Re: [PATCH] client-side TLS 1.2 support

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] client-side TLS 1.2 support

From:	Simon Josefsson
Subject:	Re: [PATCH] client-side TLS 1.2 support
Date:	Mon, 31 Aug 2009 15:33:54 +0200
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Daiki Ueno <address@hidden> writes:

>>>>>> In <address@hidden> 
>>>>>>  Simon Josefsson <address@hidden> wrote:
>> Daiki Ueno <address@hidden> writes:
>
>> >> Finishing the TLS 1.2 support and adding the new cipher suites is a
>> >> high-priority task and it shouldn't be too difficult since there are TLS
>> >> 1.2 test servers out there to test with.
>> >
>> > Thanks for the hint.  I'll check which features of TLS 1.2 are not
>> > implemented.  Adding HMAC-SHA256 cipher suites looks one thing to do.
>
>> Actually TLS 1.2 is not working in GnuTLS now, the drafts changed how
>> the negotiation worked after I implemented it and I never found time to
>> update it to support the protocol defined by the final RFC.
>
> I just realized it ;-)
>
> I'm attaching a set of patches to provide minimal fix for client side
> TLS 1.2 support.  I've confirmed them working against Mike's test
> server:
>
>  $ gnutls-cli --debug 10 --protocols TLS1.2 -p 443 www.mikestoolbox.net

Confirmed, also working against

https://tls.woodgrovebank.com/

Before we enable TLS 1.2 by default, I think what is missing are:

* Check server-side TLS 1.2
* Add SHA-2 ciphersuites
* Add self-test of TLS 1.2 ciphers/features

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Poll: What do you want to see implemented in GnuTLS next?, (continued)

Prev by Date: Re: [PATCH] client-side TLS 1.2 support
Next by Date: Re: Minor fixes for gnutls 2.9.4
Previous by thread: Re: [PATCH] client-side TLS 1.2 support
Next by thread: [PATCH] add SHA-2 ciphersuites
Index(es):
- Date
- Thread