Last month, I participated in the IETF 103 hackathon remotely from Mauritius. IETF 103 was held from November 3, 2018 till November 9, 2018 in Bangkok. However, we had planned to start on November 1 in order to maximize our productivity. As per the tradition, we went to a nice place to commit ourselves for the event.
The first day was pretty intense. Apart from getting the place ready, we had to get our feet wet by trying to become accustomed with the source code of the respective projects that we would be working on.
After an intensive afternoon, it was already time to have dinner!
Coincidentally, it was also Kifah’s birthday.
After cutting the cake, we continued to work till around 11:30 PM. We were all extremely tired and the summer heat was unbearable. What better way to relax other than jumping into the pool?!
The water was naturally warm due to the day-long hot temperature. Needless to say we had lots of fun in the pool well past midnight!
What is SNI ?
The next day, I worked to implement support for SNI in httperf. SNI stands for Server Name Indication. It is an extension to the TLS protocol that allows a client to specify the hostname that it’s trying to connect to. The ServerName extension is sent in the ClientHello request. (See RFC 6066)
SNI is essential because it
allows multiple hostnames to be served over HTTPS from the same IP address.
Therefore, the ServerName extension essentially enables several encrypted services to be hosted on a single IP address.
This is useful because
Without SNI, a given IP address is only capable of reliably hosting a single hostname over
https://. Since IPv4 addresses are running out, IP addresses are expensive to reserve for single domains.
[Image courtesy of GlobalSign]
The pull request (PR #64) for adding SNI to httperf was merged shortly after submitting my patch.
Some weeks before the IETF 103 hackathon, I started working on an open-source project called tls-sharp. It’s basically meant to be a TLS 1.3 (RFC 8446) stack in C#.
At the time of writing this blog post, tls-sharp is able to send a ClientHello request to the specified host and receive the ServerHello response back. The remaining parts of the handshake still need to be implemented.
Goodies from WolfSSL
During IETF 102 back in July 2018, the inter-operability team worked with different SSL/TLS libraries to see how well they work with one another. WolfSSL congratulated the team for the good job by sending us several goodies and cool stickers. Yay!
What Got Done
From the TLS 1.3 track, we have Daniel who managed to make Nmap send a ClientHello request through the Nmap Scripting Engine (NSE). See the gist here.
We also have Rahul who added an option to disable middlebox compatibility mode for TLS 1.3 in cURL (See PR #3221).
Also, my pull request (PR #64) to implement support for SNI in httperf got merged, and tls-sharp is able to send a ClientHello request and receive the ServerHello response. Wireshark was incredibly useful in testing whether our implementations were working properly.
Coming to the HTTP 451 team, Kheshav implemented HTTP 451 in Django, and Veegish and Kifah worked on their HTTP451 drupal module.
As for the SSH track, Nitin’s patch to deprecate RC4 in net-ssh received a positive response on GitHub. His changes will be adopted in the next version of net-ssh:
@jmutkawoa thanks much for the PR. Since this is in some means a breaking change, this would be in the next major version
IETF 103 was a very productive event. In addition to contributing to open-source projects, we also celebrated Kifah’s birthday. Before returning home, we did a mega splash in the pool!
We’re looking forward to the IETF 104 hackathon which is going to take place in Prague, Czech Republic, in March 2019.