startergo
macrumors 603
So partial progress for SL. TLS1.2 is negotiated:
Code:
libsecurity_ssl.dylib 100% 180KB 7.3MB/s 00:00
=== Step 1: Verify patched dylib install_name ===
/tmp/libsecurity_ssl_tls12.dylib:
/tmp/libsecurity_ssl_tls12.dylib (compatibility version 0.0.0, current version 0.0.0)
/System/Library/Frameworks/Security.framework/Versions/A/Security (compatibility version 1.0.0, current version 55002.0.0)
=== Step 2: Compile ssltest (direct link + system Security baseline) ===
ssltest.c 100% 8093 3.1MB/s 00:00
stock: OK
direct: OK
======================================================
STOCK (system Security.framework)
======================================================
--- stock tls10.badssl.com prot=default ---
TCP connected to tls10.badssl.com:443
Enabled cipher count: 46
Starting TLS handshake (verbose I/O: no)...
Negotiated protocol: TLS 1.0 (enum=4)
Negotiated cipher: 0xC013
reads=0 writes=0
HTTP response: HTTP/1.1 421 Misdirected Request
FALLBACK: TLS 1.0 negotiated
--- stock www.howsmyssl.com prot=default ---
TCP connected to www.howsmyssl.com:443
Enabled cipher count: 46
Starting TLS handshake (verbose I/O: no)...
Negotiated protocol: TLS 1.0 (enum=4)
Negotiated cipher: 0x002F
reads=0 writes=0
HTTP response: H
FALLBACK: TLS 1.0 negotiated
======================================================
PATCHED (our libsecurity_ssl_tls12.dylib)
======================================================
--- TLS 1.0 forced (enum=4, regression test) ---
--- patched tls10.badssl.com prot=4 ---
TCP connected to tls10.badssl.com:443
Enabled cipher count: 9
Forcing max protocol to enum 4
Starting TLS handshake (verbose I/O: no)...
Negotiated protocol: TLS 1.0 (enum=4)
Negotiated cipher: 0x002F
reads=0 writes=0
HTTP response: HTTP/1.1 421 Misdirected Request
FALLBACK: TLS 1.0 negotiated
--- TLS 1.2 (default, howsmyssl) ---
--- patched www.howsmyssl.com prot=default ---
TCP connected to www.howsmyssl.com:443
Enabled cipher count: 9
Starting TLS handshake (verbose I/O: no)...
Negotiated protocol: TLS 1.2 (enum=8)
Negotiated cipher: 0x002F
reads=0 writes=0
SUCCESS: TLS 1.2 negotiated
--- TLS 1.2 (default, tls12.badssl.com) ---
--- patched tls12.badssl.com prot=default ---
TCP connected to tls12.badssl.com:443
Enabled cipher count: 9
Starting TLS handshake (verbose I/O: no)...
Negotiated protocol: TLS 1.2 (enum=8)
Negotiated cipher: 0x003C
reads=0 writes=0
SUCCESS: TLS 1.2 negotiated
--- TLS 1.0 forced against howsmyssl (should downgrade) ---
--- patched www.howsmyssl.com prot=4 ---
TCP connected to www.howsmyssl.com:443
Enabled cipher count: 9
Forcing max protocol to enum 4
Starting TLS handshake (verbose I/O: no)...
Negotiated protocol: TLS 1.0 (enum=4)
Negotiated cipher: 0x002F
reads=0 writes=0
HTTP response: H
FALLBACK: TLS 1.0 negotiated