Am 22.01.2019 um 20:30 schrieb Adam Langley: > On Tue, Jan 22, 2019 at 11:16 AM Aleksandar Lazic <al-hapr...@none.at> wrote: >> Agree that I get a 400 with this command. >> >> `echo 'K' | ./tool/bssl s_client -connect mail.google.com:443` > > (Note that "K" on its own line does not send a KeyUpdate message with > BoringSSL's bssl tool. It just sends "K\n".) > >> How does boringssl test if the KeyUpdate on a server works? > > If you're asking how BoringSSL's internal tests exercise KeyUpdates > then we maintain a fork of Go's TLS stack that is extensively modified > to be able to generate a large variety of TLS patterns. That is used > to exercise KeyUpdates in a number of ways: > https://boringssl.googlesource.com/boringssl/+/eadef4730e66f914d7b9cbb2f38ecf7989f992ed/ssl/test/runner/runner.go#2779
Thanks. Can it be reused to test a specific server like? ssl/test/runner/runner -test "KeyUpdate-ToServer" 127.0.0.1:8443 or should be a small c/go program be used for that test? > Cheers > > AGL Regards Aleks