Support for STARTTLS based services #3
Comments
|
This would be nice, but it's low priority: STARTTLS is annoying to implement because it's intertwined with the application protocol, and whatsmychaincert is mainly focused on the browser use-case which doesn't use STARTTLS. |
|
Sure. BTW: There is an RFC for STARTTLS with HTTP: https://tools.ietf.org/html/rfc2817 - It's just hardly ever implemented ;-) Also a word on STARTTLS: Most services can be supported by sending a more or less dump request prior to the TLS handshake. The most complicated case I've seen was SMTP with two required checks (EHLO response containing STARTTLS + response on STARTTLS command) to boot properly. On contrast MySQL and XMPP are static in regards to STARTTLS bootup. For implementation hints you might want to take a look into my SSL test. |
|
For reference: https://github.com/benbe/ssltest/blob/master/src/de/dogcraft/ssltest/tests/STARTTLS.java Indeed, that doesn't look awful. I thought XMPP would be worse. Though IIRC the XMPP STARTTLS support in OpenSSL's s_client was broken for a while, so there must be something tricky about it. Thank goodness STARTTLS with HTTP never caught on! |
Please implement support for testing STARTTLS based services.
The text was updated successfully, but these errors were encountered: