you
AGL
--
Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
From 39a7adab6c2583f7cf4bbe0c888c4131823d6500 Mon Sep 17 00:00:00 2001
From: Adam Langley
Date: Sun, 20 Jan 2019 12:59:20 -0800
Subject: [PATCH] Ignore post-handshake messages in TLS 1.3 and later.
TLS 1.3 remo
dle itself.
Cheers
AGL
--
Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
On Sun, Jan 20, 2019 at 3:04 PM Aleksandar Lazic wrote:
> which refers to
> https://www.openssl.org/docs/manmaster/man3/SSL_key_update.html
>
> instead of the suggested Patch?
The SSL_key_update function enqueues a KeyUpdate message to be sent.
The problem is that if a /client/ of HAProxy
iation is disabled by default in BoringSSL already. Also,
there's only the current version of BoringSSL so no need to wait for
any releases.)
Cheers
AGL
--
Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
helpful. So SSL_CTX_set_ciphersuites
might be a case where a #ifdef is the best answer. But we'll always
think about such things if asked.
(If you happen to know, I would be curious who is using BoringSSL with HAProxy.)
Cheers
AGL
--
Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
_write or so.
Cheers
AGL
--
Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
enSSL or BoringSSL).
Cheers
AGL
--
Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
exercise KeyUpdates in a number of ways:
https://boringssl.googlesource.com/boringssl/+/eadef4730e66f914d7b9cbb2f38ecf7989f992ed/ssl/test/runner/runner.go#2779
Cheers
AGL
--
Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
On Tue, Jan 22, 2019 at 10:54 AM Aleksandar Lazic wrote:
> Do have boringssl a similar tool like s_client?
BoringSSL builds tool/bssl (in the build directory), which is similar.
However it doesn't have any magic inputs that can trigger a KeyUpdate
message like OpenSSL's s_client.
Cheers
AGL
9 matches
Mail list logo
