On Tue, Jan 22, 2019 at 11:16 AM Aleksandar Lazic <al-hapr...@none.at> wrote:
> Agree that I get a 400 with this command.
> `echo 'K' | ./tool/bssl s_client -connect mail.google.com:443`

(Note that "K" on its own line does not send a KeyUpdate message with
BoringSSL's bssl tool. It just sends "K\n".)

> How does boringssl test if the KeyUpdate on a server works?

If you're asking how BoringSSL's internal tests exercise KeyUpdates
then we maintain a fork of Go's TLS stack that is extensively modified
to be able to generate a large variety of TLS patterns. That is used
to exercise KeyUpdates in a number of ways:



Adam Langley a...@imperialviolet.org https://www.imperialviolet.org

Reply via email to