TLS - Nothing looks to be working

[Ayms]

I am using an older (modified) version of forge for https://github.com/Ayms/node-Tor, this is working well

Now this version apparently can't any longer parse certificates of real sites (ie outside of the node-Tor project), this was working before

Then I installed the latest forge code and ran into plenty of errors, starting with undefined ciphersuites (because nothing is defined in tls.js and the examples given do not work at all), then client and server do not have ciphersuites in common, while looking at the messages they have, etc ...

Well, that's not the plan for me to redebug eveything, is this project still alive and what ciphersuites are supported? Seeing that #160 and #79 (from myself) are still open is a bit worrying...

[davidlehn]

Sorry things have become out-of-date. The test suite runs, and node examples/tls.js runs. Maybe the README examples are out-of-date? The TLS code is certainly falling behind newer standards. If you have specific cert parsing problems please file issues since those might be small issues that could be addressed quickly. Larger TLS and related changes will need volunteers to write code, and importantly, good tests. The maintainers at Digital Bazaar are using many parts of forge that we actively keep working. But we're not actively using the TLS code at the moment and don't have the time and resources for major improvements. We have to depend on the community to help with that. Patches are always welcome.

[Ayms]

The older version cannot parse newer certificates and the latest one throws at each step, looks like the code was just suddenly stopped and does not/cannot match indeed the examples in the README

I will see when I have time, it's not really mandatory but too bad that the only existing js TLS implementation cannot work any longer with real sites (and, again, the DH stuff still not implemented after years does not encourage to get back into it...)

[davidlehn]

Please file an issue with an example certificate that doesn't parse.

Please file issues, and patches if possible, for README examples that don't work.

If someone is interested in the TLS or DH support and wants to offer improvements, please do. The code won't write itself. The primary maintainers can likely only offer code review help at the moment for that part of forge.

[Ayms]

Well... nothing parses, nothing works and nothing matches the README, so useless to file anything, as I said I will see if I can do something, and DH is a basic support for TLS,,I gave the code in #79 years ago and it's not there

I don't get it really, what is forge used for except tls?

[davidlehn]

Well... nothing parses, nothing works and nothing matches the README, so useless to file anything, as I said I will see if I can do something, and DH is a basic support for TLS,,I gave the code in #79 years ago and it's not there

"Nothing works" is not actionable. Please file issues with runnable failing code, and expected output, that could be fixed. Help us help you.

Someone needs to make a PR with DH code and related tests. #79 may be a start, but it's not a patch that could be merged.

I don't get it really, what is forge used for except tls?

The certificate and crypto parts of forge are used by many projects. I'm guessing the TLS support is probably one of the lesser used parts, but it's impossible to know.

[Ayms]

Correction: "nothing works for TLS in the real world", the rest is great, forge still rocks, I am using it since many years and I would bet that forge is still faster than standards, I know it very well so don't need help, just disappointed that it has not evolved more given its potential, #79 self explained itself, if I can bring something I will

[unreleased]

It is a little upsetting, wanted to write a perfect "browser matching" ClientHello but without doing some seriously heavy modification to the codebase, it's not going to happen - Would have massively preferred to do it in JS but Golang is gonna have to do :(