We had a PyCA TLS sprint today! It was quite successful and productive.
Some of the things we worked on:
- Glyph made a new Automat release that has
- Glyph filed a bunch of issues for automat, and worked on feedback-loops on state transitions.
- Mark and I paired on a TLS client state machine.
- Mahmoud found and fixed an embarrassing bug in our license.
- Mahmoud looked into integration with the BoringSSL's test suite.
- Chris played with state machines and automat, and worked on the TLS server state machine.
- Mark and I investigated the crypto-related blockers to complete a handshake. We found that:
- For an anonymous handshake, we need a DH implementation to complete an anonymized handshake:
- For a non-anonymous handshake, we need to process a parsed Certificate
message to get the server's public key from the ASN.1 bytes parsed in the
- Again, pyca/cryptography has what we need:
We also exchanged a lot of interesting stories, consumed delicious food, and exchanged more stories. The two most fascinating things I learnt today involved a real-life example use of RSA Handshake and TLS SRP.