s_server/s_client on checking middlebox compatibility
john.sha.jiang at gmail.com
Wed Feb 27 02:24:38 UTC 2019
I had tried TLS Fuzzer, and it worked for me.
I just wished that OpenSSL can do the similar things.
On Tue, Feb 26, 2019 at 9:56 PM Hubert Kario <hkario at redhat.com> wrote:
> On Tuesday, 26 February 2019 07:22:52 CET John Jiang wrote:
> > Is it possible to check if peer implements middlebox compatibility by
> > s_server/s_client?
> > It looks the test tools don't care this point.
> > For example, if a server doesn't send change_cipher_spec after
> > HelloRetryRequest, s_client still feels fine.That's not bad. But can I
> > setup these tools to check middlebox compatibility?
> As Matt said, there's no human-readable output that shows that.
> tlsfuzzer does verify if the server sends ChangeCipherSpec and at what
> point in the connection (all scripts expect it right after ServerHello or
> right after HelloRetryRequest depending on connection).
> You can use
> respectively to test regular handshake, one with HelloRetryRequest
> and one that performs session resumption.
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users