On Tue, Jan 22, 2019 at 11:16 AM Aleksandar Lazic <al-hapr...@none.at> wrote: > Agree that I get a 400 with this command. > > `echo 'K' | ./tool/bssl s_client -connect mail.google.com:443`
(Note that "K" on its own line does not send a KeyUpdate message with BoringSSL's bssl tool. It just sends "K\n".) > How does boringssl test if the KeyUpdate on a server works? If you're asking how BoringSSL's internal tests exercise KeyUpdates then we maintain a fork of Go's TLS stack that is extensively modified to be able to generate a large variety of TLS patterns. That is used to exercise KeyUpdates in a number of ways: https://boringssl.googlesource.com/boringssl/+/eadef4730e66f914d7b9cbb2f38ecf7989f992ed/ssl/test/runner/runner.go#2779 Cheers AGL -- Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
