On Sunday 20 September 2015 23:50:56 Cykesiopka wrote: > Hi, > > As part of my work on creating tests for > https://bugzilla.mozilla.org/show_bug.cgi?id=883674, I need some way > to control whether or not the NSS server sends the renegotiation > extension. > > My current idea is to add a debug only SSL_ option for this (I have no > interest in letting such an option be used in production). > Does this sound like a reasonable solution?
I don't know the code in question, but I'm afraid that it would be fairly invasive (i.e. couldn't be limited to just selfserv). Adding debug features to core parts of security software is also not a good idea (at least IMHO). Finally, this code would have to be built twice so that it could be actually tested with automated testing. now, putting a cap of the product developer: if you want to see what happens with a given TLS implementation or server when the other side doesn't meet its expectations, it should be fairly easy to extend tlsfuzzer[1] with this feature (pull requests more than welcome, and I actually do plan to work on this myself in November). 1 - https://github.com/tomato42/tlsfuzzer -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto