Am 09.01.2014 23:34, schrieb Daniel Stenberg: > Left to do is then to build curl with other TLS backends and try it > against https://www.howsmyssl.com/a/check to see if there are more > flaws in this style. >
WinSSL on Windows 7 SP1 looks okay: $ src/curl -v "https://www.howsmyssl.com/a/check"; * timeout on name lookup is not supported * Hostname was NOT found in DNS cache * Trying 54.245.96.51... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to www.howsmyssl.com (54.245.96.51) port 443 (#0) * schannel: SSL/TLS connection with www.howsmyssl.com port 443 (step 1/3) * schannel: checking server certificate revocation * schannel: sending initial handshake data: sending 130 bytes... * schannel: sent initial handshake data: sent 130 bytes * schannel: SSL/TLS connection with www.howsmyssl.com port 443 (step 2/3) * schannel: failed to receive handshake, need more data * schannel: SSL/TLS connection with www.howsmyssl.com port 443 (step 2/3) * schannel: encrypted data buffer: offset 47 length 4096 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* schannel: SSL/TLS connection with www.howsmyssl.com port 443 (step 2/3) * schannel: encrypted data buffer: offset 1452 length 4096 * schannel: received incomplete message, need more data * schannel: SSL/TLS connection with www.howsmyssl.com port 443 (step 2/3) * schannel: encrypted data buffer: offset 2904 length 4096 * schannel: received incomplete message, need more data * schannel: SSL/TLS connection with www.howsmyssl.com port 443 (step 2/3) * schannel: encrypted data buffer: offset 3302 length 4096 * schannel: sending next handshake data: sending 326 bytes... 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* schannel: SSL/TLS connection with www.howsmyssl.com port 443 (step 2/3) * schannel: encrypted data buffer: offset 59 length 4096 * schannel: SSL/TLS handshake complete * schannel: SSL/TLS connection with www.howsmyssl.com port 443 (step 3/3) * schannel: incremented credential handle refcount = 1 * schannel: stored credential handle in session cache > GET /a/check HTTP/1.1 > User-Agent: curl/7.34.1-DEV > Host: www.howsmyssl.com > Accept: */* > * schannel: client wants to read 16384 bytes * schannel: encrypted data buffer: offset 0 length 16384 * schannel: encrypted data got 991 * schannel: encrypted data buffer: offset 991 length 16384 * schannel: decrypted data length: 1 * schannel: decrypted data added: 1 * schannel: decrypted data cached: offset 1 length 16384 * schannel: encrypted data length: 954 * schannel: encrypted data cached: offset 954 length 16384 * schannel: decrypted data length: 890 * schannel: decrypted data added: 890 * schannel: decrypted data cached: offset 891 length 16384 * schannel: encrypted data length: 37 * schannel: encrypted data cached: offset 37 length 16384 * schannel: decrypted data buffer: offset 891 length 16384 * schannel: decrypted data returned 891 * schannel: decrypted data buffer: offset 0 length 16384 < HTTP/1.1 200 OK < Content-Length: 698 < Connection: close < Content-Type: application/json < Date: Sun, 12 Jan 2014 21:44:23 GMT < Strict-Transport-Security: max-age=631138519; includeSubdomains < { [data not shown] 100 698 100 698 0 0 331 0 0:00:02 0:00:02 --:--:-- 338{" given_cipher_suites":["TLS_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_256_CBC_S HA","TLS_RSA_WITH_RC4_128_SHA","TLS_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDHE_RSA_WI TH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_A ES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_DHE_DSS_WITH_AES_128 _CBC_SHA","TLS_DHE_DSS_WITH_AES_256_CBC_SHA","TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" ,"TLS_RSA_WITH_RC4_128_MD5"],"ephemeral_keys_supported":true,"session_ticket_sup ported":false,"tls_compression_supported":false,"unknown_cipher_suite_supported" :false,"beast_vuln":true,"able_to_detect_n_minus_one_splitting":true,"insecure_c ipher_suites":{},"tls_version":"TLS 1.0","rating":"Bad"} * Closing connection 0 * schannel: shutting down SSL/TLS connection with www.howsmyssl.com port 443 * schannel: clear security context handle * schannel: decremented credential handle refcount = 0 ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
