How to test an implementation of TLS based on SSLEngine?

Question

I'm considering the possibility to implement TLS over a non TCP connection. The idea is to use SSLEngine which provides the possibility encrypt/decrypt data to memory buffers and send them by the reliable transport we want.

I would have to implement all the handshake defined by the SSL Protocol (client hello, server hello...etc).

If I do this, how would I test that my implementation is working? Is there some "official TLS Test Suite" that I could run?

Thanks for your advices

I've used a program called TestSSLServer4,exe to verify what version of TLS my server was running. Perhaps that might do what you need. — Duston, Dec 13 '18 at 16:23
SSLEngine implements the handshake, and the rest of the TLS protocol; the only thing it doesn't implement is exactly the transport, exactly so that it can be used with transport implementations other than Java Socket. If you implement(ed) a client and server with SSLEngine that share some ordered, reliable transport, and they communicate successfully, it's working; a main point and feature of TLS is to detect any 'tampering' of the data during transport. If your transport is not TCP, of course you won't be able to interop with any standard-conforming implementation that uses TCP. — dave_thompson_085, Dec 13 '18 at 23:51

score 1 · Accepted Answer · answered Dec 13 '18 at 19:16

The fact that you explicitely exclude TCP makes things more complicated. TLS has some assumption about how the underlying transport works. You can have a look at how QUIC basically provides TLS over UDP and the constraints of it.

As for official "Test Suite" I have some ideas to offer, that will probably not work as is out of the box, because of the TCP dependency but they could be a start:

https://github.com/tomato42/tlsfuzzer is a "SSL and TLS protocol test suite and fuzzer" but it is a work in progress and most importantly it requires an HTTP server, hence TCP
https://github.com/noxxi/p5-ssl-tools does various checks, not only for HTTP
https://testssl.sh/ provides a command line tool

At a more abstract level (I do not know if they are tools using that, but they may exist), when TLS 1.3 was drafted at the same time a document was created to collect typical handshake messages, so that you can use them as examples.

Find it here: https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-vectors/

Its abstract is:

Examples of TLS 1.3 handshakes are shown. Private keys and inputs are provided so that these handshakes might be reproduced.
Intermediate values, including secrets, traffic keys and IVs are
shown so that implementations might be checked incrementally against
these values.

Author of tlsfuzzer here: while yes, TCP is required currently, HTTP is not, the tests will run fine against an echo server too — Hubert Kario, Nov 15 '19 at 00:12

How to test an implementation of TLS based on SSLEngine?

1 Answers1