Grease TLS
Categories
(NSS :: Libraries, enhancement, P1)
Tracking
(Not tracked)
People
(Reporter: mt, Assigned: djackson)
References
(Depends on 1 open bug, Blocks 1 open bug, )
Details
Attachments
(3 files)
As a client, send randomized versions, extensions, and other codepoints to ensure that they remain usable. The spec (see URL) is now stable.
This isn't high priority, but we might consider accepting a patch (or several, since there are multiple items that might be greased).
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Comment 1•2 years ago
|
||
Updated•1 year ago
|
Assignee | ||
Comment 2•1 year ago
|
||
This patch adds tests to check that we correctly add GREASE codepoints in the permitted
locations (when enabled and using TLS1.3 or higher) and that we do not add any codepoints
if disabled or negotiating an earlier version of TLS. The tests check:
For ClientHello:
- 1 codepoint is added to ciphersuites, name groups, key share, sig algs, supported
versions, psk exchange methods, ALPN. - A 0-byte and a 1-byte GREASE extension is added.
For CertificateRequests:
- 1 codepoint is added to the sig alg extension.
- 1 0-byte GREASE extension is added.
For NewSessionTicket:
- 1 1-byte GREASE extension is added.
Depends on D169620
Assignee | ||
Comment 3•1 year ago
|
||
Depends on D169621
Assignee | ||
Updated•1 year ago
|
Assignee | ||
Comment 4•1 year ago
|
||
https://hg.mozilla.org/projects/nss/rev/fff0572d719cad7f1d073152dd0396df7356ed37
https://hg.mozilla.org/projects/nss/rev/b5fc79e1609b0b08ed764ab2257cb4e259fcd85f
https://hg.mozilla.org/projects/nss/rev/34169c34776e6b879e87f46cca151a154cba64bc
https://hg.mozilla.org/projects/nss/rev/247c130c1af8151efee0176754b6e841f046fa20
Description
•