Re: Debug info on NSS tools

[John Jiang]

Just tried it, but looked not work.

$ export SSLDEBUG=1
$ export SSLTRACE=127
$ tstclnt -v ...
I didn't get more logs.

On Thu, Jan 3, 2019 at 3:46 PM Martin Thomson  wrote:

> Try exporting SSLTRACE=100.
>
> That might be too much detail, but lower numbers are still useful.  I find
> that 20-ish gets some fairly useful logging.
>
> On Thu, Jan 3, 2019 at 6:12 PM John Jiang 
> wrote:
>
> > Can NSS tools, like selfserv and tstclnt, output debug info?
> > My NSS binary is built with debug mode.
> >
> > I try to enable the debug logs for selfserv and tstclnt, but don't get
> any
> > useful option.
> > Option -v just outputs a bit more logs. That's not enough for me.
> > I wish the tools can output more details on TLS handshaking.
> > --
> > dev-tech-crypto mailing list
> > dev-tech-crypto@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/dev-tech-crypto
> >
> --
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly

[Alexander Venedioukhin (lists)]

Hello,

I'm implementing ESNI (encrypted SNI, current draft 02) server-side.
It works with Firefox 64.0 and Nightly 66.0a1 as expected, until the
server sends HelloRetryRequest during handshake. In latter case
Firefox responds with plain text SNI extension (same hostname) in
second ClientHello, instead of ESNI. Still, handshake successfully
finishes. Is it intended behavior?

Alexander Venedioukhin
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto