forge icon indicating copy to clipboard operation
forge copied to clipboard

Published 20 hours ago verified publisher icon digitalbazaar

TLS 1.2 client implementation

Open githoniel opened this issue 6 years ago • 7 comments

base on @parthenon's PR

Tested with node offical tls server/Go offical tls server

  • fix two syntax error
  • handleCertificateRequest add support for SignatureAndHashAlgorithm
  • getClientSignature support TLS 1.2 SignatureAlgorithm using SHA256-RSA
  • createCertificateVerify add add support for SignatureAndHashAlgorithm

githoniel avatar May 05 '18 10:05 githoniel

Thanks for the updated patch. As mentioned in the other PR, there was some previous TLS 1.2 work in the 0.8 branch too. It would be good to see if any of that can be merged in as well (while dealing with the general unmerged API changes). But maybe partial support would be ok for now. Any chance of resolving the conflicts with master?

Did you have any automated testing scripts for this code?

davidlehn avatar May 08 '18 16:05 davidlehn

is there any plan to merge this pr recently?

matianfu avatar Sep 14 '18 10:09 matianfu

update maybe ?

torsina avatar Mar 09 '19 16:03 torsina

Hi, is this to be merged soon? TLS 1_2 would be nice to have! Thanks for the good work!

heol-files avatar Sep 18 '20 08:09 heol-files

Hi @githoniel, what about server TLS 1.2 ?

BurakDev avatar Dec 04 '20 00:12 BurakDev

Hi @githoniel, what about server TLS 1.2 ?

sorry it has been a long time. I only test client code and it works. I think it will work on server side two because they share those code

githoniel avatar Dec 16 '20 10:12 githoniel

this seems to cause a handshake failure on tls 1.2 websites with the code

const net = require('net')
const forge = require('./forge')
var socket = new net.Socket();

var client = forge.tls.createConnection({
  server: false,
  verify: function(connection, verified, depth, certs) {
    // skip verification for testing
    console.log('[tls] server certificate verified');
    return true;
  },
  connected: function(connection) {
    console.log('[tls] connected');
    // prepare some data to send (note that the string is interpreted as
    // 'binary' encoded, which works for HTTP which only uses ASCII, use
    // forge.util.encodeUtf8(str) otherwise
    client.prepare('GET / HTTP/1.1\r\nHost: github.com\r\n\r\n');
  },
  tlsDataReady: function(connection) {
    // encrypted data is ready to be sent to the server
    var data = connection.tlsData.getBytes();
    socket.write(data, 'binary'); // encoding should be 'binary'
  },
  dataReady: function(connection) {
    // clear data from the server is ready
    var data = connection.data.getBytes();
    console.log('[tls] data received from the server: ' + data);
  },
  closed: function() {
    console.log('[tls] disconnected');
  },
  error: function(connection, error) {
    throw error
  }
});

socket.on('connect', function() {
  console.log('[socket] connected');
  client.handshake();
});
socket.on('data', function(data) {
  client.process(data.toString('binary')); // encoding should be 'binary'
});
socket.on('end', function() {
  console.log('[socket] disconnected');
});

// connect to google.com
socket.connect(443, 'github.com');

// or connect to gmail's imap server (but don't send the HTTP header above)
//socket.connect(993, 'imap.gmail.com');

ProgrammerIn-wonderland avatar Aug 11 '23 17:08 ProgrammerIn-wonderland