Skip to content

gnutls/resumption-with-OpenSSL: Test extension#13

Open
mrc0mmand wants to merge 1 commit intomasterfrom
gnutls-resumption-with-openssl
Open

gnutls/resumption-with-OpenSSL: Test extension#13
mrc0mmand wants to merge 1 commit intomasterfrom
gnutls-resumption-with-openssl

Conversation

@mrc0mmand
Copy link
Member

@mrc0mmand mrc0mmand commented Mar 11, 2017

This PR extends the gnutls/resumption-with-OpenSSL test with following:

  • Various combinations of KEX, MAC and PRF algorithms
  • Use the certgen library instead direct OpenSSL for cert operations
  • Resumption with client authentication, session IDs and tickets

Following scenarios are failing:

GNUTLS <-> OpenSSL [TLS_RSA_WITH_AES_128_CBC_SHA, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_RSA_WITH_AES_128_CBC_SHA, tls1_1, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_RSA_WITH_AES_256_CBC_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_RSA_WITH_AES_128_GCM_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_RSA_WITH_AES_256_GCM_SHA384, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, tls1_1, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_DSS_WITH_AES_128_CBC_SHA, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, tls1_1, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls1_2, sessionID, client auth]

In all these scenarios a new session is created instead of using a cached one. Also, TLS_DHE_DSS_WITH_AES_128_CBC_SHA with TLS 1.1 is failing because of unsupported DSA key length - see this comment for proposed solution.

@mrc0mmand mrc0mmand force-pushed the gnutls-resumption-with-openssl branch from f89c5c7 to a25be11 Compare March 11, 2017 18:51
@mrc0mmand mrc0mmand force-pushed the gnutls-resumption-with-openssl branch from a25be11 to c20cc2c Compare March 11, 2017 18:59
@mrc0mmand mrc0mmand added the WIP label Mar 12, 2017
@tomato42
Copy link
Member

tomato42 commented Mar 22, 2017

what's the gnutls bug for it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

WIP

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mrc0mmand @tomato42