google / nogotofail

An on-path blackbox network traffic security testing tool
Apache License 2.0
2.94k stars 418 forks source link

Base data handler for TLS needed #84

Closed chadbrubaker closed 8 years ago

chadbrubaker commented 9 years ago

Currently we have a lot of code that looks at TLS messages looking for configuration issues or other vulns. Instead of redoing this parsing(and any needed buffering) we should have a base class for TLS checking data handlers that handles parsing and just has methods like def on_client_tls(record): ... def on_server_tls(record): ...

In the same style as the HttpDetection handler

klyubin commented 9 years ago

Most handlers don't care about TLS records. They care about TLS handshake messages, alerts, ChangeCipherSpecs, etc.

mkenne11 commented 9 years ago

A base TLS handler that exposes TLS records that has events for Client Hello and Server Hello messages would be very helpful for some handlers I'm writing I.e. Lack of forward secrecy key exchange, and use of SHA-1.

Particularly if the handler takes care of buffering.