Re: libtls: Secure default cipher list and dtls support
On Fr, 2014-11-28 at 03:42 +1100, Joel Sing wrote: On Thu, 27 Nov 2014, Manuel Schoelling wrote: [...] I also noticed that libtls is currently supporting SOCK_STREAM (TLS) connections only. Is the support of SOCK_DGRAM (DTLS) connections within the scope of this library and would patches be accepted? I do not have any objection to supporting datagram sockets, however it is not a primary interest/focus and there are many things that would likely get implemented prior to looking at it. That said, if you have a use case for it and can make it fit with the API, we'll happy review diffs. I implemented DTLS support now and it fits quite well to the current API. A few days ago I opened a pull request on github [1] since I've seen that other patches were applied to libressl in the same manner. If you guys prefer patches via mailing list let me know. It would be great to get some feedback to the patch, to hear what I can improve it and to see what the chances are for you to apply this patch. Thanks! Manuel [1] https://github.com/libressl-portable/openbsd/pull/17
Re: libtls: Secure default cipher list and dtls support
On Thu, 27 Nov 2014, Manuel Schoelling wrote: Hi, I hope this is the right mailing list for discussing this issue. I could not find any information about a mailing list on libressl.org. Here is fine. It currently looks like the libtls version does not set a list of secure ciphers by default (e.g. that does not include MD5 or SHA-1). Would it be a reasonable idea to include secure defaults in libtls? Yes - there are plans for this. I also noticed that libtls is currently supporting SOCK_STREAM (TLS) connections only. Is the support of SOCK_DGRAM (DTLS) connections within the scope of this library and would patches be accepted? I do not have any objection to supporting datagram sockets, however it is not a primary interest/focus and there are many things that would likely get implemented prior to looking at it. That said, if you have a use case for it and can make it fit with the API, we'll happy review diffs. -- Action without study is fatal. Study without action is futile. -- Mary Ritter Beard
libtls: Secure default cipher list and dtls support
Hi, I hope this is the right mailing list for discussing this issue. I could not find any information about a mailing list on libressl.org. It currently looks like the libtls version does not set a list of secure ciphers by default (e.g. that does not include MD5 or SHA-1). Would it be a reasonable idea to include secure defaults in libtls? I also noticed that libtls is currently supporting SOCK_STREAM (TLS) connections only. Is the support of SOCK_DGRAM (DTLS) connections within the scope of this library and would patches be accepted? Thanks Manuel