[TLS] NSS server and Firefox client available for renegotiation interop testing

Daniel Veditz <dveditz@mozilla.com> Fri, 12 February 2010 20:47 UTC

Return-Path: <dveditz@mozilla.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 03B4D28C202 for <tls@core3.amsl.com>; Fri, 12 Feb 2010 12:47:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s5K33cMCwUl2 for <tls@core3.amsl.com>; Fri, 12 Feb 2010 12:47:22 -0800 (PST)
Received: from dm-mail03.mozilla.org (dm-mail03.mozilla.org [63.245.208.213]) by core3.amsl.com (Postfix) with ESMTP id F0B9928C1F3 for <tls@ietf.org>; Fri, 12 Feb 2010 12:47:21 -0800 (PST)
Received: from priam.local (dsl-63-249-106-178.dhcp.cruzio.com [63.249.106.178]) (Authenticated sender: dveditz@mozilla.com) by dm-mail03.mozilla.org (Postfix) with ESMTP id BA1124AEDD9 for <tls@ietf.org>; Fri, 12 Feb 2010 12:48:31 -0800 (PST)
Message-ID: <4B75BE97.2070500@mozilla.com>
Date: Fri, 12 Feb 2010 12:48:23 -0800
From: Daniel Veditz <dveditz@mozilla.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: tls@ietf.org
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: [TLS] NSS server and Firefox client available for renegotiation interop testing
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2010 20:47:23 -0000

Kai Engert of Red Hat has set up a server running NSS 3.12.6rc1 for
interoperability testing of the NSS implementation of the
renegotiation spec. Three different ports represent different
configuration settings sites might want to use depending on their
need to support unpatched clients and renegotiation.

https://ssltls.de/

There are also Firefox test builds that support the new spec. The
current default setting requires safe re-negotiation, but allows an
initial negotiation to an unpatched server. Preference settings can
make the client reject unsafe initial handshakes or merely strip the
SSL markings from the chrome and at some future point we'll be
turning those on, but initially the client will be fairly lenient.

We can't predict when this code will make it into a future Firefox
security update until after we get some interoperability testing,
but we're hoping sooner than later.

A page describing the client options is at
https://wiki.mozilla.org/Security:Renegotiation

Nightly test builds are at
https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/

Huge thanks to Nelson Bolyard for writing the NSS code, Robert
Relyea of Red Hat for picking up the baton from Nelson, and Kai
Engert who wrote the client integration code.

-Dan Veditz