tlsfuzzer / tlslite-ng Goto Github PK
View Code? Open in Web Editor NEWTLS implementation in pure python, focused on interoperability testing
License: Other
tlslite-ng's People
Contributors
Stargazers
Watchers
Forkers
sandy7de kkaarreell the-mule ioef burntout petermosmans jbremer ffilipus lennyniu mildas almond29 squarooticus hvardhanx trustplane nmav akhait avargarh postlund ep69 ansasaki coderdqzhang lekensteyn ph4r05 abalkin egbertbouman vladikoff simo5 rtflynn erniusias rfk tom95br gsuberland inikolcev luandeveloperdeode aroldanz t184256 rajdroid jaimesaez97 frantisekkrenzelok tangjinxin11dev glzjin jromaing arthenica codeape2 ktzgraph johnshajiang txqischokezz mohamedalakhras ellamoskun vikieow arasuarun amitkr david-kooi-dsi christensenjairus jorgectf aarav22 howe2015 zanachka charxhit darkman66 yonatanbaum ethicalsecurity-agency sysfce2 sthen groupesperlos karimherfat masoumehhajalizadeh mohammadnjfi72 irangardi197 gstarovo pinkforest scantist-ossops-m2 odinmylord georgepantelakis fosanzdevtlslite-ng's Issues
OCSP stapling support
Add support for HKDF algorithm
Add support for the HMAC-based Extract-and-Expand key Derivation Function from RFC 5869
- test coverage for HMAC methods (
HMAC_MD5,HMAC_SHA1,HMAC_SHA256,HMAC_SHA384) - universal HMAC method (like
secureHash), convert old methods to it -
HKDF_expandfunction with test vectors
Don't advertise RC4 by default
RC4 is not secure, it should not be used unless explicitly selected by user.
Switch from epydoc documentation format
Since epydoc is mostly abandoned now, and we use relative imports, which in turn require a patched version of epydoc.
All of this makes setup for contributing harder.
Add support for ECDHE key exchange
add ECDHE_RSA ChaCha20 ciphersuites
now that ECDHE_RSA is implemented, we can add support for more ChaCha20 ciphersuites
implement PSK key exchange
Add support for TLS 1.0 up to TLS 1.2 ciphersuites that use Pre-Shared Key
Update implementation of ChaCha20 to newest draft
https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-03 uses different mechanisms and different cipher points than the -00 we have implemented.
Add support for the RSA-PSS signature algortihm
Add support for the RSASSA-PSS with MGF1 signature algorithm from RFC 3447
Add CI on Windows
Add continous integration on windows using http://www.appveyor.com/
Add support for DHE group negotiation
add support for negotiating FFDHE parameters from RFC 7919
implement AES-256-GCM ciphersuites
add support for ciphersuites that use SHA384 PRF and/or HMAC
Testing on PyPy
It looks like all unittests pass on pypy (Python 2.7) so it would be useful to add testing of it to Travis CI, we could then make support for it official.
SRP_SHA_RSA are incorrect in TLSv1.2 mode
The signature made on parameters doesn't follow TLSv1.2 format, as such the ServerKeyExchange for those ciphers is invalid and not interoperable.
Add CI on Mac OSX
The travis-ci functionality to run tests on OSX is open to public now. Configure .travis.yml to actually use it.
See: https://docs.travis-ci.com/user/osx-ci-environment/ for configuration.
Add tests for IPv6/Enable IPv6 support
Support for IPv6 is not certain, having test cases verifying it with all the high level APIs is needed.
Some methods, like _isIP in tlslite/integration/clienthelper.py will certainly need fixing.
Make constanttime module tests faster
Currently the test_tlslite_utils_constanttime.py is running assertions against a large set of possible inputs, causing those tests to dominate overall unit test time.
The tests should be updated to use the hypothesis module for unit testing.
Support for Camellia ciphers
Cleanup Parser
tlslite.utils.codec.Parser uses the SyntaxError exception in case the received data can't be parsed as requested.
This is problematic, as the same exception is raised by the runtime environment when there are syntax errors in running code. So a typo in low level code is easy to miss and hard to debug.
Make the Parser raise a TLSLite specific exception in cases like this.
The methods in Parser should also be documented.
handshake_failure
continuing thread from tlslite, issue 113
call to handshakeClientAnonymous fails with handshake_failure
code used and error backtrace
import socket
from tlslite import TLSConnection
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect((<ip>,<port>))
c = TLSConnection(socket)
c.handshakeClientAnonymous()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/<python-path>/tlslite/tlsconnection.py", line 243, in handshakeClientAnonymous
for result in handshaker:
File "/<python-path>/tlslite/tlsconnection.py", line 439, in _handshakeClientAsync
for result in self._handshakeWrapperAsync(handshaker, checker):
File "/<python-path>/tlslite/tlsconnection.py", line 2060, in _handshakeWrapperAsync
for result in handshaker:
File "/<python-path>/tlslite/tlsconnection.py", line 533, in _handshakeClientAsyncHelper
for result in self._clientGetServerHello(settings, clientHello):
File "/<python-path>/tlslite/tlsconnection.py", line 687, in _clientGetServerHello
HandshakeType.server_hello):
File "/<python-path>/tlslite/tlsrecordlayer.py", line 681, in _getMsg
raise TLSRemoteAlert(alert)
tlslite.errors.TLSRemoteAlert: handshake_failure
- using tlslite-ng 0.5.2, not installed but using source python included in larger python project by adding the source code files to python include path
- python 2.7.5
- linux 64bit machine using IBM MCP linux flavor
- kernel 3.10.0-123.20.1
- no tlslite installed
- no virtual env in use
DSA support
Add support for cipher suites that use DSA certificates for authentication.
Implement 3DES cipher in pure Python
To make the library fully portable, we need to have implementation of 3DES in pure Python, for now we only use it with pycrypto or m2crypto loaded.
Code points for old ChaCha20/Salsa20 ciphers
While adding support for the non standardized Salsa20 ciphers is mostly useless, and ChaCha20 definitions from agl draft or old IETF drafts are not widely used, having the code points defined will be helpful for the scanners built on top of tlslite-ng.
ECDSA support
Add support for ciphersuites that use ECDSA certificates
TLS 1.3 support
the protocol is starting to take final shape
- HKDF algorithm #107
- RSA-PSS signature algorithm #108
- session tickets #60
- key_share extension
- pre_shared_key extension
- early data extension
- cookie extension
- HelloRetryRequest message
- EncryptedExtensions message
- new Certificate message
- Certificate Verify from server
optionally:
Support Application Layer Protocol Negotiation (ALPN)
While NPN was the first one and is widely deployed, it's the ALPN that is actual standard (and deployments like Google said that they won't support NPN forever).
Implement RFC 7301
Use openssl to sanity check major features
since Travis has OpenSSL installed, we can use it to check most obvious things like AES-GCM, client certificates or protocol versions in general
Add support for RSA-PSS in TLSv1.2
The current TLSv1.3 draft includes extending the TLSv1.2 to support RSA-PSS too.
depends on #108
Support Maximum Fragment Length Notification
Implement Maximum Fragment Length Notification, also known as max_fragment_length, from RFC 6066
TypeError in SRP example
after connecting using
tls.py client -u alice -p abra123cadabra localhost:4443
(incorrectly syntaxed in README)
Server:
tls.py server -v verifierDB localhost:4443
I am an HTTPS test server, I will listen on localhost:4443
Serving files from /home/sander/src/tlslite-ng/tests
Using verifier DB...
About to handshake...
----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 36312)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 596, in process_request_thread
self.finish_request(request, client_address)
File "/usr/local/lib/python2.7/dist-packages/tlslite/integration/tlssocketservermixin.py", line 55, in finish_request
if self.handshake(tlsConnection) == True:
File "/usr/local/bin/tls.py", line 345, in handshake
reqCert=reqCert)
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1102, in handshakeServer
nextProtos=nextProtos, anon=anon):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1131, in handshakeServerAsync
for result in self._handshakeWrapperAsync(handshaker, checker):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1906, in _handshakeWrapperAsync
for result in handshaker:
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1264, in _handshakeServerAsyncHelper
settings):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1575, in _serverSRPKeyExchange
serverKeyExchange = keyExchange.makeServerKeyExchange(sigHash)
File "/usr/local/lib/python2.7/dist-packages/tlslite/keyexchange.py", line 406, in makeServerKeyExchange
entry = self.verifierDB[srpUsername]
File "/usr/local/lib/python2.7/dist-packages/tlslite/basedb.py", line 59, in __getitem__
valueStr = self.db[username]
File "/usr/lib/python2.7/bsddb/__init__.py", line 270, in __getitem__
return _DeadlockWrap(lambda: self.db[key]) # self.db[key]
File "/usr/lib/python2.7/bsddb/dbutils.py", line 68, in DeadlockWrap
return function(*_args, **_kwargs)
File "/usr/lib/python2.7/bsddb/__init__.py", line 270, in <lambda>
return _DeadlockWrap(lambda: self.db[key]) # self.db[key]
TypeError: String or Integer object expected for key, unicode found
----------------------------------------
Tested on Python 2.7.12 and Python 2.7.3
ChaCha20 Poly1305 support
Implement ciphers from https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-00
Implement certificate signature checking
Allow for loading of a set of CA certificates (or support for the OpenSSL CApath) and verification if the signatures on the certificates were made by the CAs.
Session tickets support [TLS 1.2]
Add support for RFC 4507
Support for X25519 and X448
Add support for draft-ietf-tls-curve25519-01. See also RFC 7748.
Possible implementations for Ed25519:
And for Curve25519:
stop example server from fragmenting responses
the scripts/tls.py server writes responses line by line (at least the headers do), creating a lot of Application Data fragments and leaks the information about size of headers
it should use some caching mechanism so that if all HTTP data fits in a single record, it should send a single record
Contribution details for RHEL
python3-ecdsa, python3-coverage and python3-libs
are named
python34-ecdsa, python34-coverage and python34-libs
Some packages need to be installed with pip. Pip installation file can be downloaded at
https://pip.pypa.io/en/stable/installing/
pip2 is installed with command python get-pip.py
pip3 is installed with command python3 get-pip.py
python3-hypothesis, python-diff-cover, python3-diff-cover and python3-pylint
has to be installed with pip as
diff-cover for pip2
hypothesis, diff-cover and pylint for pip3
test failure
I;m having trouble:
- Python 2.7.3
- installed via pip
- cloned source
- make test
root@ml ~/tlslite-ng# make test
cd tests/ && python ./tlstest.py server localhost:4433 . & sleep 1
cd tests/ && python ./tlstest.py client localhost:4433 .
Test 0 - anonymous handshake
Test 0 - Anonymous server handshake
Test 1 - good X.509
Test 1 - good X509 (plus SNI)
Traceback (most recent call last):
File "./tlstest.py", line 1279, in <module>
clientTestCmd(sys.argv[2:])
File "./tlstest.py", line 118, in clientTestCmd
connection.handshakeClientCert(serverName=address[0])
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 350, in handshakeClientCert
for result in handshaker:
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 366, in _handshakeClientAsync
for result in self._handshakeWrapperAsync(handshaker, checker):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1906, in _handshakeWrapperAsync
for result in handshaker:
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 545, in _handshakeClientAsyncHelper
nextProto):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 964, in _clientFinished
for result in self._sendFinished(masterSecret, cipherSuite, nextProto):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1847, in _sendFinished
for result in self._sendMsg(finished):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsrecordlayer.py", line 590, in _sendMsg
for result in self._sendMsgThroughSocket(msgFragment):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsrecordlayer.py", line 597, in _sendMsgThroughSocket
for result in self._recordLayer.sendRecord(msg):
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 469, in sendRecord
data = self._encryptThenSeal(data, contentType)
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 417, in _encryptThenSeal
buf = self._writeState.encContext.seal(nonce, buf, authData)
File "/usr/local/lib/python2.7/dist-packages/tlslite/utils/chacha20_poly1305.py", line 55, in seal
otk = self.poly1305_key_gen(self.key, nonce)
File "/usr/local/lib/python2.7/dist-packages/tlslite/utils/chacha20_poly1305.py", line 36, in poly1305_key_gen
poly = ChaCha(key, nonce)
File "/usr/local/lib/python2.7/dist-packages/tlslite/utils/chacha.py", line 137, in __init__
self.key = ChaCha._bytearray_to_words(key)
File "/usr/local/lib/python2.7/dist-packages/tlslite/utils/chacha.py", line 122, in _bytearray_to_words
compat26Str(data[i*4:(i+1)*4])))
struct.error: unpack requires a string argument of length 4
make: *** [test] Error 1
root@ml ~/tlslite-ng# Traceback (most recent call last):
File "./tlstest.py", line 1281, in <module>
serverTestCmd(sys.argv[2:])
File "./tlstest.py", line 764, in serverTestCmd
connection.handshakeServer(certChain=x509Chain, privateKey=x509Key)
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1102, in handshakeServer
nextProtos=nextProtos, anon=anon):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1131, in handshakeServerAsync
for result in self._handshakeWrapperAsync(handshaker, checker):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1906, in _handshakeWrapperAsync
for result in handshaker:
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1316, in _handshakeServerAsyncHelper
nextProtos):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1807, in _serverFinished
expect_next_protocol=nextProtos is not None):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1895, in _getFinished
HandshakeType.finished):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsrecordlayer.py", line 646, in _getMsg
for result in self._getNextRecord():
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsrecordlayer.py", line 817, in _getNextRecord
for result in self._getNextRecordFromSocket():
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsrecordlayer.py", line 841, in _getNextRecordFromSocket
for result in self._recordLayer.recvRecord():
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 695, in recvRecord
for result in self._recordSocket.recv():
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 188, in recv
for record in self._recvHeader():
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 122, in _recvHeader
for result in self._sockRecvAll(1):
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 109, in _sockRecvAll
raise TLSAbruptCloseError()
tlslite.errors.TLSAbruptCloseError: TLSAbruptCloseError()
running regular example:
root@ml tlslite-ng/tests# tls.py server -k serverX509Key.pem -c serverX509Cert.pem localhost:4443
I am an HTTPS test server, I will listen on localhost:4443
Serving files from /root/tlslite-ng/tests
Using certificate and private key...
About to handshake...
----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 48303)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 593, in process_request_thread
self.finish_request(request, client_address)
File "/usr/local/lib/python2.7/dist-packages/tlslite/integration/tlssocketservermixin.py", line 55, in finish_request
if self.handshake(tlsConnection) == True:
File "/usr/local/bin/tls.py", line 345, in handshake
reqCert=reqCert)
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1102, in handshakeServer
nextProtos=nextProtos, anon=anon):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1131, in handshakeServerAsync
for result in self._handshakeWrapperAsync(handshaker, checker):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1906, in _handshakeWrapperAsync
for result in handshaker:
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1316, in _handshakeServerAsyncHelper
nextProtos):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1807, in _serverFinished
expect_next_protocol=nextProtos is not None):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1895, in _getFinished
HandshakeType.finished):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsrecordlayer.py", line 646, in _getMsg
for result in self._getNextRecord():
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsrecordlayer.py", line 817, in _getNextRecord
for result in self._getNextRecordFromSocket():
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsrecordlayer.py", line 841, in _getNextRecordFromSocket
for result in self._recordLayer.recvRecord():
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 695, in recvRecord
for result in self._recordSocket.recv():
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 188, in recv
for record in self._recvHeader():
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 122, in _recvHeader
for result in self._sockRecvAll(1):
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 109, in _sockRecvAll
raise TLSAbruptCloseError()
TLSAbruptCloseError: TLSAbruptCloseError()
----------------------------------------
Response from client
root@ml tlslite-ng/tests# tls.py client localhost:4443 Traceback (most recent call last):
File "/usr/local/bin/tls.py", line 387, in <module>
clientCmd(sys.argv[2:])
File "/usr/local/bin/tls.py", line 264, in clientCmd
settings=settings, serverName=address[0])
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 350, in handshakeClientCert
for result in handshaker:
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 366, in _handshakeClientAsync
for result in self._handshakeWrapperAsync(handshaker, checker):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1906, in _handshakeWrapperAsync
for result in handshaker:
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 545, in _handshakeClientAsyncHelper
nextProto):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 964, in _clientFinished
for result in self._sendFinished(masterSecret, cipherSuite, nextProto):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsconnection.py", line 1847, in _sendFinished
for result in self._sendMsg(finished):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsrecordlayer.py", line 590, in _sendMsg
for result in self._sendMsgThroughSocket(msgFragment):
File "/usr/local/lib/python2.7/dist-packages/tlslite/tlsrecordlayer.py", line 597, in _sendMsgThroughSocket
for result in self._recordLayer.sendRecord(msg):
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 469, in sendRecord
data = self._encryptThenSeal(data, contentType)
File "/usr/local/lib/python2.7/dist-packages/tlslite/recordlayer.py", line 417, in _encryptThenSeal
buf = self._writeState.encContext.seal(nonce, buf, authData)
File "/usr/local/lib/python2.7/dist-packages/tlslite/utils/chacha20_poly1305.py", line 55, in seal
otk = self.poly1305_key_gen(self.key, nonce)
File "/usr/local/lib/python2.7/dist-packages/tlslite/utils/chacha20_poly1305.py", line 36, in poly1305_key_gen
poly = ChaCha(key, nonce)
File "/usr/local/lib/python2.7/dist-packages/tlslite/utils/chacha.py", line 137, in __init__
self.key = ChaCha._bytearray_to_words(key)
File "/usr/local/lib/python2.7/dist-packages/tlslite/utils/chacha.py", line 122, in _bytearray_to_words
compat26Str(data[i*4:(i+1)*4])))
struct.error: unpack requires a string argument of length 4
@tomato42 any help appreciated
verify that project matches the CII Best Practice criteria
Refactor ecdsa library and incorporate into tlslite-ng
ecdsa is rather unpythonic (e.g. accessor methods instead of properties) and some of its versions installed on systems we are used may be clobbered (Fedora) or simply old. Doing a refactor of it and incorporating it would make use of tlslite-ng much simpler.
Support padding extension
Add support for padding extension from RFC 7685
clean up keying material extractors
calcExtendedMasterSecret(), calcMasterSecret(), calcFinished(), _calcKeyBlock(), all use essentially the same code, with just different labels. We should move it to single place
add support for AECDH key exchange on server side
AECDH support is limited to just client code, extend server code to support it too
DTLS support
Add support for Datagram TLS - TLS over UDP
Support for alternative ECC point formats
Add support for X9.62 compressed ECC point format from prime field curves and characteristic 2 curves.
related: #373
Convert constants.py to Enum
In Python 3.4 (backported to older as enum34) Enum type was added to handle better the enumerations. IntEnum could be used for AlertDescription, HandshakeType, etc.
verify signatures after making them
since verification of RSA signatures is very inexpensive and failure in signature is usually fatal, make sure that the result of signing is sane
add heartbeat protocol support
Refactor tlstest.py
The current integration testing code could benefit from some refactoring. The auto-numbering is a massive improvement, but there's still some minor annoyances:
- The output isn't intuitive, particularly for the fault-injection tests. Printing 'pass' or 'ok' after each successful test would be an improvement, but isn't really feasible without changing how output is handled (at the moment both the client and server share stdout).
- Fault injection tests indicate success with strings like 'Good Fault bad padding' which is obscure and could be interpreted as meaning the test failed, particularly since most tests don't produce any output at all.
- Several tests have different names on the client and server (e.g. test 0 is called 'anonymous handshake' on the client and 'Anonymous server handshake' on the server).
- Typically only one end of the connection crashes, and the other then falls over with an unrelated error ('Connection Refused' or 'TLSAbruptCloseError'). It's generally obvious which end failed, but it's still less than ideal.
- If testing is interrupted (e.g. with SIGINT/ctrl-C) or something causes the tlstest client to crash, the server can be left running which causes subsequent
make testruns to fail ('Address already in use'). The exact circumstances for triggering this are unclear, beyond getting (un)lucky when you abort the test.
One option that comes to mind is to rewrite the tests to use the async API, which would remove the need for separate client and server processes. Testing could then be managed with the unittest module, to be consistent with the unit tests. Seem reasonable?
Also, a couple of minor notes related to testing in general:
- Running unit tests on Python 2 requires the 'mock' module to be installed, this doesn't appear to be in the list of requirements in CONTRIBUTING.md. Likewise, epydoc (and the associated modifications) are also missing from the list.
- The current
make testtarget doesn't seem particularly useful given that it's undocumented and tests the installed copy of tlslite instead of the local copy. It also doesn't run unit tests and only runs the test on the default python. Perhaps the 'test' and 'test-local' targets should be removed, and 'test-dev' split up so that 'test' can invoke the unit/integration tests without running the linter/coverage checker.
Add support for extended master secret
Implement protocol renegotiation
For now the renegotiation is rejected on server side and simply unsupported in client side.
When implementing we need to make sure that the certificates and encryption settings stay associated with correct session.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.