I had tried TLS Fuzzer, and it worked for me. I just wished that OpenSSL can do the similar things.
Thanks! On Tue, Feb 26, 2019 at 9:56 PM Hubert Kario <hka...@redhat.com> wrote: > On Tuesday, 26 February 2019 07:22:52 CET John Jiang wrote: > > Is it possible to check if peer implements middlebox compatibility by > > s_server/s_client? > > It looks the test tools don't care this point. > > For example, if a server doesn't send change_cipher_spec after > > HelloRetryRequest, s_client still feels fine.That's not bad. But can I > > setup these tools to check middlebox compatibility? > > As Matt said, there's no human-readable output that shows that. > > tlsfuzzer does verify if the server sends ChangeCipherSpec and at what > point in the connection (all scripts expect it right after ServerHello or > right after HelloRetryRequest depending on connection). > > You can use > > https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-conversation.py > https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-hrr.py > and > > https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-session-resumption.py > respectively to test regular handshake, one with HelloRetryRequest > and one that performs session resumption. > > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
