Hi Luca, Thanks for the update. I was holding out hope that someone might have taken a crack at it already.
Yes, TLS is a pretty complicated protocol that supports tons of different cipher suites and options. I certainly wouldn’t recommend reimplementing the protocol natively inside 0MQ. I’m just curious about how hard it would be for 0MQ to use (and expose) a D/TLS implementation instead of TCP / UDP? I’m guessing the primary obstacles would be dependence on an external D/TLS library (which maybe could be addressed with conditional compilation), how to have a simple 0MQ API that exposes the functionality / configurability of the D/TLS transport, and possibly objections to the security models (e.g. - X509 certs, CAs, HMAC then encrypt, etc.) of TLS itself. Thanks, John On Feb 13, 2018, at 5:42 PM, Luca Boccassi <luca.bocca...@gmail.com> wrote: Hi, The situation is the same - security is only supported through Curve or Kerberos. Not for any particular reason if not that nobody has contributed any other implementation. This is probably due to the fact that SSL is awfully, awfully complex (but I understand your requirements. -- Kind regards, Luca Boccassi _______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org https://lists.zeromq.org/mailman/listinfo/zeromq-dev
