browsers, but for Firefox it is not possible - the 
underlying library - NSS - does not expose API that allows addition of 
arbitrary extensions.

in general, tests like these are usually performed either using modified 
libraries or by using completely custom implementations of TLS

> --------------------------------------------
> On Mon, 12/4/17, Joey Yandle <xoloki at gmail.com> wrote:
> 
>  Subject: Re: [openssl-dev] Known apps supporting tls max frag size extn
>  To: "Jitendra Lulla" <lullajd at yahoo.com>, openssl-dev at openssl.org
>  Date: Monday, December 4, 2017, 5:13 AM
> 
>  > Also, I have lost the url of a website
> 
>  which used to analyze any given server ( eg www.yahoo.com)
>  for its supporting various tls extensions. You provide the
>  server url and it will display all the tls extns supported
>  by that server.  If you know of any such url, could you
>  please help me with that also.
> 
> 
> 
>  openssl s_client has an
>  argument -tlsextdebug:
> 
>  $
>  openssl s_client -connect www.yahoo.com:443 -tlsextdebug
>  CONNECTED(00000003)
>  TLS server
>  extension "renegotiation info" (id=65281),
>  len=1
>  0001 - <SPACES/NULS>
>  TLS server extension "EC point
>  formats" (id=11), len=4
>  0000 - 03 00 01
>  02                                     
>  ....
>  TLS server extension "session
>  ticket" (id=35), len=0
>  TLS server
>  extension "heartbeat" (id=15), len=1


-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20171204/daf6ddbb/attachment.sig>

More information about the openssl-dev mailing list