Contact Us
+1.831.460.7010

Press Release

Maxwell Pro TLS Test Enironment tests the implementation of the underlying protocols, while Nogotofail tests how well an application is using TLS. 

SCOTTS VALLEY, CA, November 18, 2014 - The Maxwell Pro TLS Test Environment is used by design engineers, quality assurance engineers and testers to find and fix bugs in their TLS stack or engine. The tests help ensure that the TLS implementation is sufficiently robust so that it is not vulnerable to the wide range of attacks in today's Internet.

Last week Google released a new tool for testing TLS called "Nogotofail" that tests how well an application is using TLS.  According to the description on GitHub:

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

 

Google explains on their Online Security Blog, that “Google is committed to increasing the use of TLS/SSL in all applications and services”. They also explain that this tool was developed by their Android services team and has been used in house for “some time” to improve the security of apps.

InterWorking Labs applauds this move by Google, as we have been urging companies to move to TLS for months. InterWorking Labs believes that the success and the overall security of the internet resides in the correct implementation of its protocols and to do so, developers must perform robust protocol testing.

While InterWorking Labs feels Nogotofail is a step in the right direction, it is far from the complete solution developers need to ensure their TLS implementation is sufficiently robust. Nogotofail only has a few tests, and those only concentrate on some of the well-known vulnerabilities. And it mostly tests how well an application is using TLS, not so much how well the underlying TLS libraries are implemented.

While it theoretically allows users to add new tests of their own, users have always had the option of modifying existing open source code to write their own tests. Users can add or modify Maxwell Pro's TLS tests or request new tests from InterWorking Labs. With Nogotofail, users are on their own.

From InterWorking Labs standpoint, we believe that Notgotofail is a useful compliment to Maxwell Pro since there is almost no overlap in the aspects tested each tests. Maxwell Pro Tests cover both the TLS client side and the TLS server side.

Nogotofail's limited tests compliment Maxwell Pro's extensive TLS tests. For a no obligation demonstration of the Maxwell TLS tests, please contact InterWorking Labs.

InterWorking Labs provides products and solutions for network testing and emulation: SilverCreek, the SNMP Test Suite, Mini Maxwell, the Portable Network Emulator, Maxwell G, The One Gigabit Network Emulator, and Maxwell Pro, Network Emulator for real-world network application emulations and protocol impairments.