Hubert Kario writes:
>run _everything_ is not really possible as some tests actually require
>mutually exclusive server settings - e.g. some require the server not to ask
>for client certificate while others do
Ah, OK.
>finally, while I do look forward to any contributions (just ideas for tests
I'm actually surprised you mention the microsoft servers as being
version negotiation tolerant. They were the most prominent examples
of terminating the handshake if TLS 1.2 was offered to them (that
was much time before TLS 1.2 was implemented in browsers).
regards,
Nikos
- Original Messag
On Thursday 09 June 2016 05:48:15 Peter Gutmann wrote:
> Hubert Kario writes:
> >The first one is:
> >https://github.com/tomato42/tlsfuzzer
> >and aims to be a comprehensive test suite
>
> Very nice, just setting it up now. One minor request, it'd be useful
> to have a run-evening wrapper script
Hubert Kario writes:
>The first one is:
>https://github.com/tomato42/tlsfuzzer
>and aims to be a comprehensive test suite
Very nice, just setting it up now. One minor request, it'd be useful to have
a run-evening wrapper script that steps through each test reporting what's
happening, so first t
On Tuesday 07 June 2016 21:14:32 Andrei Popov wrote:
> Jumping to the end of the thread, it looks like this is an FTP issue
> that repros when TLS 1.2 is negotiated. Not a TLS version
> intolerance.
> The conclusion seems to be that
> https://support.microsoft.com/en-us/kb/253 resolves the issu
On Tuesday, June 07, 2016 05:08:00 pm David Benjamin wrote:
> On Tue, Jun 7, 2016 at 5:06 PM Yoav Nir wrote:
> > > On 7 Jun 2016, at 8:33 PM, Hubert Kario wrote:
> > > On Tuesday 07 June 2016 17:36:01 Yoav Nir wrote:
> > >> I’m not sure this helps.
> > >>
> > >> I’ve never installed a server that
[mailto:tls-boun...@ietf.org] On Behalf Of David Benjamin
Sent: Tuesday, June 7, 2016 2:08 PM
To: Yoav Nir ; Hubert Kario
Cc: tls@ietf.org
Subject: Re: [TLS] [FORGED] Re: no fallbacks please [was: Downgrade protection,
fallbacks, and server time]
On Tue, Jun 7, 2016 at 5:06 PM Yoav Nir
On Tue, Jun 7, 2016 at 5:06 PM Yoav Nir wrote:
>
> > On 7 Jun 2016, at 8:33 PM, Hubert Kario wrote:
> >
> > On Tuesday 07 June 2016 17:36:01 Yoav Nir wrote:
> >> I’m not sure this helps.
> >>
> >> I’ve never installed a server that is version intolerant. TLS stacks
> >> from OpenSSL, Microsoft,
> On 7 Jun 2016, at 8:33 PM, Hubert Kario wrote:
>
> On Tuesday 07 June 2016 17:36:01 Yoav Nir wrote:
>> I’m not sure this helps.
>>
>> I’ve never installed a server that is version intolerant. TLS stacks
>> from OpenSSL, Microsoft,
>
> are you sure about that Microsoft part?
>
> there is qui
On Tuesday 07 June 2016 17:36:01 Yoav Nir wrote:
> I’m not sure this helps.
>
> I’ve never installed a server that is version intolerant. TLS stacks
> from OpenSSL, Microsoft,
are you sure about that Microsoft part?
there is quite a long thread on the filezilla forums about TLS version
toleran
> On 7 Jun 2016, at 5:47 PM, Salz, Rich wrote:
>
>> I’m not sure this helps.
>
> I'm pretty sure it wouldn't help at all, for the reasons you list.
Which isn’t to say it’s not worth doing. I’d love to test my implementation
against a test suite rather than just making sure it’s working with
> I’m not sure this helps.
I'm pretty sure it wouldn't help at all, for the reasons you list.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
I’m not sure this helps.
I’ve never installed a server that is version intolerant. TLS stacks from
OpenSSL, Microsoft, Java, and most any implementation we can name have been
version tolerant forever. Certainly none of us can name any implementation that
at any point had a version out that was
On Tuesday 07 June 2016 10:22:20 Kyle Rose wrote:
> I'm a big fan of the idea of a very strict qualification suite, as
> well, to try to head off some of these problems before (faulty)
> implementations proliferate.
>
> Hackathon?
I have two approaches I'm working on, they are missing a nice inte
I'm a big fan of the idea of a very strict qualification suite, as well, to
try to head off some of these problems before (faulty) implementations
proliferate.
Hackathon?
Kyle
On Jun 7, 2016 2:00 AM, "Peter Gutmann" wrote:
> Dave Garrett writes:
>
> >Also, as with any new system, we now have t
Dave Garrett writes:
>Also, as with any new system, we now have the ability to loudly stress to TLS
>1.3+ implementers to not screw it up and test for future-proofing this time
>around.
I think that's the main contribution of a new mechanism, it doesn't really
matter whether it's communicated a
16 matches
Mail list logo
