Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gnutls/resumption-with-OpenSSL: Test extension #13

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

gnutls/resumption-with-OpenSSL: Test extension #13

wants to merge 1 commit into from

Conversation

mrc0mmand
Copy link
Member

This PR extends the gnutls/resumption-with-OpenSSL test with following:

  • Various combinations of KEX, MAC and PRF algorithms
  • Use the certgen library instead direct OpenSSL for cert operations
  • Resumption with client authentication, session IDs and tickets

Following scenarios are failing:

GNUTLS <-> OpenSSL [TLS_RSA_WITH_AES_128_CBC_SHA, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_RSA_WITH_AES_128_CBC_SHA, tls1_1, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_RSA_WITH_AES_256_CBC_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_RSA_WITH_AES_128_GCM_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_RSA_WITH_AES_256_GCM_SHA384, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, tls1_1, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_DSS_WITH_AES_128_CBC_SHA, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, tls1_1, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls1_2, sessionID, client auth]
GNUTLS <-> OpenSSL [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls1_2, sessionID, client auth]

In all these scenarios a new session is created instead of using a cached one. Also, TLS_DHE_DSS_WITH_AES_128_CBC_SHA with TLS 1.1 is failing because of unsupported DSA key length - see this comment for proposed solution.

@mrc0mmand mrc0mmand force-pushed the gnutls-resumption-with-openssl branch from f89c5c7 to a25be11 Compare March 11, 2017 18:51
@mrc0mmand mrc0mmand force-pushed the gnutls-resumption-with-openssl branch from a25be11 to c20cc2c Compare March 11, 2017 18:59
@mrc0mmand mrc0mmand added the WIP label Mar 12, 2017
@tomato42
Copy link
Member

what's the gnutls bug for it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
WIP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mrc0mmand @tomato42