Smalltalk Cincom VisualWorks

[VW 7.9 TLS] How do you specify cipher suite criteria?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Terry Raymond
Reply | Threaded
Open this post in threaded view
|

[VW 7.9 TLS] How do you specify cipher suite criteria?

Terry Raymond

I want to use TLS_RSA_WITH_RC4_128_MD5 but there is no documentation

on how to specify the criteria.

 

Does anyone know how to do this?

 

Terry

 

===========================================================

Terry Raymond

Crafted Smalltalk

80 Lazywood Ln.

Tiverton, RI  02878

(401) 624-4517      [hidden email]

===========================================================

 


_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
mkobetic
Reply | Threaded
Open this post in threaded view
|

Re: [VW 7.9 TLS] How do you specify cipher suite criteria?

mkobetic
I admit the docs could provide more details on specifics of TLSContext configuration. My hope was that it would be sufficiently easy to figure out from the instance creation methods on TLSContext. Regarding suites specifically, the context has a #suites: accessor that takes an array of TLSCipherSuite constants. So if you don't want the default setup, you can specify your own. Note that the order in the array is significant, it should be ordered from the most desired one to the least. Any specific suite can be obtained via its long standard name, e.g.

        TLSCipherSuite TLS_RSA_WITH_RC4_128_MD5

There is also an attempt to provide a way to specify suites in groups based on some criteria, e.g.

        TLSCipherSuite suites: #(rsa (rc4) aes (rsa dh) des (rsa dh))

Which translates to "any RSA suite with RC4 or any AES suite with either RSA or DH or any DES suite with either RSA or DH". The criteria keywords come from the class side SuitesByCategory registry. This isn't even mentioned in the docs because honestly I'm not entirely sure about this facility. I'm after something reasonably simple and obvious yet with necessary expressive power (whatever that means). OpenSSL has its own syntax for this, but I find it quite cryptic. On the other hand if it was reasonably established, we could certainly support that. I'd welcome any feedback on this.

Martin

"Terry Raymond"<[hidden email]> wrote:

> I want to use TLS_RSA_WITH_RC4_128_MD5 but there is no documentation
>
> on how to specify the criteria.
>
>  
>
> Does anyone know how to do this?
>
>  
>
> Terry
>
>  
>
> ===========================================================
>
> Terry Raymond
>
> Crafted Smalltalk
>
> 80 Lazywood Ln.
>
> Tiverton, RI  02878
>
> (401) 624-4517      [hidden email]
>
> ===========================================================
>
>  
>
>
> _______________________________________________
> vwnc mailing list
> [hidden email]
> http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
>


_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Terry Raymond
Reply | Threaded
Open this post in threaded view
|

Re: [VW 7.9 TLS] How do you specify cipher suite criteria?

Terry Raymond
When I tried the first technique the result would not print because the name
had not been set.

I gave up on trying to figure out how to make the second technique work.

With a little poking around I ended up using
        Xtreams.TLSCipherSuite fromCode: 4.
The result had the name set.

Terry

===========================================================
Terry Raymond
Crafted Smalltalk
80 Lazywood Ln.
Tiverton, RI  02878
(401) 624-4517      [hidden email]
===========================================================

> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]
> Sent: Friday, October 19, 2012 11:28 AM
> To: Terry Raymond
> Cc: VWNC
> Subject: Re: [vwnc] [VW 7.9 TLS] How do you specify cipher suite criteria?
>
> I admit the docs could provide more details on specifics of TLSContext
> configuration. My hope was that it would be sufficiently easy to figure
out
> from the instance creation methods on TLSContext. Regarding suites
> specifically, the context has a #suites: accessor that takes an array of
> TLSCipherSuite constants. So if you don't want the default setup, you can
> specify your own. Note that the order in the array is significant, it
should be
> ordered from the most desired one to the least. Any specific suite can be
> obtained via its long standard name, e.g.
>
> TLSCipherSuite TLS_RSA_WITH_RC4_128_MD5
>
> There is also an attempt to provide a way to specify suites in groups
based on
> some criteria, e.g.
>
> TLSCipherSuite suites: #(rsa (rc4) aes (rsa dh) des (rsa dh))
>
> Which translates to "any RSA suite with RC4 or any AES suite with either
RSA
> or DH or any DES suite with either RSA or DH". The criteria keywords come
> from the class side SuitesByCategory registry. This isn't even mentioned
in
> the docs because honestly I'm not entirely sure about this facility. I'm
after
> something reasonably simple and obvious yet with necessary expressive
> power (whatever that means). OpenSSL has its own syntax for this, but I
find
> it quite cryptic. On the other hand if it was reasonably established, we
could

> certainly support that. I'd welcome any feedback on this.
>
> Martin
>
> "Terry Raymond"<[hidden email]> wrote:
> > I want to use TLS_RSA_WITH_RC4_128_MD5 but there is no
> documentation
> >
> > on how to specify the criteria.
> >
> >
> >
> > Does anyone know how to do this?
> >
> >
> >
> > Terry
> >
> >
> >
> >
> ==========================================================
> =
> >
> > Terry Raymond
> >
> > Crafted Smalltalk
> >
> > 80 Lazywood Ln.
> >
> > Tiverton, RI  02878
> >
> > (401) 624-4517      [hidden email]
> >
> >
> ==========================================================
> =
> >
> >
> >
> >
> > _______________________________________________
> > vwnc mailing list
> > [hidden email]
> > http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
> >




_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Holger Kleinsorgen
Reply | Threaded
Open this post in threaded view
|

Re: [VW 7.9 TLS] How do you specify cipher suite criteria?

Holger Kleinsorgen
In reply to this post by mkobetic
mkobetic wrote
I'm after something reasonably simple and obvious yet with necessary expressive power (whatever that means). OpenSSL has its own syntax for this, but I find it quite cryptic. On the other hand if it was reasonably established, we could certainly support that. I'd welcome any feedback on this.
Simple and expressive, that sounds like a select block:

     TLSContext newClientWithSuitesMatching: [ : suite | suite cipher = 'AES' and: [ suite keyExchange = 'RSA ]]

The mames might need some streamlining, some are strings (e.g. cipher), others symbols (e.g. keyExchange).

Some convenience accessor like #aes and #rsa could make the block shorter:

   TLSContext newClientWithSuitesMatching: [ : suite | suite aes and: [ suite rsa ]]

Steven Kelly
Reply | Threaded
Open this post in threaded view
|

Re: [VW 7.9 TLS] How do you specify cipher suite criteria?

Steven Kelly
Re: [vwnc] [VW 7.9 TLS] How do you specify cipher suite criteria?

Holger Kleinsorgen wrote:
>mkobetic wrote
>> TLSCipherSuite suites: #(rsa (rc4) aes (rsa dh) des (rsa dh))
>> I'm after something reasonably simple and obvious yet with necessary


>> expressive power (whatever that means).
>
> Simple and expressive, that sounds like a select block:
>
>     TLSContext newClientWithSuitesMatching:
>         [ : suite | suite cipher = 'AES' and: [ suite keyExchange = 'RSA ]]
>
> The mames might need some streamlining, some are strings (e.g. cipher),
> others symbols (e.g. keyExchange).
>
> Some convenience accessor like #aes and #rsa could make the block shorter:
>
>    TLSContext newClientWithSuitesMatching:
>       [ : suite |  suite aes and: [suite rsa ]]

I'm a big fan of turning code into data, but that's a great example of how turning data into code can sometimes be better. I wonder can we go even further - more as a thought experiment than a serious suggestion for TLS. If we could make the block be executed in the context of the suite, it could use class instance variables or even instance variables directly:
TLSContext newClientWithSuitesMatching: 
    [aes & rsa]

Syntantically that's about as clean as Martin's data-based format, but being code, it can do a lot more when necessary. However, changing the context like this isn't familiar in Smalltalk - "self" would now be the suite, not the original receiver:
 
TLSContext newClientWithSuitesMatching:
   [aes & rsa & self isFast]
 
There'd then also be no way to refer to the original receiver: you'd have to use thisContext, or define oldSelf := self before the block:
 
| oldSelf |
oldSelf := self.
TLSContext newClientWithSuitesMatching:
  [aes & rsa & (self isFast | oldSelf canUseSlowSuite)]
 
In another language, I've seen a way around this: let me try to explain. In MetaEdit+'s MERL DSL, the equivalent of "self" is "id". If you want to refer to a property (instance variable) of it, you can just write ":myProperty" - no need for "id :myProperty" or "id.myProperty". MERL also lets you refer to "self" from an enclosing block, with "id;1" (and two blocks out "id;2" etc.). This syntax also applies to properties and other "methods" - e.g. ":myProperty;1" - solving the TLS block context problem above:
 
TLSContext newClientWithSuitesMatching:
   [aes & rsa & (isFast | canUseSlowSuite;1)]
 
Interestingly, the vast majority of times you need to refer to something else, it's either directly in the object where you are, or in the immediately enclosing block. Go much further afield, and you find yourself breaking some kind of corollary of the Law of Demeter. For the first 15 years of MERL's existence, we didn't even have variables!
 
Think about it: how many times do you have blocks that define a block variable, and the only variable used within that block is the block variable, as the receiver of one or more messages - like [:suite | suite aes and: [suite rsa]] above. This situation is what makes Symbol>>value: so useful, but once you learn to enjoy that it can be frustrating that it can only handle the simplest of cases - you can't write "#aes & #rsa". By automatically changing the context of each iterating block to the iterated element, allowing that as an implicit receiver of method sends, and giving a short syntax to access the receiver within enclosing blocks, you can get significant benefits - at least for some kinds of code.
 
Of course I'm not suggesting that Smalltalk should be changed to use this syntax, but it might be a fun experiment to see if it could be made to work, and if so in which areas it would be found useful. MERL is designed for turning rather highly interlinked object structures into text - it's a reporting and code generation language - and that's actually one area where Smalltalk doesn't really have a good solution. String concatenation, streams and string macros let you get the job done, but never feel as nice to me as other areas of Smalltalk. I wonder...
 
Steve

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Holger Kleinsorgen
Reply | Threaded
Open this post in threaded view
|

Re: [VW 7.9 TLS] How do you specify cipher suite criteria?

Holger Kleinsorgen
Steven Kelly wrote
Holger Kleinsorgen wrote:
>mkobetic wrote

I'm a big fan of turning code into data, but that's a great example of how turning data into code can sometimes be better. I wonder can we go even further - more as a thought experiment than a serious suggestion for TLS. If we could make the block be executed in the context of the suite, it could use class instance variables or even instance variables directly:

TLSContext newClientWithSuitesMatching:
    [aes & rsa]

Syntantically that's about as clean as Martin's data-based format, but being code, it can do a lot more when necessary. However, changing the context like this isn't familiar in Smalltalk - "self" would now be the suite, not the original receiver:
 
TLSContext newClientWithSuitesMatching:
   [aes & rsa & self isFast]
By replacing blocks with unary message selectors, one could write:

  TLSContext newClientWithSuitesMatching: #rsa

Then add boolean operators to combine criteria, e.g.
 
   TLSContext newClientWithSuitesMatching: #rsa && #rc4
   TLSContext newClientWithSuitesMatching: #rsa && (#md5 || #sha256)
Holger Kleinsorgen
Reply | Threaded
Open this post in threaded view
|

Re: [VW 7.9 TLS] How do you specify cipher suite criteria?

Holger Kleinsorgen
Holger Kleinsorgen wrote
Steven Kelly wrote
Holger Kleinsorgen wrote:
>mkobetic wrote

I'm a big fan of turning code into data, but that's a great example of how turning data into code can sometimes be better. I wonder can we go even further - more as a thought experiment than a serious suggestion for TLS. If we could make the block be executed in the context of the suite, it could use class instance variables or even instance variables directly
By replacing blocks with unary message selectors, one could write:

  TLSContext newClientWithSuitesMatching: #rsa

Then add boolean operators to combine criteria, e.g.
 
   TLSContext newClientWithSuitesMatching: #rsa && #rc4
   TLSContext newClientWithSuitesMatching: #rsa && (#md5 || #sha256)
Here is a qui(r/c)kish example:

https://dl.dropbox.com/u/21555916/smalltalk/TLSSuiteExpressions.zip

Load parcel TLSSuiteExpressions, then evaluate stuff like

TLSCipherSuite suitesMatching: #sha & (#aes | #tripleDES) & #rsa
TLSCipherSuite suitesMatching: #rsa & #isWeak not & #isEncrypted
Free forum by Nabble Edit this page