[Ocamlnet-devel] Missing TLS features in OCamlnet 4.x

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I have started working towards supporting OCamlnet 4.x in our project.

I had to completely rewrite the TLS code, this was expected due to OCamlnet
switching to GnuTLS.

I have noticed the following issues with the current TLS code:
  * dh_params is not used in the code therefore DHE-* suites are not enabled
    - Using the *gnutls_certificate_set_dh_params* solves the issue (see
attachment for example)

  * support for elliptic curve key exchange seems disabled (ECDHE-*
suites), I have not tried an ECC certificate.
  * support for GCM algorithms is not enabled
  * sample TLS netplex configuration is missing some ";" for each sections

Do you have the same behavior? It might be linked to my GnuTLS version.
Did you manage to enable higher-end ciphersuites and PFS suites?

Thanks for the feedback.

Thomas.