# HACKING                                                       -*- org -*-
#+TITLE: Hacking on NTBTLS
#+TEXT: Some notes on NTBTLS internals
#+STARTUP: showall
#+OPTIONS: ^:{}



** How to start a GNUTLS test server

   To test the client it is best to test against a different
   implementation.  GNUTLS is one of the major TLS implementations;
   testing against OpenSSL would be useful too - see below.

#+begin_example
  cd ntbls/tests
  gnutls-serv  --http --x509cafile x509-ca.pem \
    --x509keyfile x509-server-key.pem --x509certfile x509-server.pem \
    --port 8443
#+end_example

   To test only a single ECDHDE cipher suite, this can be useful:

#+begin_example
   --priority SECURE128:+ECDHE-RSA:-RSA:-DHE-RSA:-PSK:-CAMELLIA-128-CBC:\
   -CAMELLIA-256-CBC:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-SHA1:\
   -AES-128-GCM:-AES-256-GCM:-SHA384
#+end_example


** How to start an OpenSSL test server


* Specs
** RFC Notes

*** 4492 - Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
    Security (TLS). S. Blake-Wilson, N. Bolyard, V. Gupta, C. Hawk, B.
    Moeller. May 2006. (Format: TXT=72231 bytes) (Updated by RFC5246,
    RFC7027) (Status: INFORMATIONAL) (DOI: 10.17487/RFC4492)

    - 5246 :: See A.7 for the changes.
    - 7027 :: Brainpool curves

*** 5246 - The Transport Layer Security (TLS) Protocol Version 1.2.
    T. Dierks, E. Rescorla. August 2008. (Format: TXT=222395 bytes)
    (Obsoletes RFC3268, RFC4346, RFC4366) (Updates RFC4492) (Updated
    by RFC5746, RFC5878, RFC6176) (Status: PROPOSED STANDARD)

*** 5746 Transport Layer Security (TLS) Renegotiation Indication Extension.
    E. Rescorla, M. Ray, S. Dispensa, N. Oskov. February 2010.
    (Format: TXT=33790 bytes) (Updates RFC5246, RFC4366, RFC4347,
    RFC4346, RFC2246) (Status: PROPOSED STANDARD)

*** 5878 Transport Layer Security (TLS) Authorization Extensions.
    M. Brown, R. Housley. May 2010. (Format: TXT=44594 bytes) (Updates
    RFC5246) (Status: EXPERIMENTAL)

*** 6176 Prohibiting Secure Sockets Layer (SSL) Version 2.0.
    S. Turner, T. Polk. March 2011. (Format: TXT=7642 bytes) (Updates
    RFC2246, RFC4346, RFC5246) (Status: PROPOSED STANDARD)

*** 5077 Transport Layer Security (TLS) Session Resumption without
    Server-Side State. J. Salowey, H. Zhou, P. Eronen, H. Tschofenig.
    January 2008. (Format: TXT=41989 bytes) (Obsoletes RFC4507)
    (Status: PROPOSED STANDARD)
