Re: [Ocamlnet-devel] Missing TLS features in OCamlnet 4.x

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Gerd,

On Wed, May 6, 2015 at 10:51 PM, Gerd Stolpmann <in...@ge...>
wrote:

> Hi Thomas,
>
> Am Mittwoch, den 06.05.2015, 16:31 +0200 schrieb Thomas Calderon:
> > Hi,
> >
> >
> > I have started working towards supporting OCamlnet 4.x in our project.
> >
> >
> > I had to completely rewrite the TLS code, this was expected due to
> > OCamlnet switching to GnuTLS.
> >
> >
> > I have noticed the following issues with the current TLS code:
> >   * dh_params is not used in the code therefore DHE-* suites are not
> > enabled
> >     - Using the *gnutls_certificate_set_dh_params* solves the issue
> > (see attachment for example)
>
> Well spotted. I have some concerns about the side effect, though. There
> is no function to copy a certificate.
>

I am not following you on this. Why would you want to copy the certificate?

>
> >   * support for elliptic curve key exchange seems disabled (ECDHE-*
> > suites), I have not tried an ECC certificate.
> >   * support for GCM algorithms is not enabled
>
> I'm quite sure that I saw ECDHE and GCM in tests. I'll retest tomorrow.
>
It might be related to the GnuTLS version mess on my machine (Ubuntu has
two versions installed).
Let me know the results of your test.

> It is possible to de-configure these features in GnuTLS.
>
> >   * sample TLS netplex configuration is missing some ";" for each
> > sections
> >
> >
> > Do you have the same behavior? It might be linked to my GnuTLS
> > version.
> > Did you manage to enable higher-end ciphersuites and PFS suites?
>
> Gerd
>
> >
> > Thanks for the feedback.
> >
> >
> > Thomas.
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > One dashboard for servers and applications across Physical-Virtual-Cloud
> > Widest out-of-the-box monitoring support with 50+ applications
> > Performance metrics, stats and reports that give you Actionable Insights
> > Deep dive visibility with transaction tracing using APM Insight.
> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > _______________________________________________
> > Ocamlnet-devel mailing list
> > Oca...@li...
> > https://lists.sourceforge.net/lists/listinfo/ocamlnet-devel
>
> --
> ------------------------------------------------------------
> Gerd Stolpmann, Darmstadt, Germany    ge...@ge...
> My OCaml site:          http://www.camlcity.org
> Contact details:        http://www.camlcity.org/contact.html
> Company homepage:       http://www.gerd-stolpmann.de
> ------------------------------------------------------------
>
>