Robert Merget

icon indicating an email [email protected]

icon company Technology Innovation Institute (TII) icon location Abu Dhabi, UAE icon location Hey, I'm Robert. I work for TII and develop TLS stuff :)

Results 28 comments of Robert Merget

Implement TLS 1.3 Client Authentication

Update: I think a student of mine implemented this. I will have to check if its actually working before finally closing this issue.

Implement TLS 1.3 Client Authentication

This feature will be probably added in TLS-Attacker 4.0

is there -Verify 1 option in TLS-Attacker server mode

No, you would need to check this yourself.

is there -Verify 1 option in TLS-Attacker server mode

`state.getTlsContext().getClientCertificate() == null`

Brainpool Curve in ECDSA Certificate

Hm that is weird. We will look into this

Help :For eddsa certificates in server mode

this is the correct method, but it might be that x25519 certificates are not supported by our underlying api.

Session recommendations

Thats a fair point, I guess we should also scan for SessionTicket Lifetime hints and adjust the recommendation accordingly

Encrypt-then-MAC extension test not working correctly

You are right - that is pretty much what is happening. The Encrypt-then-MAC check should be a dedicated connection since we only need to exclusively offer cbc cipher suites.