Last month, I participated in the IETF 103 hackathon remotely from Mauritius along with the cyberstorm.mu team. IETF 103 was held from November 3, 2018 till November 9, 2018 in Bangkok. However, we had planned to start on November 1 in order to maximize our productivity.
As per the tradition, we went to a nice place to commit ourselves for the event. After attending my morning classes, Logan and Nitin picked me up from the university campus and we set out and got the place ready.
cyberstorm.mu championed 3 tracks for the IETF 103 hackathon, namely: TLS 1.3, SSH, HTTP 451. Our participation in the various tracks were as follows:
- Nitin Mutkawoa
- Jagveer Loky
- Diresh Soomirtee
- Kifah Meeran
- Veegeesh Ramdani
- Kheshav Sewnundun
The first day was pretty intense. Apart from getting the place ready, we had to get our feet wet by trying to become accustomed with the source code of the respective projects that we would be working on.
After an intensive afternoon, it was already time to have dinner!
Coincidentally, it was also Kifah’s birthday. Logan and Nitin had bought a birthday cake in the evening, and made the surprise to Kifah who was so elated.
After cutting the cake, we continued to work till around 11:30 PM. We were all extremely tired and the summer heat was unbearable. What better way to relax other than jumping into the pool?!
The water was naturally warm due to the day-long hot temperature. Needless to say we had lots of fun in the pool well past midnight! Also, as it was Halloween just one day before, we tried to bring some Halloween vibe to the hackathon, cyberstorm.mu style!
What is SNI ?
The next day, I worked to implement support for SNI in httperf. SNI stands for Server Name Indication. It is an extension to the TLS protocol that allows a client to specify the hostname that it’s trying to connect to. The ServerName extension is sent in the ClientHello request. (See RFC 6066)
SNI is essential because it
allows multiple hostnames to be served over HTTPS from the same IP address.
Therefore, the ServerName extension essentially enables several encrypted services to be hosted on a single IP address.
This is useful because
Without SNI, a given IP address is only capable of reliably hosting a single hostname over
https://. Since IPv4 addresses are running out, IP addresses are expensive to reserve for single domains.
[Image courtesy of GlobalSign]
The pull request (PR #64) for adding SNI to httperf was merged shortly after submitting my patch.
Some weeks before the IETF 103 hackathon, I started working on an open-source project called tls-sharp. It’s basically meant to be a TLS 1.3 (RFC 8446) stack in C#.
At the time of writing this blog post, tls-sharp is able to send a ClientHello request to the specified host and receive the ServerHello response back. The remaining parts of the handshake still need to be implemented. The git repository for tls-sharp can be accessed here.
Goodies from WolfSSL
During IETF 102 back in July 2018, the inter-operability team worked with different SSL/TLS libraries to see how well they work with one another. WolfSSL congratulated cyberstorm.mu for the good job by sending us several goodies and cool stickers. Yay!
What Got Done
From the TLS 1.3 track, we have Jeremie who managed to make Nmap send a ClientHello request through the Nmap Scripting Engine (NSE). See the gist here.
We also have Rahul who added an option to disable middlebox compatibility mode for TLS 1.3 in cURL (See PR #3221).
Also, my pull request (PR #64) to implement support for SNI in httperf got merged, and tls-sharp is able to send a ClientHello request and receive the ServerHello response. Wireshark was incredibly useful in testing whether our implementations were working properly.
Coming to the HTTP 451 team, Kheshav implemented HTTP 451 in Django, and Veegish and Kifah worked on their HTTP451 drupal module.
As for the SSH track, Nitin’s patch to deprecate RC4 in net-ssh received a positive response on GitHub. His changes will be adopted in the next version of net-ssh:
@jmutkawoa thanks much for the PR. Since this is in some means a breaking change, this would be in the next major version
As usual, Logan presented our work at the IETF meeting remotely. The presentation can be viewed below.
IETF 103 was a very productive event for cyberstorm.mu. In addition to contributing to open-source projects, we also celebrated Kifah’s birthday, Halloween, and friendship. Before returning home, we did a mega splash in the pool!
We’re looking forward to the IETF 104 hackathon which is going to take place in Prague, Czech Republic, in March 2019.