subject:"Bug#805089\: ITP\: s2n \-\- lightweight implementation of the TLS\/SSL protocols"

Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols

2016-03-23 Thread Daniel Stender

I want to recheck the project, but basically alive! (= alive ping)

DS

-- 
4096R/DF5182C8
http://www.danielstender.com/blog/

Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols

2015-11-14 Thread Daniel Stender

Package: wnpp
Severity: wishlist
Owner: Daniel Stender 

* Package name: s2n
  Version : 0.0+git20150909.674df33
  Upstream Author : Colm MacCárthaigh 
* URL : https://github.com/awslabs/s2n
* License : Apache-2.0
  Programming Lang: C
  Description : lightweight implementation of the TLS/SSL protocols

S2N ("Signal to noise") is a C99 implementation of the TLS/SSL protocols.
One of the main goals of this project is to keep the code base as lean as
possible to be fast and to reduce security risks. s2n implements SSLv3,
TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and
256-bit AES, in the CBC and GCM modes, 3DES, and RC4.

Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols

2015-11-14 Thread Paul Wise

On Sat, Nov 14, 2015 at 11:11 PM, Daniel Stender wrote:

> One of the main goals of this project is to keep the code base as lean as
> possible to be fast and to reduce security risks. s2n implements SSLv3,
> TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and
> 256-bit AES, in the CBC and GCM modes, 3DES, and RC4.

SSLv3 and RC4 have been shown to be insecure, please disable support
for these in the Debian package and talk to upstream about dropping
them.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols

2015-11-14 Thread Daniel Stender

On 14.11.2015 16:21, Paul Wise wrote:
> On Sat, Nov 14, 2015 at 11:11 PM, Daniel Stender wrote:
> 
>> One of the main goals of this project is to keep the code base as lean as
>> possible to be fast and to reduce security risks. s2n implements SSLv3,
>> TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and
>> 256-bit AES, in the CBC and GCM modes, 3DES, and RC4.
> 
> SSLv3 and RC4 have been shown to be insecure, please disable support
> for these in the Debian package and talk to upstream about dropping
> them.

Yes! SSLv3 and RC4 are disabled by default for security reasons. I'll talk
to upstream about this issue.

Thanks,
DS

-- 
4096R/DF5182C8
46CB 1CA8 9EA3 B743 7676 1DB9 15E0 9AF4 DF51 82C8
LPI certified Linux admin (LPI000329859 64mz6f7kt4)
http://www.danielstender.com/blog/

Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols

Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols

Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols

Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols

4 matches

Site Navigation

Mail list logo

Footer information