Hello I recently produced a patch that permits use of TLS-SRP; it is based on the TLS-PSK code and this blog post: https://matthewarcus.wordpress.com/2014/05/10/srp-in-openssl/
It’s not the cleanest of code but it does work as a POC. The patch is available here: https://github.com/rtfcode/tls-srp The README.txt provides some info on testing the patch and how it might be used to help dev web browsers and servers that support TLS-SRP (for IoT work). There is a page on the forthcoming OWASP Summit ‘TLS for Local IoT’ workshop (for which it was developed) at: https://owaspsummit.org/Working-Sessions/IoT/TLS-for-Local-IoT.html In terms of using TLS-SRP support in stunnel as a proxy, it might be useful as a replacement for TLS-PSK where the credentials are user-memorable (pass phrase, for example) as TLS-SRP has lower entropy requirements than TLS-PSK. For example, the creds could be stored in the user’s head rather than in a file and be less open to compromise if a device was seized. I don’t know if that’s useful for anyone; it’s just a thought. Thanks Kev _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
