Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add and use new -2 option for strsclnt to disable SSL2 compatible client

Browse Source 
hellos, so we can stress test TLS hello extensions.  Bug 333559.
r=julien.pierre,rrelyea


git-svn-id: svn://10.0.0.236/trunk@194355 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
nelson%bolyard.com 2006-04-13 22:43:31 +00:00
parent 020429d0bb
commit fc11ad1fed
2 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
mozilla/security/nss/cmd/strsclnt/strsclnt.c
View File

@ -153,6 +153,7 @@ static PRInt32 numUsed;
static SSL3Statistics * ssl3stats;
static int failed_already = 0;
static PRBool disableSSL2 = PR_FALSE;
static PRBool disableSSL3 = PR_FALSE;
static PRBool disableTLS = PR_FALSE;
static PRBool bypassPKCS11 = PR_FALSE;
@ -184,7 +185,7 @@ Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n"
" [-3BDNTovqs] [-2 filename] [-P fullhandshakespercentage | -N]\n"
" [-23BDNTovqs] [-f filename] [-N | -P percentage]\n"
" [-w dbpasswd] [-C cipher(s)] [-t threads] hostname\n"
" where -v means verbose\n"
" -o flag is interpreted as follows:\n"
@ -195,6 +196,7 @@ Usage(const char *progName)
" -s means disable SSL socket locking\n"
" -N means no session reuse\n"
" -P means do a specified percentage of full handshakes (0-100)\n"
" -2 means disable SSL2\n"
" -3 means disable SSL3\n"
" -T means disable TLS\n"
" -U means enable throttling up threads\n"
@ -1194,6 +1196,12 @@ client_main(
errExit("SSL_OptionSet SSL_SECURITY");
}
/* disabling SSL2 compatible hellos also disables SSL2 */
rv = SSL_OptionSet(model_sock, SSL_V2_COMPATIBLE_HELLO, !disableSSL2);
if (rv != SECSuccess) {
errExit("error enabling SSLv2 compatible hellos ");
}
rv = SSL_OptionSet(model_sock, SSL_ENABLE_SSL3, !disableSSL3);
if (rv != SECSuccess) {
errExit("error enabling SSLv3 ");
@ -1338,11 +1346,11 @@ main(int argc, char **argv)
progName = progName ? progName + 1 : tmp;
optstate = PL_CreateOptState(argc, argv, "2:3BC:DNP:TUc:d:in:op:qst:vw:");
optstate = PL_CreateOptState(argc, argv, "23BC:DNP:TUc:d:f:in:op:qst:vw:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch(optstate->option) {
case '2': fileName = optstate->value; break;
case '2': disableSSL2 = PR_TRUE; break;
case '3': disableSSL3 = PR_TRUE; break;
@ -1364,6 +1372,8 @@ main(int argc, char **argv)
case 'd': dir = optstate->value; break;
case 'f': fileName = optstate->value; break;
case 'i': ignoreErrors = PR_TRUE; break;
case 'n': nickName = PL_strdup(optstate->value); break;

13
mozilla/security/nss/tests/ssl/sslstress.txt
View File

@ -14,15 +14,12 @@
# noECC 0 -r -w_bogus_-n_"Test_User" TLS Request don't require client auth (bad password)
#
# ############################ ECC ciphers ############################
# Currently, session reuse does not work for ECDH-ECDSA and ECDHE-ECDSA
# ciphers (see Bug 238051). Setting up 1000 connections without session
# reuse would take too long, so use only 10 connections
#
ECC 0 -c_:C009 -c_10_-C_:C009_-N_-T Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
ECC 0 -c_:C013 -c_100_-C_:C013_-T Stress SSL3 ECDHE-RSA AES 128 CBC with SHA
ECC 0 -c_:C004 -c_10_-C_:C004_-N Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse)
# ECC 0 -c_:C00E -c_10_-C_:C00E_-N Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
ECC 0 -c_:C013 -c_100_-C_:C013 Stress TLS ECDHE-RSA AES 128 CBC with SHA
ECC 0 -c_:C009 -c_100_-C_:C009_-N_-T Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
ECC 0 -c_:C013 -c_1000_-C_:C013_-T Stress SSL3 ECDHE-RSA AES 128 CBC with SHA
ECC 0 -c_:C004 -2_-c_100_-C_:C004_-N Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse)
# ECC 0 -c_:C00E -2_-c_100_-C_:C00E_-N Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
ECC 0 -c_:C013 -2_-c_1000_-C_:C013 Stress TLS ECDHE-RSA AES 128 CBC with SHA
#
# add client auth versions here...
#