path: root/openssl-connect
AgeCommit message (Collapse)AuthorFilesLines
2016-09-17openssl-connect: fix support for more PSK ciphersPeter Wu1-1/+7
Match also stuff like DHE-PSK-AES128-CCM8. Improve error message if cipher is not accepted by OpenSSL.
2016-09-17openssl-{connect,listen}: OpenSSL 1.1.0 compatPeter Wu1-1/+1
The options parser has changed, options now have to precede the parameters (possible a bug, already reported to with subject "Options after parameters are ignored in OpenSSL 1.1.0"). While at it, use COMPLEMENTOFALL instead of NULL since that possibly includes more ciphers.
2013-12-10More ciphers supportPeter Wu1-1/+2
* generate-wireshark-cs: fix key sizes for export ciphers * notes, openssl-{connect,listen}: support more cipher suites, including NULL.
2013-12-06openssl-{connect,listen}: fix usage, reduce outputPeter Wu1-3/+5
The CLIENT_RANDOM is applicable to clients only, so remove it from ServerHello. Also update notes with cmake+gcrypt instructions.
2013-10-27openssl-*: support custom s_server/s_client argsPeter Wu1-3/+15
2013-10-01generate-wireshark-cs: fix ECDH, add PSK, drop SIG_Peter Wu1-0/+1
ssl_get_keyex_alg.txt contains the current supported list of cipher suites for key exchange by the ssl_get_keyex_alg() function. It was generated with: awk -F '[ :;\t]+' '/^gint ssl_get_keyex_alg/{p=1} /case/{if(p)a[$3]=0} /return/{for(i in a)print i, $3;delete a} /^} /{if(p)exit}' packet-ssl-utils.c This file can then be converted and sorted with: while read num name; do echo $((num)) $name; done < ssl_get_keyex_alg.txt | sort -n > /tmp/1 To get the current cipher suites list: awk -F '[ {,]+' '/,KEX_/{print $2, $3}' packet-ssl-utils.c > /tmp/2 Check which cipher suites are missing or have an incorrect key exchange: diff -y /tmp/[12] It turned out that the ECDH cipher suites were incorrectly marked as DH (tested on top of SVN rev 52320). Therefore adjust the generate-wireshark-cs file.
2013-09-30openssl-{connect,listen}: Add PSK supportPeter Wu1-3/+5
Wireshark already supports these suites, yay :)
2013-09-19openssl-connect: support SSLv2 ClientHelloPeter Wu1-4/+12
Making assumptions about ClientHello is very fragile, but since we are controlling the client, it should not be a big deal.
2013-09-18Disable compression for openssl-connectPeter Wu1-0/+1
This makes it easier to see relations in plaintext (if any).
2013-09-16openssl-connect: print keys earlierPeter Wu1-9/+17
2013-09-15openssl-connect: Parse certificate type from namePeter Wu1-11/+20
This allows for something like: openssl ciphers -V | grep -v \ SRP- | ./openssl-connect /tmp/test-certs
2013-09-15Add ECDH-RSA support for toolsPeter Wu1-7/+21
2013-09-15Add server/client tools for testing ciphersPeter Wu1-0/+64