Re: [TLS] TLS 1.2 test clients?
"Davies, Joshua" <Joshua.Davies@travelocity.com> Tue, 01 February 2011 14:44 UTC
Return-Path: <Joshua.Davies@travelocity.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 984253A6C11 for <tls@core3.amsl.com>; Tue, 1 Feb 2011 06:44:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mtd46f40ogXQ for <tls@core3.amsl.com>; Tue, 1 Feb 2011 06:44:04 -0800 (PST)
Received: from sgtulmg02-out.sabre.com (sgtulmg02-out.sabre.com [151.193.220.19]) by core3.amsl.com (Postfix) with ESMTP id E70263A6BED for <tls@ietf.org>; Tue, 1 Feb 2011 06:44:03 -0800 (PST)
X-ExtLoop1: From 10.12.97.30
X-IronPort-AV: E=Sophos;i="4.60,410,1291615200"; d="scan'208";a="812697737"
Received: from unknown (HELO SGTULMHP001.Global.ad.sabre.com) ([10.12.97.30]) by sgtulmg02-out.sabre.com with ESMTP/TLS/AES128-SHA; 01 Feb 2011 08:47:19 -0600
Received: from SGTULMMP004.Global.ad.sabre.com ([::1]) by SGTULMHP001.Global.ad.sabre.com ([::1]) with mapi; Tue, 1 Feb 2011 08:47:18 -0600
From: "Davies, Joshua" <Joshua.Davies@travelocity.com>
To: Xuelei Fan <Xuelei.Fan@oracle.com>, Paul Hoffman <paul.hoffman@vpnc.org>
Date: Tue, 01 Feb 2011 08:47:19 -0600
Thread-Topic: [TLS] TLS 1.2 test clients?
Thread-Index: AcvByheIwPNLjPCmSbqkm4CXZXVCzwAU5+b9
Message-ID: <B3C2DDD8A76699489B5EC9DC7029D6F70A42B3EA7E@SGTULMMP004.Global.ad.sabre.com>
References: <4D46E4D8.3090307@vpnc.org>,<4D478E3E.9050604@Oracle.COM>
In-Reply-To: <4D478E3E.9050604@Oracle.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.2 test clients?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2011 14:44:05 -0000
I wrote a sample TLS 1.2 client as a companion to a book - you can download the source from http://media.wiley.com/product_ancillary/16/04709204/DOWNLOAD/920411%20implementing_ssl_gcc.zip . The TLS 1.2 client is in the "after/ch9" directory; just run: $ make $ ./https https://whatever.com It's not especially robust (it will crash if you try to connect to a pre-TLS 1.2 server, for example), but you might find it useful for experimentation purposes if you want to change, for example, the PRF hash function or allow null cipher specs. ________________________________________ From: tls-bounces@ietf.org [tls-bounces@ietf.org] On Behalf Of Xuelei Fan [Xuelei.Fan@oracle.com] Sent: Monday, January 31, 2011 10:38 PM To: Paul Hoffman Cc: tls@ietf.org Subject: Re: [TLS] TLS 1.2 test clients? The recent JDK 7 snapshot releases support TLS 1.2 (see http://download.java.net/jdk7/). You're able to get and run the very simple sample code for simple HTTPS connections from http://download.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#HTTPSSample. If you run Java with "-Djavax.net.debug=all -Dhttps.protocols=TLSv1.2" options, you would be able to find the detailed debugging log for TLS/SSL handshaking. About the detained tech guides, please refer to http://download.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html. Xuelei Fan Java Platform, Oracle On 2/1/2011 12:35 AM, Paul Hoffman wrote: > Greetings again. I would like to test how servers react to a TLS > client that only does TLS 1.2. There are two browsers that can be put > into this state (IE under Win 7, and Opera), but neither give very > good diagnostics when a failure occurs. Further, Wireshark doesn't > give good dumps for TLS 1.2. > > Thus, if anyone here has a TLS 1.2 client that has reasonable > debugging of the TLS handshake and can do trivial HTTP (just send a > "GET /" and receive the response would be fine) after setting up a > tunnel, I'd greatly appreciate it. Also, if anyone has a Wireshark > plugin (?) that brings its TLS decoding up to 1.2, that would be great > as well. > > --Paul Hoffman, Director > --VPN Consortium > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.2 test clients? Paul Hoffman
- Re: [TLS] TLS 1.2 test clients? Adam Langley
- Re: [TLS] TLS 1.2 test clients? Simon Josefsson
- Re: [TLS] TLS 1.2 test clients? Xuelei Fan
- Re: [TLS] TLS 1.2 test clients? Davies, Joshua
- Re: [TLS] TLS 1.2 test clients? peter.robinson