Add support for testing TLS 1.3 #165
Comments
|
I've been thinking about this quite a bit, and I'm not sure we can get an openssl binary that supports both tls1.3 and sslv2 with all the intermediate patches @PeterMosmans used to maintain. Is it time to replace openssl and rewrite cipherscan to use tlslite-ng? |
|
feels like it... that's assuming that we want to duplicate as much functionality from current script as possible... if we're ok with not providing the ticket lifetimes and not performing full handshakes, then the situation is much simpler I think we will have to settle for not being able to gather session ticket lifetimes for more obscure ciphers like SEED or ARIA for some time, but not being able to do it for servers that have just ECDSA certificates is more painful |
|
how about using 1.0.2 from Peter and 1.1.1? |
|
because TLS 1.3 ciphers are not the only problem, there are also additions like ARIA that are compatible with TLS 1.2 and there are ciphers that were removed in OpenSSL 1.1.1, so by running the test twice with TLS 1.2, we may end up with two disjoint lists that you can't provide ordering for also, 1.0.2 will only get harder and harder to compile and run, so migrating from it is more future proof |
|
wrt to 1.0.2.: I agree moving away from seems future proof. But why should it get harder and harder to compile and run? Did you mean patch ? |
|
code bit rots compilers become more and more picky about code they will compile, new architectures are born that will not be supported by the openssl 1.0.2 build system making it impossible to compile on them |
|
The official end of LTS support is still ahead (12/2019). Will any compiler until then really dare to hiccup? |
|
I'm not saying that it's something that we have to worry happening "tomorrow", but if we manage to fully convert |
|
Great discussion... and not one that's easy to solve. |
|
the only way to show that a server does not support given protocol or cipher is to actually try making a connection with it, so we need something that can do SSLv2 protocol, TLS_RSA_EXP1024_* ciphers, etc. while it is efficient to reuse OpenSSL's code, their goals are different than ours (and for a good reason), so we will just continue to diverge oh, and actually, OpenSSL 1.1.1 will not be feature complete enough to scan TLS 1.3 servers running NSS or GnuTLS: openssl/openssl#6519 . Then there is the problem of detecting if the server is not running one of the draft versions of TLS 1.3... the tlslite-ng primary goal is to power tlsfuzzer, and it in turn has very similar goals to cipherscan – i.e. cipher or protocol termed "insecure" definitely will not be removed, exactly so that it can be used to verify that it doesn't work also, while it does look like duplication of effort, the effort itself is not large – adding session ticket support is about a day's work, ECDSA support is something like 2 days, fully supporting new cipher is usually like a day or two (not having to worry about performance or side-channels makes the implementation much easier) – problem is that while cipherscan is a hobby project for me, tlslite-ng is a work project, and I want to keep them separate... (workaholism and all that 😄 ) In work, my priority now is TLS 1.3 and maintenance, not plugging holes in TLS 1.2 support |
|
Small update: ECDSA is technically[1] supported in tlsllite-ng now: tlsfuzzer/tlslite-ng#359, tlsfuzzer/tlslite-ng#360 OpenSSL master also supports FFDHE now openssl/openssl#6519 1 - I'm saying "technically" as not the full checklist of features is addressed: tlsfuzzer/tlslite-ng#196 |
New version of protocol, new ciphers.
They are not controlled with the
-cipheroption but rather the-ciphersuitesoption in OpenSSL, so using OpenSSL 1.1.1 will likely give us wrong results.The text was updated successfully, but these errors were encountered: