Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols
I want to recheck the project, but basically alive! (= alive ping) DS -- 4096R/DF5182C8 http://www.danielstender.com/blog/
Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols
Package: wnpp Severity: wishlist Owner: Daniel Stender* Package name: s2n Version : 0.0+git20150909.674df33 Upstream Author : Colm MacCárthaigh * URL : https://github.com/awslabs/s2n * License : Apache-2.0 Programming Lang: C Description : lightweight implementation of the TLS/SSL protocols S2N ("Signal to noise") is a C99 implementation of the TLS/SSL protocols. One of the main goals of this project is to keep the code base as lean as possible to be fast and to reduce security risks. s2n implements SSLv3, TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and 256-bit AES, in the CBC and GCM modes, 3DES, and RC4.
Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols
On Sat, Nov 14, 2015 at 11:11 PM, Daniel Stender wrote: > One of the main goals of this project is to keep the code base as lean as > possible to be fast and to reduce security risks. s2n implements SSLv3, > TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and > 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. SSLv3 and RC4 have been shown to be insecure, please disable support for these in the Debian package and talk to upstream about dropping them. -- bye, pabs https://wiki.debian.org/PaulWise
Bug#805089: ITP: s2n -- lightweight implementation of the TLS/SSL protocols
On 14.11.2015 16:21, Paul Wise wrote: > On Sat, Nov 14, 2015 at 11:11 PM, Daniel Stender wrote: > >> One of the main goals of this project is to keep the code base as lean as >> possible to be fast and to reduce security risks. s2n implements SSLv3, >> TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and >> 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. > > SSLv3 and RC4 have been shown to be insecure, please disable support > for these in the Debian package and talk to upstream about dropping > them. Yes! SSLv3 and RC4 are disabled by default for security reasons. I'll talk to upstream about this issue. Thanks, DS -- 4096R/DF5182C8 46CB 1CA8 9EA3 B743 7676 1DB9 15E0 9AF4 DF51 82C8 LPI certified Linux admin (LPI000329859 64mz6f7kt4) http://www.danielstender.com/blog/