[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] client-side TLS 1.2 support

From: Simon Josefsson
Subject: Re: [PATCH] client-side TLS 1.2 support
Date: Mon, 31 Aug 2009 15:33:54 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Daiki Ueno <address@hidden> writes:

>>>>>> In <address@hidden> 
>>>>>>  Simon Josefsson <address@hidden> wrote:
>> Daiki Ueno <address@hidden> writes:
>> >> Finishing the TLS 1.2 support and adding the new cipher suites is a
>> >> high-priority task and it shouldn't be too difficult since there are TLS
>> >> 1.2 test servers out there to test with.
>> >
>> > Thanks for the hint.  I'll check which features of TLS 1.2 are not
>> > implemented.  Adding HMAC-SHA256 cipher suites looks one thing to do.
>> Actually TLS 1.2 is not working in GnuTLS now, the drafts changed how
>> the negotiation worked after I implemented it and I never found time to
>> update it to support the protocol defined by the final RFC.
> I just realized it ;-)
> I'm attaching a set of patches to provide minimal fix for client side
> TLS 1.2 support.  I've confirmed them working against Mike's test
> server:
>  $ gnutls-cli --debug 10 --protocols TLS1.2 -p 443

Confirmed, also working against

Before we enable TLS 1.2 by default, I think what is missing are:

* Check server-side TLS 1.2
* Add SHA-2 ciphersuites
* Add self-test of TLS 1.2 ciphers/features


reply via email to

[Prev in Thread] Current Thread [Next in Thread]