Open Bug 1570535 Opened 6 years ago Updated 3 years ago

tstclnt should list more channel information

Categories

(NSS :: Tools, enhancement, P3)

Product:
NSS
Component:
Tools
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: mt, Unassigned)

References

Details

(Keywords: good-first-bug)

tstclnt currently displays some information about the socket when -v is passed.

tstclnt: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD MAC
tstclnt: Server Auth: 2048-bit RSA, Key Exchange: 256-bit ECDHE
         Compression: NULL, Extended Master Secret: No
         Signature Scheme: rsa_pkcs1_sha256

This could be more comprehensive. We no longer support compression, so displaying that isn't useful. However, we should look at the following attributes from SSLChannelInfo:

    PRUint16 protocolVersion;
    PRUint16 cipherSuite;
    PRUint32 authKeyBits;
    PRUint32 keaKeyBits;

    PRBool extendedMasterSecretUsed; // already there
    PRBool earlyDataAccepted;  // use with `resumed`

    SSLKEAType keaType;
    SSLNamedGroup keaGroup;
    SSLCipherAlgorithm symCipher; // implied by cipher suite
    SSLMACAlgorithm macAlgorithm; // implied by cipher suite
    SSLAuthType authType;
    SSLSignatureScheme signatureScheme; // already there

    SSLNamedGroup originalKeaGroup; // probably not needed for tstclnt
    PRBool resumed; // useful

    PRBool peerDelegCred;

Grouping these into a sensible shape is a little tricky, but I think that it's worth trying to produce something more usable than what we currently have.

Priority: -- → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.