On 30 okt. 2013, at 11:42, Dave Cridland <d...@cridland.net> wrote: > On Wed, Oct 30, 2013 at 12:44 AM, Thijs Alkemade <th...@xnyhps.nl> wrote: > So far, two tests have shown a server supported SSLv3 but not TLS 1.0, > both for c2s to palemoon.net: > > Drifting from the topic, I know, but just to confirm, this is only testing > what versions the servers handle in server-mode, correct? Given the nature of > the APIs, do we think this might be different to what versions a server will > negotiate given the opportunity in client-mode C2S? > > I know this used to be (and might still be) the situation with TLS based > compression, but I can't think right now if it's likely to be the case with > cipher suites and TLS versions.
Yes, xmppoke only tests server -> server connections where xmppoke acts as the TLS client. Testing the protocol versions and ciphers offered by the other server acting as the TLS client would be interesting, but tricky to implement. It would require requesting dialback and xmpp.net having a port open to accept the connection (causing concurrency problems with different simultaneous tests). The ciphers wouldn’t need to be tested one by one, but protocol versions still do, so it would require abandoning and restarting dialback a number of times. (This is really getting to the point where I whish xmppoke was a Prosody module, instead of a script...) If I had to make a guess, I’d expect most servers to support the same protocols as they accept and that they offer the same ciphers as they accept. OpenSSL based servers probably follow @STRENGTH: first ordering by bitsize, then by forward-secrecy (yes, this places 3DES above AES-128). Openfire probably follows Java’s defaults, which on Java 1.6 means starting with RC4-MD5, RC4-SHA, AES128-SHA, etc. Regards, Thijs
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________