-
Notifications
You must be signed in to change notification settings - Fork 767
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS 1.2 client implementation #581
base: main
Are you sure you want to change the base?
Conversation
…d() uses a correct check for TLS 1.2 based on the session.
…ls_final Conflicts: lib/tls.js
…Hello for compatibility with Windows 7 and 8.1
MR from origin
Thanks for the updated patch. As mentioned in the other PR, there was some previous TLS 1.2 work in the 0.8 branch too. It would be good to see if any of that can be merged in as well (while dealing with the general unmerged API changes). But maybe partial support would be ok for now. Any chance of resolving the conflicts with master? Did you have any automated testing scripts for this code? |
is there any plan to merge this pr recently? |
update maybe ? |
Hi, is this to be merged soon? TLS 1_2 would be nice to have! |
Hi @githoniel, what about server TLS 1.2 ? |
sorry it has been a long time. I only test client code and it works. I think it will work on server side two because they share those code |
Merge the TLS 1.2 client implementation from PR digitalbazaar#581 by githoniel
Add TLS 1.2 support to v1.3.1
this seems to cause a handshake failure on tls 1.2 websites with the code const net = require('net')
const forge = require('./forge')
var socket = new net.Socket();
var client = forge.tls.createConnection({
server: false,
verify: function(connection, verified, depth, certs) {
// skip verification for testing
console.log('[tls] server certificate verified');
return true;
},
connected: function(connection) {
console.log('[tls] connected');
// prepare some data to send (note that the string is interpreted as
// 'binary' encoded, which works for HTTP which only uses ASCII, use
// forge.util.encodeUtf8(str) otherwise
client.prepare('GET / HTTP/1.1\r\nHost: github.com\r\n\r\n');
},
tlsDataReady: function(connection) {
// encrypted data is ready to be sent to the server
var data = connection.tlsData.getBytes();
socket.write(data, 'binary'); // encoding should be 'binary'
},
dataReady: function(connection) {
// clear data from the server is ready
var data = connection.data.getBytes();
console.log('[tls] data received from the server: ' + data);
},
closed: function() {
console.log('[tls] disconnected');
},
error: function(connection, error) {
throw error
}
});
socket.on('connect', function() {
console.log('[socket] connected');
client.handshake();
});
socket.on('data', function(data) {
client.process(data.toString('binary')); // encoding should be 'binary'
});
socket.on('end', function() {
console.log('[socket] disconnected');
});
// connect to google.com
socket.connect(443, 'github.com');
// or connect to gmail's imap server (but don't send the HTTP header above)
//socket.connect(993, 'imap.gmail.com'); |
base on @parthenon's PR
Tested with node offical tls server/Go offical tls server
handleCertificateRequest
add support for SignatureAndHashAlgorithmgetClientSignature
support TLS 1.2 SignatureAlgorithm using SHA256-RSAcreateCertificateVerify
add add support for SignatureAndHashAlgorithm