Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Upgrade TLS1.2 to TLS1.3 #1120

Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open

[WIP] Upgrade TLS1.2 to TLS1.3 #1120

wants to merge 14 commits into from

Conversation

claucece
Copy link
Contributor

@claucece claucece commented Jul 27, 2020
edited
Loading

This takes the code done in PR #1101

TODOs:

  • Fix tests (that were coded for TLS1.2) and make sure they pass
  • Upgrade cfsslscan to work with the interface of TLS1.3 (slightly different than 1.2)
    • Check if some parts of the commons file should be omitted.
  • Upgrade the Grading algorithms to use/reflect TLS1.3, which includes:
    • Scanning with both TLS1.2 and TLS1.3
    • Rewiring some version-specific checks (e.g., SessionResumption in 1.2) to be done only with their version

lbarman and others added 9 commits April 22, 2020 18:01
@lbarman
Add golang.org/x/crypto/hkdf to the modules
7c16f81 
(Seems unavoidable since HKDF is used in TLS1.3's key schedule)
@lbarman
Add dependency to golang.org/x/crypto/chacha20poly1305
56d56c3
@lbarman
Bit-for-bit copy of Reference implementation 1.13.9
aaa0cce
@lbarman
Fix import to golang.org/x/crypto/ed25519
afefda5
@lbarman
Update cfsslscan_common/handshake.go to work with TLS1.3
2d8a3ac 
Note: this is the commit that was really needed to swap for TLS1.3; all
previous commits were an attempt to patch the current implementation
towards 1.3, but that was long and error-prone. This is a clean change
on top of the copy-pasted reference implementation

Note2: Grading is still not updated to 1.3
Note3: I didn't update/run the tests (which the reference implementation
do not have)
@lbarman
Tests compile but fail
fc6ae87
@lbarman
Add dependency to golang.org/x/crypto/curve25519
1b4d7f6
@claucece
Fix vendor
ff17640
@claucece
Update to go.1.14 TLS
bd32607
@codecov-commenter
Copy link

codecov-commenter commented Jul 27, 2020
edited
Loading

Codecov Report

Merging #1120 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1120   +/-   ##
=======================================
  Coverage   56.27%   56.27%           
=======================================
  Files          77       77           
  Lines        7309     7309           
=======================================
  Hits         4113     4113           
  Misses       2727     2727           
  Partials      469      469
Impacted Files Coverage Δ
scan/tls_handshake.go 0.00% <ø> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6b49bea...be042d1. Read the comment docs.

@claucece claucece mentioned this pull request Jul 27, 2020
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@claucece @codecov-commenter @lbarman