Page 1 of 1
SSL: New Report and Keeping up with the Jones
Posted: Wed Oct 15, 2014 10:38 am
by dciliske
Just to let people know, we are aware of the report issued regarding SSL 3.0 and are investigating the process to implement TLS. Can't give y'all much more info than that at this time.
And if you are not aware of the SSL 3.0 report I'm referring to, here you go:
http://googleonlinesecurity.blogspot.co ... sl-30.html
We will update you on the issue when we know more.
-Dan
Re: SSL: New Report and Keeping up with the Jones
Posted: Mon Nov 17, 2014 7:12 am
by kackle123
It's been one month; has NB made any decisions yet?
Re: SSL: New Report and Keeping up with the Jones
Posted: Mon Nov 17, 2014 3:11 pm
by Forrest
We are actively working on a TLS solution at this time.
kackle123 wrote:It's been one month; has NB made any decisions yet?
Re: SSL: New Report and Keeping up with the Jones
Posted: Sat Nov 22, 2014 8:39 am
by kackle123
Thank you, Forrest. Keep us posted.
Re: SSL: New Report and Keeping up with the Jones
Posted: Tue Jan 06, 2015 3:03 pm
by dnishimura
Do you anticipate the TLS solution to be released before mid-2015? Our products will require it since many servers have disabled SSLv3.
Re: SSL: New Report and Keeping up with the Jones
Posted: Tue Jan 06, 2015 4:01 pm
by pbreed
Dan will probably answer this as its his project...
He currently has TLS working in both server and client mode,
but is diagnosing some crashes and stability issues in some of the less used modes.
I would expect a TLS beta some time in Q1.
Re: SSL: New Report and Keeping up with the Jones
Posted: Wed Jan 07, 2015 8:50 am
by dciliske
Currently the core functionality is mostly working. The server and client modes are 95% there and correct. The main list of things that still need to be done are:
- Remove the malloc calls.
- Reduce the stack usage (Currently ~24KB of RAM).
- Get client certs working again (somehow the cert sending got broken).
- Make sure embedded cert chains are handled correctly (an issue that has been address in the previous library while working on the new one)
Items 1 and 2 are must haves before releasing the beta. Items 3 and 4 are Nice to Have's, but probably won't make it to the beta.
-Dan
Re: SSL: New Report and Keeping up with the Jones
Posted: Tue Jan 13, 2015 10:35 am
by dciliske
- Malloc removed in all but one location, where there really is no alternative, and it's used as a last resort in the event that everything else is failing and you should never actually hit it... (Hitting it is a problem, and you should redo your app if you're triggering it, it just keeps you from crashing)
- Stack usage was apparently screwed up because the size of BigNums got cranked waaaay up. Not sure why/when that happened, but it's pretty ok now.
Based on this we will likely start the beta by the end of the month.
-Dan
Re: SSL: New Report and Keeping up with the Jones
Posted: Wed Jan 14, 2015 2:01 pm
by dciliske
Main commit done, now to wait and see what the build system thinks about it...