Re: Debug info on NSS tools
I had read that page. In fact, SSLDEBUG and SSLTRACE were used in my last try. My NSS was built with "BUILD_OPT=0", so I supposed it is a debug build. How can I double-check this point? Thanks! On Sat, Jan 5, 2019 at 12:34 AM Kai Engert wrote: > Does this page help? > You might need a debug build (i.e. build yourself with debugging enabled). > > https://wiki.mozilla.org/NSS:Tracing > > Kai > > On 03.01.19 13:51, John Jiang wrote: > > Just tried it, but looked not work. > > > > $ export SSLDEBUG=1 > > $ export SSLTRACE=127 > > $ tstclnt -v ... > > I didn't get more logs. > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
Is this already implemented? [1] is not yet fixed and [2] does not work for me with current Nightly. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1494901 [2] https://www.cloudflare.com/ssl/encrypted-sni/ Am 04.01.19 um 17:13 schrieb Hubert Kario: > On Thursday, 3 January 2019 11:45:25 CET Alexander Venedioukhin (lists) wrote: >> Hello, >> >> I'm implementing ESNI (encrypted SNI, current draft 02) server-side. >> It works with Firefox 64.0 and Nightly 66.0a1 as expected, until the >> server sends HelloRetryRequest during handshake. In latter case >> Firefox responds with plain text SNI extension (same hostname) in >> second ClientHello, instead of ESNI. Still, handshake successfully >> finishes. Is it intended behavior? > > that sounds to me like a question to the IETF TLS mailing list > > signature.asc Description: OpenPGP digital signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Debug info on NSS tools
Does this page help? You might need a debug build (i.e. build yourself with debugging enabled). https://wiki.mozilla.org/NSS:Tracing Kai On 03.01.19 13:51, John Jiang wrote: > Just tried it, but looked not work. > > $ export SSLDEBUG=1 > $ export SSLTRACE=127 > $ tstclnt -v ... > I didn't get more logs. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: TLS ESNI and HelloRetryRequest in Firefox 64, Firefox Nightly
On Thursday, 3 January 2019 11:45:25 CET Alexander Venedioukhin (lists) wrote: > Hello, > > I'm implementing ESNI (encrypted SNI, current draft 02) server-side. > It works with Firefox 64.0 and Nightly 66.0a1 as expected, until the > server sends HelloRetryRequest during handshake. In latter case > Firefox responds with plain text SNI extension (same hostname) in > second ClientHello, instead of ESNI. Still, handshake successfully > finishes. Is it intended behavior? that sounds to me like a question to the IETF TLS mailing list -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic signature.asc Description: This is a digitally signed message part. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto