Mozilla NSS OK. Certicom OK. GnuTLS OK. Sun JSSE OK
Title: Mozilla NSS OK. Certicom OK. GnuTLS OK. Sun JSSE OK
1
TLS Record Layer Bugs
- Pasi.Eronen_at_nokia.comIETF67 TLS WG
2
Background
- Testing inspired by Yngves draft
- No illegal inputs (overflows etc.)
3
Fragmentation
- multiple client messages of the same
ContentType MAY be coalesced into a single
TLSPlaintext record, or a single message MAY be
fragmented across several records
4
Fragmentation test results
- OpenSSL fail
- Microsoft IIS fail
- Mozilla NSS OK
- Certicom OK
- GnuTLS OK
- Sun JSSE OK
- Cryptlib fail
- PureTLS fail
- TLSLite fail
- MatrixSSL fail
5
Fragmentation proposal
- MUST NOT fragment Handshake, Alert, and CCS
messages - Unless larger than max. fragment size
- At least when using TLS_NULL_WITH_NULL_NULL?
6
Empty fragments test results
- OpenSSL fail
- Microsoft IIS fail
- Mozilla NSS fail
- Certicom OK
- GnuTLS OK
- Sun JSSE fail
- Cryptlib fail
- PureTLS fail
- TLSLite fail
- MatrixSSL fail
7
Empty fragments proposal
- MUST NOT send empty fragments
- with Handshake/Alert/CCS content type only?
8
Large padding
- padding MAY be any length up to 255 bytes, as
long as it results in the TLSCiphertext.length
being an integral multiple of the block length
9
Large padding test results
- OpenSSL OK
- Microsoft IIS OK
- Mozilla NSS OK
- Certicom OK
- GnuTLS OK
- Sun JSSE OK
- Cryptlib OK
- PureTLS OK
- TLSLite OK
- MatrixSSL fail
10
Unknown content types
- If a TLS implementation receives a record type
it does not understand, it SHOULD just ignore it.
11
Unknown content test results
- OpenSSL OK
- Microsoft IIS fail
- Mozilla NSS fail
- Certicom fail
- GnuTLS fail
- Sun JSSE OK
- Cryptlib fail
- PureTLS fail
- TLSLite fail
- MatrixSSL fail
12
Unknown content proposal
- MUST NOT send other content types except when
negotiated using a TLS extension
13
Summary
- I have some more tests
- Anyone interested in more testing?
- SSL accelerator boxes?
- Lotus Domino?
Recommended
