Hi Luca,

Thanks for the update.  I was holding out hope that someone might have taken a 
crack at it already.

Yes, TLS is a pretty complicated protocol that supports tons of different 
cipher suites and options.  I certainly wouldn’t recommend reimplementing the 
protocol natively inside 0MQ.

I’m just curious about how hard it would be for 0MQ to use (and expose) a D/TLS 
implementation instead of TCP / UDP?

I’m guessing the primary obstacles would be dependence on an external D/TLS 
library (which maybe could be addressed with conditional compilation), how to 
have a simple 0MQ API that exposes the functionality / configurability of the 
D/TLS transport, and possibly objections to the security models (e.g. - X509 
certs, CAs, HMAC then encrypt, etc.) of TLS itself.


On Feb 13, 2018, at 5:42 PM, Luca Boccassi <luca.bocca...@gmail.com> wrote:


The situation is the same - security is only supported through Curve or

Not for any particular reason if not that nobody has contributed any
other implementation. This is probably due to the fact that SSL is
awfully, awfully complex (but I understand your requirements.

Kind regards,
Luca Boccassi
zeromq-dev mailing list

Reply via email to