tlsfuzzer
ClientHello with last extension being empty
New test script idea
What TLS message this idea relates to?
ClientHello
What TLS extension this idea relates to?
none in particular
What is the behaviour the test script should test?
Some implementations (old Tomcat/Java) won't process the ClientHello when the last extension has an empty payload. Verify that both unknown and known extensions that have empty payloads can be placed last in the list and the negotiation will succeed.
Are there scripts that test related functionality?
none
Additional information
I'd like to pick this to refresh things around extensions a bit. Is that okay?
I briefly checked code and isn't this actually partly implemented in test-extensions.py ("n extensions last empty" probe)?
One can split this issue to two tasks:
For all
a) "known" (~0-90) and b) "unknown" (90+) extensions
verify that extensions that have empty payloads can be placed last in the list and the negotiation will succeed.
I think (b) part is already covered. Does it make sense to extend it to cover (a) as well or is it good enough as it is?
I'd say that it's a good idea to extend it
though the n extensions last empty from test-extensions.py is always testing extension with ID 90, I think we should test multiple different IDs from unallocated set, not just 90
I have part b) done. However, I am not sure about a) - extensions from allocated set usually have specific syntax as well as semantics (eg. sometimes they cannot have empty payload, sometimes they must have it empty, etc.).
Trying to address a) would be much more complex and it won't make the test better that much - if some implementation won't process CH with an empty payload of the last exception then part b) would already hit it.
for part a). I was thinking of just selecting few extensions that are empty by definition and just ensuring they are placed last (like the extended master secret or encrypt-then-mac extensions), it doesn't have to use absolutely all of them that can be empty