Closed
Bug 511781
Opened 14 years ago
Closed 14 years ago
Add new TLS 1.2 cipher suites implemented in Windows 7 to ssltap
Categories
(NSS :: Tools, enhancement, P2)
NSS
Tools
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.5
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(1 file)
|
4.65 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
The attached patch adds the new TLS 1.2 cipher suites implemented in Windows 7 RC to ssltap. The new cipher suites are specified in the following RFCs: 0x00003C, 0x00003D, 0x000040, 0x00006A: RFC 5246 TLS 1.2 0x00C023 - 0x00C02C: RFC 5289 TLS ECC cipher suites with SHA-256/384 and AES GCM signature_algorithms: RFC 5246 TLS 1.2. See also http://www.iana.org/assignments/tls-extensiontype-values/ TLS 1.1 and TLS 1.2 are disabled by default in Windows 7 RC. If I enable them, ssltap with this patch shows that Internet Explorer sends the following ClientHello message. Note that OCSP stapling is supported: --> [ (173 bytes of 168) SSLRecord { [Thu Aug 20 16:20:42 2009] 0: 16 03 03 00 a8 | ..... type = 22 (handshake) version = { 3,3 } length = 168 (0xa8) handshake { 0: 01 00 00 a4 | .... type = 1 (client_hello) length = 164 (0x0000a4) ClientHelloV3 { client_version = {3, 3} random = {...} 0: 4a 8d da 4a 7e 63 d0 27 a9 17 28 b6 ed 27 2a bd | J..J~c.'..(..'*. 10: c6 29 72 e2 9c 91 8c c6 46 a5 f5 39 ea d3 db 16 | .)r.....F..9.... session ID = { length = 0 contents = {...} } cipher_suites[22] = { (0x003c) TLS/RSA/AES128-CBC/SHA256 (0x002f) TLS/RSA/AES128-CBC/SHA (0x003d) TLS/RSA/AES256-CBC/SHA256 (0x0035) TLS/RSA/AES256-CBC/SHA (0x0005) SSL3/RSA/RC4-128/SHA (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA (0xc027) TLS/ECDHE-RSA/AES128-CBC/SHA256 (0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA (0xc028) TLS/ECDHE-RSA/AES256-CBC/SHA384 (0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA (0xc023) TLS/ECDHE-ECDSA/AES128-CBC/SHA256 (0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA (0xc024) TLS/ECDHE-ECDSA/AES256-CBC/SHA384 (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA (0xc02b) TLS/ECDHE-ECDSA/AES128-GCM/SHA256 (0xc02c) TLS/ECDHE-ECDSA/AES256-GCM/SHA384 (0x0040) TLS/DHE-DSS/AES128-CBC/SHA256 (0x0032) TLS/DHE-DSS/AES128-CBC/SHA (0x006a) TLS/DHE-DSS/AES256-CBC/SHA256 (0x0038) TLS/DHE-DSS/AES256-CBC/SHA (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA (0x0004) SSL3/RSA/RC4-128/MD5 } compression[1] = { 00 } extensions[79] = { extension type server_name, length [28] = { <...snipped...> } extension type status_request, length [5] = { 0: 01 00 00 00 00 | ..... } extension type elliptic_curves, length [8] = { 0: 00 06 00 17 00 18 00 19 | ........ } extension type ec_point_formats, length [2] = { 0: 01 00 | .. } extension type signature_algorithms, length [16] = { 0: 00 0e 04 01 05 01 02 01 04 03 05 03 02 03 02 02 | ................ } } } } } ]
Attachment #395712 -
Flags: review?(nelson)
|
||
Comment 1•14 years ago
|
||
Comment on attachment 395712 [details] [diff] [review] Proposed patch r=nelson
Attachment #395712 -
Flags: review?(nelson) → review+
|
|
||
Updated•14 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.12.5
Version: unspecified → trunk
|
Assignee | |
Comment 2•14 years ago
|
||
I checked in the patch on the NSS trunk (NSS 3.12.5). Checking in ssltap.c; /cvsroot/mozilla/security/nss/cmd/ssltap/ssltap.c,v <-- ssltap.c new revision: 1.14; previous revision: 1.13 done
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•