Hi all,
I'm currently implementing draft-ietf-tls-srp-13 in NSS/SSL. I did not find suitable test programs. I mean something like "openssl" or "gnutls-cli". It seems I would have to dig through the test shell scripts and programming examples to find or program such a tool and make it find the nss libs it needs. My primary goal was to get a working implementation of Firefox+SRP. That's why I have been working with the latest mozilla/firefox from CVS until now. All proposed ciphersuites are currently working with OpenSSL+SRP as server and hardcoded login/passwd. Now I have to implement a new callback function that provides the user login to NSS/SSL. And I think it might be better to be able to test it inside the NSS distribution only(input validation, better control over SSL states). So, is there a tool like openssl/gnutls-cli somewhere? Or a simple CLI client outside the NSS distribution? I also have a question concerning the implementation. As far as I can see, the PKCS11 interface is only useful if there is cryptographic hardware installed? I can not see an advantage to the SRP protocol, as it does not need certificates or secret keys. My problem is that the PK11-stuff looks rather complex. I was not able to compute the pre-master secret using PK11, so currently only the bypass-path is working. And even with opt.bypass set, the cipher-suite lookup fails due to missing PK11 support. I suppose, this is a problem? How are these PK11 slots supposed to work? I've also left out the server support, as it is not part of the university project. But I don't think it would be much work, now that I know how everything is supposed to work. If you would consider the project to be included into NSS, I will do what I can to improve the patch so it can be included. I can provide diffs to firefox cvs head, but the code still needs work and cleanup. My first larger project, any comments appreciated. Regards, Steffen SRP project: http://srp.stanford.edu/ TLS-SRP draft: http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-13.txt -- [EMAIL PROTECTED] gpg --recv-key A04D7875 Key fingerprint: B805 57BE E4AF 0104 CC51 77A1 CE6F 8D46 A04D 7875 _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
