On Monday, 4 December 2017 13:43:32 CET Jitendra Lulla via openssl-dev wrote: > Thanks Joey. > > And I found the url for listing a server's tls extensions here: > > http://possible.lv/tools/hb/?domain=yahoo.com > > Do you know how we can enable/test the extensions using firefox or any other > browser?
Can't speak for other browsers, but for Firefox it is not possible - the underlying library - NSS - does not expose API that allows addition of arbitrary extensions. in general, tests like these are usually performed either using modified libraries or by using completely custom implementations of TLS > -------------------------------------------- > On Mon, 12/4/17, Joey Yandle <xol...@gmail.com> wrote: > > Subject: Re: [openssl-dev] Known apps supporting tls max frag size extn > To: "Jitendra Lulla" <lull...@yahoo.com>, openssl-dev@openssl.org > Date: Monday, December 4, 2017, 5:13 AM > > > Also, I have lost the url of a website > > which used to analyze any given server ( eg www.yahoo.com) > for its supporting various tls extensions. You provide the > server url and it will display all the tls extns supported > by that server. If you know of any such url, could you > please help me with that also. > > > > openssl s_client has an > argument -tlsextdebug: > > $ > openssl s_client -connect www.yahoo.com:443 -tlsextdebug > CONNECTED(00000003) > TLS server > extension "renegotiation info" (id=65281), > len=1 > 0001 - <SPACES/NULS> > TLS server extension "EC point > formats" (id=11), len=4 > 0000 - 03 00 01 > 02 > .... > TLS server extension "session > ticket" (id=35), len=0 > TLS server > extension "heartbeat" (id=15), len=1 -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev