[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] client-side TLS 1.2 support
From: |
Simon Josefsson |
Subject: |
Re: [PATCH] client-side TLS 1.2 support |
Date: |
Mon, 31 Aug 2009 15:33:54 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) |
Daiki Ueno <address@hidden> writes:
>>>>>> In <address@hidden>
>>>>>> Simon Josefsson <address@hidden> wrote:
>> Daiki Ueno <address@hidden> writes:
>
>> >> Finishing the TLS 1.2 support and adding the new cipher suites is a
>> >> high-priority task and it shouldn't be too difficult since there are TLS
>> >> 1.2 test servers out there to test with.
>> >
>> > Thanks for the hint. I'll check which features of TLS 1.2 are not
>> > implemented. Adding HMAC-SHA256 cipher suites looks one thing to do.
>
>> Actually TLS 1.2 is not working in GnuTLS now, the drafts changed how
>> the negotiation worked after I implemented it and I never found time to
>> update it to support the protocol defined by the final RFC.
>
> I just realized it ;-)
>
> I'm attaching a set of patches to provide minimal fix for client side
> TLS 1.2 support. I've confirmed them working against Mike's test
> server:
>
> $ gnutls-cli --debug 10 --protocols TLS1.2 -p 443 www.mikestoolbox.net
Confirmed, also working against
https://tls.woodgrovebank.com/
Before we enable TLS 1.2 by default, I think what is missing are:
* Check server-side TLS 1.2
* Add SHA-2 ciphersuites
* Add self-test of TLS 1.2 ciphers/features
/Simon
- Poll: What do you want to see implemented in GnuTLS next?, (continued)
- Poll: What do you want to see implemented in GnuTLS next?, Simon Josefsson, 2009/08/27
- [PATCH] client-side TLS 1.2 support, Daiki Ueno, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Daiki Ueno, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Daiki Ueno, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Daiki Ueno, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support,
Simon Josefsson <=
- [PATCH] add SHA-2 ciphersuites, Daiki Ueno, 2009/08/31