1570615 - Grease TLS

Status: RESOLVED FIXED

(NSS :: Libraries, enhancement, P1)

Description

[Martin Thomson [:mt:]]

As a client, send randomized versions, extensions, and other codepoints to ensure that they remain usable. The spec (see URL) is now stable.

This isn't high priority, but we might consider accepting a patch (or several, since there are multiple items that might be greased).

Comment 1

[Leander Schwarz]

Attachment: Bug 1570615: TLS GREASE (RFC8701) r?djackson

Comment 2

[Dennis Jackson]

Attachment: Bug 1570615: Add presence/absence tests for TLS GREASE. r=mt!

This patch adds tests to check that we correctly add GREASE codepoints in the permitted
locations (when enabled and using TLS1.3 or higher) and that we do not add any codepoints
if disabled or negotiating an earlier version of TLS. The tests check:

For ClientHello:

• 1 codepoint is added to ciphersuites, name groups, key share, sig algs, supported
  versions, psk exchange methods, ALPN.
• A 0-byte and a 1-byte GREASE extension is added.

For CertificateRequests:

• 1 codepoint is added to the sig alg extension.
• 1 0-byte GREASE extension is added.

For NewSessionTicket:

• 1 1-byte GREASE extension is added.

Depends on D169620

Comment 3

[Dennis Jackson]

Attachment: Bug 1570615: Add interop tests for HRR and PSK to GREASE suite. r=mt!

Depends on D169621

Comment 4

[Dennis Jackson]

https://hg.mozilla.org/projects/nss/rev/fff0572d719cad7f1d073152dd0396df7356ed37
https://hg.mozilla.org/projects/nss/rev/b5fc79e1609b0b08ed764ab2257cb4e259fcd85f
https://hg.mozilla.org/projects/nss/rev/34169c34776e6b879e87f46cca151a154cba64bc
https://hg.mozilla.org/projects/nss/rev/247c130c1af8151efee0176754b6e841f046fa20