Re: s_server/s_client on checking middlebox compatibility

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 26/02/2019 06:22, John Jiang wrote:
> Is it possible to check if peer implements middlebox compatibility by
> s_server/s_client?
> It looks the test tools don't care this point.
> For example, if a server doesn't send change_cipher_spec after
> HelloRetryRequest, s_client still feels fine.That's not bad. But can I setup
> these tools to check middlebox compatibility?

By default s_server/s_client will have middlebox compatibility on. You can turn
it off using the option "-no_middlebox". There is no option to directly tell you
if an endpoint is using middlebox compatibility mode or not. You could figure it
out indirectly by using the "-debug" option. This shows you the raw data that is
being sent/received by the endpoints. Assuming TLSv1.3 has been negotiated then
a remote peer is using middlebox compatibility if you see a sequence like this
during the handshake:

read from 0x557afedffb60 [0x557afee057d3] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01                                    .....
read from 0x557afedffb60 [0x557afee057d8] (1 bytes => 1 (0x1))
0000 - 01


Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux