Menu
▾
▴
Re: [Ocamlnet-devel] Missing TLS features in OCamlnet 4.x
|
From: Gerd S. <in...@ge...> - 2015-05-06 20:51:47
|
Hi Thomas, Am Mittwoch, den 06.05.2015, 16:31 +0200 schrieb Thomas Calderon: > Hi, > > > I have started working towards supporting OCamlnet 4.x in our project. > > > I had to completely rewrite the TLS code, this was expected due to > OCamlnet switching to GnuTLS. > > > I have noticed the following issues with the current TLS code: > * dh_params is not used in the code therefore DHE-* suites are not > enabled > - Using the *gnutls_certificate_set_dh_params* solves the issue > (see attachment for example) Well spotted. I have some concerns about the side effect, though. There is no function to copy a certificate. > * support for elliptic curve key exchange seems disabled (ECDHE-* > suites), I have not tried an ECC certificate. > * support for GCM algorithms is not enabled I'm quite sure that I saw ECDHE and GCM in tests. I'll retest tomorrow. It is possible to de-configure these features in GnuTLS. > * sample TLS netplex configuration is missing some ";" for each > sections > > > Do you have the same behavior? It might be linked to my GnuTLS > version. > Did you manage to enable higher-end ciphersuites and PFS suites? Gerd > > Thanks for the feedback. > > > Thomas. > > > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Ocamlnet-devel mailing list > Oca...@li... > https://lists.sourceforge.net/lists/listinfo/ocamlnet-devel -- ------------------------------------------------------------ Gerd Stolpmann, Darmstadt, Germany ge...@ge... My OCaml site: http://www.camlcity.org Contact details: http://www.camlcity.org/contact.html Company homepage: http://www.gerd-stolpmann.de ------------------------------------------------------------ |
