I previously submitted this patch in late January; I've not received any
progress updates with regards to this patch recently - did this patch
get lost between then and now?
This patch adds Perfect Forward Secrecy to Racket's OpenSSL bindings.
This patch has been tested on Ubuntu 12.04 (and
* Is anyone up to auditing the C code? To support my earlier concern
(http://lists.racket-lang.org/dev/archive/2014-February/013935.html;),
you've probably heard in the last few days about a C oops bug in OpenSSL
that has compromised the private keys of 2/3 of the Internet for over a
year
My patch does not include any C code; I have not audited any existing
OpenSSL code, but to the best of my knowledge, OpenSSL + (EC)DHE is
commonly used across webservers today.
To answer your second point, the
perfect forward secrecy extensions are disabled by default, and
must be explicitly
Edward, your patch sounds OK to me, FWIW.
Neil V.
_
Racket Developers list:
http://lists.racket-lang.org/dev
I checked out the patch and have a few questions. (I'm a non-expert.)
How come some curves are omitted from the curve/c contract (eg
sect163k1 and sect193r2)?
Is there also a curve missing from symbol-nid (eg sect571r1)?
On Wed, Apr 9, 2014 at 7:52 PM, Neil Van Dyke n...@neilvandyke.org wrote:
5 matches
Mail list logo