User:Eskuat/WeeklyReports: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with '== Coding part Week #1 (May, 23 - 30) == I've submitted a patch with TLS 1.1 implementation here {{bug|565047}} and asked for review. Then I dedicated rest of the week to thoro…')
 
No edit summary
Line 17: Line 17:
#Alerts MUST now be sent in many cases.<br>  
#Alerts MUST now be sent in many cases.<br>  
#After a certificate_request, if no certificates are available,<br> clients now MUST send an empty certificate list.<br>  
#After a certificate_request, if no certificates are available,<br> clients now MUST send an empty certificate list.<br>  
#TLS_RSA_WITH_AES_128_CBC_SHA is now the mandatory to implement<br> cipher suite. Added HMAC-SHA256 cipher suites. Removed IDEA and DES cipher suites. &nbsp;They are now deprecated and will be documented in a separate document.<br>
#TLS_RSA_WITH_AES_128_CBC_SHA is now the mandatory to implement<br> cipher suite. Added HMAC-SHA256 cipher suites. Removed IDEA and DES cipher suites. &nbsp;They are now deprecated and will be documented in a separate document.
 
#Support for the SSLv2 backward-compatible hello is now a MAY, not<br> a SHOULD, with sending it a SHOULD NOT. Support will probably<br> become a SHOULD NOT in the future.<br>
#Support for the SSLv2 backward-compatible hello is now a MAY, not<br> a SHOULD, with sending it a SHOULD NOT. Support will probably<br> become a SHOULD NOT in the future.<br>  
#Added limited "fall-through" to the presentation language to allow<br> multiple case arms to have the same encoding.
 
<br>
<br>

Revision as of 05:24, 31 May 2010

Coding part Week #1 (May, 23 - 30)

I've submitted a patch with TLS 1.1 implementation here bug 565047 and asked for review. Then I dedicated rest of the week to thorough review of RFC 5246 and continued learning the codebase.
The review is not 100% finished yet, I compared RFC 4346 and RFC 5246 in deathmatch like style.

Some preliminary results below (Changes that doesn't require coding are omitted).


  1. The MD5/SHA-1 combination in the pseudorandom function (PRF) has been replaced with cipher-suite-specified PRFs. All cipher suites in this document use P_SHA256.
  2. The MD5/SHA-1 combination in the digitally-signed element has been replaced with a single hash. Signed elements now include a field that explicitly specifies the hash algorithm used.
  3. Substantial cleanup to the client's and server's ability to
    specify which hash and signature algorithms they will accept.
    Note that this also relaxes some of the constraints on signature
    and hash algorithms from previous versions of TLS.
  4. Addition of support for authenticated encryption with additional
    data modes.
  5. TLS Extensions definition and AES Cipher Suites were merged in
    from external [TLSEXT] and [TLSAES].
  6. Tighter checking of EncryptedPreMasterSecret version numbers.
  7. Tightened up a number of requirements.
  8. Verify_data length now depends on the cipher suite (default is
    still 12).
  9. Alerts MUST now be sent in many cases.
  10. After a certificate_request, if no certificates are available,
    clients now MUST send an empty certificate list.
  11. TLS_RSA_WITH_AES_128_CBC_SHA is now the mandatory to implement
    cipher suite. Added HMAC-SHA256 cipher suites. Removed IDEA and DES cipher suites.  They are now deprecated and will be documented in a separate document.
  12. Support for the SSLv2 backward-compatible hello is now a MAY, not
    a SHOULD, with sending it a SHOULD NOT. Support will probably
    become a SHOULD NOT in the future.


Retrieved from "https://wiki.mozilla.org/index.php?title=User:Eskuat/WeeklyReports&oldid=226621"