* [9fans] tls and iphones and ios9 (sigh) @ 2015-09-17 14:33 Steve Simon 2015-09-17 15:42 ` Jeff Sickel ` (2 more replies) 0 siblings, 3 replies; 13+ messages in thread From: Steve Simon @ 2015-09-17 14:33 UTC (permalink / raw) To: 9fans I upgraded my iphone to ios9 and now cannot access my email on plan9 - no sniggering at the back. It seems apple require 1024bit keys for Diffe helman exchanges in TLS, and DH + RSA is no longer sypported at all. Primarly this is a warning to 9fans about the perils of ios9 and a vain hope that somone might be looking at modifying libsec. -Steve ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-17 14:33 [9fans] tls and iphones and ios9 (sigh) Steve Simon @ 2015-09-17 15:42 ` Jeff Sickel 2015-09-17 16:38 ` erik quanstrom 2015-09-18 3:19 ` Andrew Simmons 2015-09-18 11:10 ` cinap_lenrek 2 siblings, 1 reply; 13+ messages in thread From: Jeff Sickel @ 2015-09-17 15:42 UTC (permalink / raw) To: Fans of the OS Plan 9 from Bell Labs > On Sep 17, 2015, at 9:33 AM, Steve Simon <steve@quintile.net> wrote: > > I upgraded my iphone to ios9 and now cannot access my email on plan9 - > no sniggering at the back. > > It seems apple require 1024bit keys for Diffe helman exchanges in TLS, > and DH + RSA is no longer sypported at all. > > Primarly this is a warning to 9fans about the perils of ios9 > and a vain hope that somone might be looking at modifying libsec. > > -Steve > A good warning as OS X 10.11 will be using the same App Transport Security as iOS 9, both using TLS 1.2. Might be time to combover RFC 5246 and reconcile libsec and devtls. -jas ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-17 15:42 ` Jeff Sickel @ 2015-09-17 16:38 ` erik quanstrom 2015-09-17 17:46 ` Skip Tavakkolian 0 siblings, 1 reply; 13+ messages in thread From: erik quanstrom @ 2015-09-17 16:38 UTC (permalink / raw) To: Fans of the OS Plan 9 from Bell Labs combover. I see what you did there. - erik On Sep 17, 2015 8:42 AM, Jeff Sickel <jas@corpus-callosum.com> wrote: > > > > On Sep 17, 2015, at 9:33 AM, Steve Simon <steve@quintile.net> wrote: > > > > I upgraded my iphone to ios9 and now cannot access my email on plan9 - > > no sniggering at the back. > > > > It seems apple require 1024bit keys for Diffe helman exchanges in TLS, > > and DH + RSA is no longer sypported at all. > > > > Primarly this is a warning to 9fans about the perils of ios9 > > and a vain hope that somone might be looking at modifying libsec. > > > > -Steve > > > > A good warning as OS X 10.11 will be using the same App Transport Security > as iOS 9, both using TLS 1.2. > > Might be time to combover RFC 5246 and reconcile libsec and devtls. > > -jas > > > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-17 16:38 ` erik quanstrom @ 2015-09-17 17:46 ` Skip Tavakkolian 2015-09-17 19:47 ` Jeff Sickel 0 siblings, 1 reply; 13+ messages in thread From: Skip Tavakkolian @ 2015-09-17 17:46 UTC (permalink / raw) To: 9fans > combover. I see what you did there. ha! i can trump that... ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-17 17:46 ` Skip Tavakkolian @ 2015-09-17 19:47 ` Jeff Sickel 2015-09-18 2:27 ` erik quanstrom 0 siblings, 1 reply; 13+ messages in thread From: Jeff Sickel @ 2015-09-17 19:47 UTC (permalink / raw) To: Fans of the OS Plan 9 from Bell Labs > On Sep 17, 2015, at 12:46 PM, Skip Tavakkolian <9nut@9netics.com> wrote: > >> combover. I see what you did there. > > ha! i can trump that… There’s a direct correlation to length of hair and billable rate. ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-17 19:47 ` Jeff Sickel @ 2015-09-18 2:27 ` erik quanstrom 2015-09-18 8:28 ` Brantley Coile 0 siblings, 1 reply; 13+ messages in thread From: erik quanstrom @ 2015-09-18 2:27 UTC (permalink / raw) To: 9fans On Thu Sep 17 12:49:37 PDT 2015, jas@corpus-callosum.com wrote: > > > On Sep 17, 2015, at 12:46 PM, Skip Tavakkolian <9nut@9netics.com> wrote: > > > >> combover. I see what you did there. > > > > ha! i can trump that… > > There’s a direct correlation to length of hair and billable rate. lucky me. - erik ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-18 2:27 ` erik quanstrom @ 2015-09-18 8:28 ` Brantley Coile 2015-09-18 9:04 ` hiro 0 siblings, 1 reply; 13+ messages in thread From: Brantley Coile @ 2015-09-18 8:28 UTC (permalink / raw) To: Fans of the OS Plan 9 from Bell Labs And me, now. Ask jas. Sent from my iPad > On Sep 17, 2015, at 10:27 PM, erik quanstrom <quanstro@quanstro.net> wrote: > >> On Thu Sep 17 12:49:37 PDT 2015, jas@corpus-callosum.com wrote: >> >>>> On Sep 17, 2015, at 12:46 PM, Skip Tavakkolian <9nut@9netics.com> wrote: >>>> >>>> combover. I see what you did there. >>> >>> ha! i can trump that… >> >> There’s a direct correlation to length of hair and billable rate. > > lucky me. > > - erik > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-18 8:28 ` Brantley Coile @ 2015-09-18 9:04 ` hiro 0 siblings, 0 replies; 13+ messages in thread From: hiro @ 2015-09-18 9:04 UTC (permalink / raw) To: Fans of the OS Plan 9 from Bell Labs sigh ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-17 14:33 [9fans] tls and iphones and ios9 (sigh) Steve Simon 2015-09-17 15:42 ` Jeff Sickel @ 2015-09-18 3:19 ` Andrew Simmons 2015-09-18 9:51 ` Steve Simon 2015-09-18 11:10 ` cinap_lenrek 2 siblings, 1 reply; 13+ messages in thread From: Andrew Simmons @ 2015-09-18 3:19 UTC (permalink / raw) To: Fans of the OS Plan 9 from Bell Labs Such are my limitations, I’m not sure what you mean by "cannot access my email on plan9”. Email works fine for me on my obsolete iPad 4. > On Sep 18, 2015, at 2:33 am, Steve Simon <steve@quintile.net> wrote: > > I upgraded my iphone to ios9 and now cannot access my email on plan9 - > no sniggering at the back. > > It seems apple require 1024bit keys for Diffe helman exchanges in TLS, > and DH + RSA is no longer sypported at all. > > Primarly this is a warning to 9fans about the perils of ios9 > and a vain hope that somone might be looking at modifying libsec. > > -Steve > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-18 3:19 ` Andrew Simmons @ 2015-09-18 9:51 ` Steve Simon 0 siblings, 0 replies; 13+ messages in thread From: Steve Simon @ 2015-09-18 9:51 UTC (permalink / raw) To: 9fans Sorry for not being clear. The problem is with TLS, and how I noticed is I use imaps (imap4 over a TLS encrypted socket) to access my email which is stored on plan9. I can still access my email but only over an cleartext connection, but this is not wise on the internet these days. https and pop3s are probably similarly broken. -Steve ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-17 14:33 [9fans] tls and iphones and ios9 (sigh) Steve Simon 2015-09-17 15:42 ` Jeff Sickel 2015-09-18 3:19 ` Andrew Simmons @ 2015-09-18 11:10 ` cinap_lenrek 2015-09-18 13:01 ` erik quanstrom 2 siblings, 1 reply; 13+ messages in thread From: cinap_lenrek @ 2015-09-18 11:10 UTC (permalink / raw) To: 9fans so you need server side support for what cipher suits and protocol versions exactly? the work has been done in 9front libsec and devtls to support ecdhe and dhe and tls 1.2 on the *client* side at least. so you can start from there. whats missing is the signing and signature verification of the dh parameters. -- cinap ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-18 11:10 ` cinap_lenrek @ 2015-09-18 13:01 ` erik quanstrom 2015-09-18 13:32 ` cinap_lenrek 0 siblings, 1 reply; 13+ messages in thread From: erik quanstrom @ 2015-09-18 13:01 UTC (permalink / raw) To: 9fans On Fri Sep 18 06:01:44 PDT 2015, cinap_lenrek@felloff.net wrote: > so you need server side support for what cipher suits and protocol > versions exactly? > > the work has been done in 9front libsec and devtls to support ecdhe > and dhe and tls 1.2 on the *client* side at least. so you can start > from there. whats missing is the signing and signature verification > of the dh parameters. quite a bit of work that looks good. thanks. here are some current differences i've got. the - is your version. * i think aes_xts should take u32ints as this is defined in the standard. the assumption that ulong is 32 bits is suspect. * sorry for the ignorance, but why do we need ripemd160? ../../../include/libsec.h:396,403 - /mnt/term/sys/include/libsec.h:407,414 PEMChain*readcertchain(char *filename); /* aes_xts.c */ - int aes_xts_encrypt(ulong tweak[], ulong ecb[], vlong sectorNumber, uchar *input, uchar *output, ulong len) ; - int aes_xts_decrypt(ulong tweak[], ulong ecb[], vlong sectorNumber, uchar *input, uchar *output, ulong len); + int aes_xts_encrypt(u32int tweak[], u32int ecb[], vlong sectorNumber, uchar *input, uchar *output, usize len) ; + int aes_xts_decrypt(u32int tweak[], u32int ecb[], vlong sectorNumber, uchar *input, uchar *output, usize len); typedef struct ECpoint{ int inf; ../../../include/libsec.h:432,439 - /mnt/term/sys/include/libsec.h:443,448 void base58enc(uchar *, char *, int); int base58dec(char *, uchar *, int); - DigestState* ripemd160(uchar *, ulong, uchar *, DigestState *); - /* * Diffie-Hellman key exchange */ - erik ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [9fans] tls and iphones and ios9 (sigh) 2015-09-18 13:01 ` erik quanstrom @ 2015-09-18 13:32 ` cinap_lenrek 0 siblings, 0 replies; 13+ messages in thread From: cinap_lenrek @ 2015-09-18 13:32 UTC (permalink / raw) To: 9fans bitcoin. -- cinap ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2015-09-18 13:32 UTC | newest] Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-09-17 14:33 [9fans] tls and iphones and ios9 (sigh) Steve Simon 2015-09-17 15:42 ` Jeff Sickel 2015-09-17 16:38 ` erik quanstrom 2015-09-17 17:46 ` Skip Tavakkolian 2015-09-17 19:47 ` Jeff Sickel 2015-09-18 2:27 ` erik quanstrom 2015-09-18 8:28 ` Brantley Coile 2015-09-18 9:04 ` hiro 2015-09-18 3:19 ` Andrew Simmons 2015-09-18 9:51 ` Steve Simon 2015-09-18 11:10 ` cinap_lenrek 2015-09-18 13:01 ` erik quanstrom 2015-09-18 13:32 ` cinap_lenrek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).