Looking at the OpenSSL source code (ssl3.h) I note that it supports some non-standard HandshakeTypes: 24, 67 and 254. Does SSLStream/SChannel support these? Does SChannel have any non-standard extensions of its own? I'm primarily interested in the Windows 7 implementation.
Asked
Active
Viewed 41 times
0
-
I'm not sure I understand your question and what exactly you mean by "handshake types". Presumably you mean "handshake message types" - but if so there are no definitions for message types 24 and 254 in ssl3.h in OpenSSL 1.1.0 or OpenSSL 1.0.2 (the currently supported versions). Message type 67 is for NPN which is only used if the NPN extension is negotiated - which requires both ends to agree to it. Use of this extension is not encouraged since it was only ever a draft spec and was superseded by ALPN. I don't know if SSLStream/SChannel support it but I doubt it (because it was never a spec) – Matt Caswell Sep 18 '17 at 14:32
-
Possibly for "24" you are referring to the heartbeat *record type* - this is not a handshake message type at all. Support for this has been removed from OpenSSL 1.1.0 (except for DTLS), – Matt Caswell Sep 18 '17 at 14:34
-
Yes, I'm thinking of handshake message types, these ones: ` # define SSL3_MT_KEY_UPDATE 24 # ifndef OPENSSL_NO_NEXTPROTONEG # define SSL3_MT_NEXT_PROTO 67 # endif # define SSL3_MT_MESSAGE_HASH 254 ` – Jan Mattsson Sep 18 '17 at 16:52
-
1Ahh! Right - you are looking at OpenSSL master (1.1.1 development version) rather than any of the released versions. SSL3_MT_KEY_UPDATE and SSL3_MT_MESSAGE_HASH are all TLSv1.3 message types. TLSv1.3 is still in development in OpenSSL. Most other major libraries have development implementations for it too - but they are unlikely to have it in any released version because the TLSv1.3 specification has not yet been finalised. – Matt Caswell Sep 18 '17 at 23:55