* [9front] devtls, libsec: removal of sslv3 support
@ 2021-10-24 16:37 kemal
0 siblings, 0 replies; only message in thread
From: kemal @ 2021-10-24 16:37 UTC (permalink / raw)
To: 9front
> looks good to me, but we need a regression test for this
> as manual review turns out not to be good enougth as
> last time, your refactoring added an assert which broke
> all of tls 1.0 prf and nobody noticed for months.
and i forgot to check for `ext != nil` in checkClientExtensions,
which broke clients without extensions. i agree that we need
a regression test, my code has probably a bug somewhere.
> do you have some openssl scripts handy to run ssl3 and tls1.0
> and tls1.1 servers and clients against these changes?
i don't, i will try to prepare some when i'm available, then post
the test results here.
> can anyone help you with this?
i'd appreciate help.
> on another note. your devtls and tlshand changes are unrelated
> to the topic at hand. maybe have a separate topic for this?
sure, changed the topic.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-10-24 16:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-24 16:37 [9front] devtls, libsec: removal of sslv3 support kemal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).