Re: Secure Remote Password (SRP)

2022-10-18 Thread Tomas Mraz
The SRP support will not be removed in 3.x releases. At the earliest it
could be removed in 4.0 release. Whether there will be a replacement
for the deprecated SRP APIs at that time we cannot currently say.

So unless you absolutely require not using deprecated APIs you can
still move to 3.x releases as the existing SRP API continues to be
supported there.

Tomas Mraz, OpenSSL

On Mon, 2022-10-17 at 21:13 -0700, Norm Green wrote:
>  I'm also interested in the answer to these questions regarding SRP
> in OpenSSL v3.
>  
>  Our project still uses OpenSSL v1.1.1 with plans to move to v3 next
> year. 
>  
>  However we use SRP extensively and will not be able to move to v3 if
> SRP support is soon to be no longer available.
>  
>  Norm Green
>  GemTalk Systems LLC
>  
> On 10/17/2022 2:49 PM, Rohit Khera [C] wrote:
>  
> > I am trying to get information on versions and usage of the Secure
> > Remote Password Protocol (SRP) APIs in OpenSSLv3. 
> >  
> >    1. Are SRPv3, v6, and/or v6a supported? 
> >  
> >    1. I found the following information in the OpenSSL documents on
> > the following C API for SRP: SRP_create_verifier(),
> > SRP_user_pwd_new(), SSL_CTX_set_srp_password()
> > While the following documents the API :
> > https://www.openssl.org/docs/man3.0/man3/SRP_VBASE_new.html
> > Are there any examples of client and server programs that use these
> > interfaces in order to register and authenticate a user? 
> >  
> >    1. The docs state that the APIs are deprecated -  are new
> > versions of the APIs planned or can we expect SRP functionality to
> > be unavailable in future versions of OpenSSL? 
> >  
> > /R
> >  
> >  
>  

-- 
Tomáš Mráz, OpenSSL



Re: Secure Remote Password (SRP)

2022-10-17 Thread Norm Green
I'm also interested in the answer to these questions regarding SRP in 
OpenSSL v3.


Our project still uses OpenSSL v1.1.1 with plans to move to v3 next year.

However we use SRP extensively and will not be able to move to v3 if SRP 
support is soon to be no longer available.


Norm Green
GemTalk Systems LLC

On 10/17/2022 2:49 PM, Rohit Khera [C] wrote:


I am trying to get information on versions and usage of the Secure 
Remote Password Protocol (SRP) APIs in OpenSSLv3.


 1. Are SRPv3, v6, and/or v6a supported?

 2. I found the following information in the OpenSSL documents on the
following C API for SRP: SRP_create_verifier(),
SRP_user_pwd_new(), SSL_CTX_set_srp_password()

While the following documents the API :

https://www.openssl.org/docs/man3.0/man3/SRP_VBASE_new.html

Are there any examples of client and server programs that use these 
interfaces in order to register and authenticate a user?


 3. The docs state that the APIs are deprecated -  are new versions of
the APIs planned or can we expect SRP functionality to be
unavailable in future versions of OpenSSL?

/R