support TLS_FALLBACK_SCSV in tstclnt and ssltap

RESOLVED FIXED in 3.17.3

Status

RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

3.17.1
3.17.3

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

For testing purposes, I've been asked to add a preference to tstclnt, which can be used to force sending of the TLS_FALLBACK_SCSV.

Attached patch implements that.

In addition it includes a change for ssltap, which allows it to print it as text when seen.
(Assignee)

Updated

4 years ago
Target Milestone: --- → 3.17.3
(Assignee)

Comment 1

4 years ago
Created attachment 8505638 [details] [diff] [review]
Patch v1
Assignee: nobody → kaie
Attachment #8505638 - Flags: review?(martin.thomson)

Updated

4 years ago
Attachment #8505638 - Flags: review?(martin.thomson) → review+
I should point out that the SCSV will be forced as a result of this; it's not going to be selectively on.  That means that it will appear for a TLS 1.2 handshake.  I think that's exactly the right thing here.

Comment 3

4 years ago
@Martin: Yes, we need to be able to force it with any version, to test if a server turns out to be intolerant to some future version of TLS, it will handle correctly a TLS1.2 with this SCSV.

@Kai: The patch is missing an update to the -help message
(Assignee)

Comment 4

4 years ago
Created attachment 8506355 [details] [diff] [review]
Help message Patch
Attachment #8506355 - Flags: review?(martin.thomson)
(Assignee)

Comment 5

4 years ago
Comment on attachment 8506355 [details] [diff] [review]
Help message Patch

(In reply to Hubert Kario from comment #3)
> @Kai: The patch is missing an update to the -help message

This additional patch adds it.

Updated

4 years ago
Attachment #8506355 - Flags: review?(martin.thomson) → review+
(Assignee)

Comment 6

4 years ago
https://hg.mozilla.org/projects/nss/rev/34baf87d485d
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
(Assignee)

Updated

4 years ago
Target Milestone: 3.17.3 → 3.18
(Assignee)

Updated

4 years ago
Target Milestone: 3.18 → 3.17.3
You need to log in before you can comment on or make changes to this bug.