selfserv and tstclnt on SNI

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

selfserv and tstclnt on SNI

John Jiang
Hi,
Using NSS 3.35.

It looks tstclnt always send SNI extension, even though no option "-a".
As for selfserv, I suppose it should have an option for configuring
multiple certificates (nicknames) for server side. But I don't find it.

In addition, option "-n" means rsa_nickname, but with my testing, it also
works with the nicknames for DSA and ECDSA certificates, though such
nicknames should use options -S and -e respectively.
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: selfserv and tstclnt on SNI

Martin Thomson
These sound like simple bugs.  Most are probably good first bugs for
someone looking to contribute.

On Thu, Feb 8, 2018 at 6:13 PM, John Jiang <[hidden email]> wrote:

> Hi,
> Using NSS 3.35.
>
> It looks tstclnt always send SNI extension, even though no option "-a".
> As for selfserv, I suppose it should have an option for configuring
> multiple certificates (nicknames) for server side. But I don't find it.
>
> In addition, option "-n" means rsa_nickname, but with my testing, it also
> works with the nicknames for DSA and ECDSA certificates, though such
> nicknames should use options -S and -e respectively.
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: selfserv and tstclnt on SNI

Franziskus Kiefer
Can you file bugs for the issues you found?

On Fri, Feb 9, 2018 at 1:50 AM, Martin Thomson <[hidden email]> wrote:

> These sound like simple bugs.  Most are probably good first bugs for
> someone looking to contribute.
>
> On Thu, Feb 8, 2018 at 6:13 PM, John Jiang <[hidden email]>
> wrote:
> > Hi,
> > Using NSS 3.35.
> >
> > It looks tstclnt always send SNI extension, even though no option "-a".
> > As for selfserv, I suppose it should have an option for configuring
> > multiple certificates (nicknames) for server side. But I don't find it.
> >
> > In addition, option "-n" means rsa_nickname, but with my testing, it also
> > works with the nicknames for DSA and ECDSA certificates, though such
> > nicknames should use options -S and -e respectively.
> > --
> > dev-tech-crypto mailing list
> > [hidden email]
> > https://lists.mozilla.org/listinfo/dev-tech-crypto
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: selfserv and tstclnt on SNI

John Jiang
Just filed issues:
https://bugzilla.mozilla.org/show_bug.cgi?id=1441764
https://bugzilla.mozilla.org/show_bug.cgi?id=1441767

2018-02-13 1:57 GMT+08:00 Franziskus Kiefer <[hidden email]>:

> Can you file bugs for the issues you found?
>
> On Fri, Feb 9, 2018 at 1:50 AM, Martin Thomson <[hidden email]> wrote:
>
> > These sound like simple bugs.  Most are probably good first bugs for
> > someone looking to contribute.
> >
> > On Thu, Feb 8, 2018 at 6:13 PM, John Jiang <[hidden email]>
> > wrote:
> > > Hi,
> > > Using NSS 3.35.
> > >
> > > It looks tstclnt always send SNI extension, even though no option "-a".
> > > As for selfserv, I suppose it should have an option for configuring
> > > multiple certificates (nicknames) for server side. But I don't find it.
> > >
> > > In addition, option "-n" means rsa_nickname, but with my testing, it
> also
> > > works with the nicknames for DSA and ECDSA certificates, though such
> > > nicknames should use options -S and -e respectively.
> > > --
> > > dev-tech-crypto mailing list
> > > [hidden email]
> > > https://lists.mozilla.org/listinfo/dev-tech-crypto
> > --
> > dev-tech-crypto mailing list
> > [hidden email]
> > https://lists.mozilla.org/listinfo/dev-tech-crypto
> >
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto