Known apps supporting tls max frag size extn

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Known apps supporting tls max frag size extn

OpenSSL - Dev mailing list
Hi,

Could anybody please help me in finding known standard apps ( eg browsers and servers) which support tls extension for maximum fragment size negotiation?


Also, I have lost the url of a website which used to analyze any given server ( eg www.yahoo.com) for its supporting various tls extensions. You provide the server url and it will display all the tls extns supported by that server.  If you know of any such url, could you please help me with that also.

Thanks
Jitendra
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: Known apps supporting tls max frag size extn

Joey Yandle-2
> Also, I have lost the url of a website which used to analyze any given server ( eg www.yahoo.com) for its supporting various tls extensions. You provide the server url and it will display all the tls extns supported by that server.  If you know of any such url, could you please help me with that also.
>

openssl s_client has an argument -tlsextdebug:

$ openssl s_client -connect www.yahoo.com:443 -tlsextdebug
CONNECTED(00000003)
TLS server extension "renegotiation info" (id=65281), len=1
0001 - <SPACES/NULS>
TLS server extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02                                       ....
TLS server extension "session ticket" (id=35), len=0
TLS server extension "heartbeat" (id=15), len=1



--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Known apps supporting tls max frag size extn

OpenSSL - Dev mailing list
In reply to this post by OpenSSL - Dev mailing list

Thanks Joey.

And I found the url for listing a server's tls extensions here:

http://possible.lv/tools/hb/?domain=yahoo.com

Do you know how we can enable/test the extensions using firefox or any other browser?

--------------------------------------------
On Mon, 12/4/17, Joey Yandle <[hidden email]> wrote:

 Subject: Re: [openssl-dev] Known apps supporting tls max frag size extn
 To: "Jitendra Lulla" <[hidden email]>, [hidden email]
 Date: Monday, December 4, 2017, 5:13 AM
 
 > Also, I have lost the url of a website
 which used to analyze any given server ( eg www.yahoo.com)
 for its supporting various tls extensions. You provide the
 server url and it will display all the tls extns supported
 by that server.  If you know of any such url, could you
 please help me with that also.
 >
 
 
 openssl s_client has an
 argument -tlsextdebug:
 
 $
 openssl s_client -connect www.yahoo.com:443 -tlsextdebug
 CONNECTED(00000003)
 TLS server
 extension "renegotiation info" (id=65281),
 len=1
 0001 - <SPACES/NULS>
 TLS server extension "EC point
 formats" (id=11), len=4
 0000 - 03 00 01
 02                                     
 ....
 TLS server extension "session
 ticket" (id=35), len=0
 TLS server
 extension "heartbeat" (id=15), len=1
 
 
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: Known apps supporting tls max frag size extn

Hubert Kario
On Monday, 4 December 2017 13:43:32 CET Jitendra Lulla via openssl-dev wrote:
> Thanks Joey.
>
> And I found the url for listing a server's tls extensions here:
>
> http://possible.lv/tools/hb/?domain=yahoo.com
>
> Do you know how we can enable/test the extensions using firefox or any other
> browser?

Can't speak for other browsers, but for Firefox it is not possible - the
underlying library - NSS - does not expose API that allows addition of
arbitrary extensions.

in general, tests like these are usually performed either using modified
libraries or by using completely custom implementations of TLS

> --------------------------------------------
> On Mon, 12/4/17, Joey Yandle <[hidden email]> wrote:
>
>  Subject: Re: [openssl-dev] Known apps supporting tls max frag size extn
>  To: "Jitendra Lulla" <[hidden email]>, [hidden email]
>  Date: Monday, December 4, 2017, 5:13 AM
>
>  > Also, I have lost the url of a website
>
>  which used to analyze any given server ( eg www.yahoo.com)
>  for its supporting various tls extensions. You provide the
>  server url and it will display all the tls extns supported
>  by that server.  If you know of any such url, could you
>  please help me with that also.
>
>
>
>  openssl s_client has an
>  argument -tlsextdebug:
>
>  $
>  openssl s_client -connect www.yahoo.com:443 -tlsextdebug
>  CONNECTED(00000003)
>  TLS server
>  extension "renegotiation info" (id=65281),
>  len=1
>  0001 - <SPACES/NULS>
>  TLS server extension "EC point
>  formats" (id=11), len=4
>  0000 - 03 00 01
>  02                                    
>  ....
>  TLS server extension "session
>  ticket" (id=35), len=0
>  TLS server
>  extension "heartbeat" (id=15), len=1

--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

signature.asc (849 bytes) Download Attachment