[racket-dev] [patch] OpenSSL ECDH(E) + DHE support.

Hi. Racket's OpenSSL bindings do not currently enable the ECDH(E) and the DHE ciphers, which are needed for perfect forward secrecy. I've attached a patch that: - Embeds reasonable defaults for DHE mode. - Adds two functions, ssl-server-context-enable-dhe! and ssl-server-context-enable-ec

Re: [racket-dev] [patch] OpenSSL ECDH(E) + DHE support.

Full disclosure: I am not an OpenSSL expert and this patch is still a work in progress. I will hopefully have a more finalized patch closer to next week, but I am not qualified to audit this code. On Sun, Feb 09, 2014 at 04:40:44PM -0500, Neil Van Dyke wrote: > Edward Lee wrote at 02/08/2014

Re: [racket-dev] [patch] OpenSSL ECDH(E) + DHE support.

On Mon, Feb 10, 2014 at 06:37:56PM -0500, Ryan Culpepper wrote: > On 02/08/2014 05:52 PM, Edward Lee wrote: > >Hi. > > > >Racket's OpenSSL bindings do not currently enable the ECDH(E) and the > >DHE ciphers, which are needed for perfect forward secrecy. &

Re: [racket-dev] [patch] OpenSSL ECDH(E) + DHE support.

Here's an updated patch that that: - Fixes a few typos. - Uses Racket's I/O system to read the Diffie-Hellman parameters. Things that are not yet added in yet: - All the other elliptic curve names used in TLS. On Mon, Feb 10, 2014 at 08:36:02PM -0500, Edward Lee wrote: > O

Re: [racket-dev] [patch] OpenSSL ECDH(E) + DHE support.

andard TLS curves as defined https://tools.ietf.org/html/rfc4492#section-5.1.1 Are there any other things I should address? On Tue, Feb 11, 2014 at 10:34:53AM -0500, Edward Lee wrote: > Here's an updated patch that that: > - Fixes a few typos. > - Uses Racket's I/O syst

[racket-dev] ECDHE patch for Racket's OpenSSL bindings.

I previously submitted this patch in late January; I've not received any progress updates with regards to this patch recently - did this patch get lost between then and now? This patch adds Perfect Forward Secrecy to Racket's OpenSSL bindings. This patch has been tested on Ubuntu 12.04 (and appear

Re: [racket-dev] ECDHE patch for Racket's OpenSSL bindings.

ispensible for some of my work, dealing with myriad oddball > security protocols that no one wants to take the huge development > cost hit of coding and validating from scratch. But I don't have a > high level of confidence in the code.) > > Neil V. > > Edward Lee wrote a

Re: [racket-dev] ECDHE patch for Racket's OpenSSL bindings.

Those are accidental omissions; I've attached a patch that should fix the contract and symbol->nid. --Edward On Thu, Apr 10, 2014 at 01:39:13AM -0400, Stephen Chang wrote: > I checked out the patch and have a few questions. (I'm a non-expert.) > > How come some curves are omitted from the curve

Re: [racket-dev] ECDHE patch for Racket's OpenSSL bindings.

er question: Should BIO_new_mem_buf have an additional "#:wrap > (allocator BIO_free)" argument, similar to other allocating functions? > > More generally, should BIO_new and BIO_free have #:wrap arguments like > the other allocating/deallocating functions? > > On

Re: [racket-dev] ECDHE patch for Racket's OpenSSL bindings.

uot;!" in some of the symbols passed to error in > ssl-server-context-enable-dhe!. > > If you send a new version of the patch I'll commit that; otherwise I > can make the changes above myself when I get a chance. > > Ryan > > > On 04/11/2014 01:46 PM, Edwar