[PATCH] client-side TLS 1.2 support

Daiki Ueno ueno at unixuser.org
Mon Aug 31 08:25:19 CEST 2009

>>>>> In <87fxbdjt8v.fsf_-_ at mocca.josefsson.org> 
>>>>>	Simon Josefsson <simon at josefsson.org> wrote:
> Daiki Ueno <ueno at unixuser.org> writes:

> >> Finishing the TLS 1.2 support and adding the new cipher suites is a
> >> high-priority task and it shouldn't be too difficult since there are TLS
> >> 1.2 test servers out there to test with.
> >
> > Thanks for the hint.  I'll check which features of TLS 1.2 are not
> > implemented.  Adding HMAC-SHA256 cipher suites looks one thing to do.

> Actually TLS 1.2 is not working in GnuTLS now, the drafts changed how
> the negotiation worked after I implemented it and I never found time to
> update it to support the protocol defined by the final RFC.

I just realized it ;-)

I'm attaching a set of patches to provide minimal fix for client side
TLS 1.2 support.  I've confirmed them working against Mike's test

 $ gnutls-cli --debug 10 --protocols TLS1.2 -p 443 www.mikestoolbox.net

> I don't expect finishing this would require major changes, so it would
> be a great contribution to finish the TLS 1.2 support.

While server-side support would require a bit more work, for the moment
I would like to ask for comments on my approach.  The patches mainly
follow the changes regarding SignatureAndHashAlgorithm usage.  Here is a
summary of each patch:

* 0001-Add-functions-for-TLS-signature-algorithm.patch

This patch adds helper functions which convert SignatureAndHashAlgorithm
value from/to `gnutls_sign_algorithm_t'.

* 0002-Respect-TLS-signature-algorithm-in-server-KX.patch

The signature of DH params in Server Key Exchange is now a
"digitally-signed" struct.  This patch makes it read the algorithm IDs
at the beginning of the actual signature bytes.

* 0003-Use-SHA256-for-PRF-if-TLS-1.2.patch

TLS 1.2 mandates that the algorithm for the basis of PRF is SHA256, and
the same algorithm is used for the hash over handshake messages (to be
used to verify Finished message).  This patch makes it use SHA256 in
both places.

* 0004-Fix-parsing-Certificate-Request-for-TLS-1.2.patch

This patch fixes a logic to skip supported_signature_algorithms in
Certificate Request, whose type seemes to have changed from the draft.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-functions-for-TLS-signature-algorithm.patch
Type: text/x-diff
Size: 4756 bytes
Desc: not available
URL: </pipermail/attachments/20090831/bfd59df5/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Respect-TLS-signature-algorithm-in-server-KX.patch
Type: text/x-diff
Size: 6862 bytes
Desc: not available
URL: </pipermail/attachments/20090831/bfd59df5/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Use-SHA256-for-PRF-if-TLS-1.2.patch
Type: text/x-diff
Size: 2953 bytes
Desc: not available
URL: </pipermail/attachments/20090831/bfd59df5/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Fix-parsing-Certificate-Request-for-TLS-1.2.patch
Type: text/x-diff
Size: 885 bytes
Desc: not available
URL: </pipermail/attachments/20090831/bfd59df5/attachment-0003.patch>
-------------- next part --------------

Daiki Ueno

More information about the Gnutls-devel mailing list