Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 89408
Status: resolved
Worked: 10 min
Priority: 0/
Queue: Net-SSLeay

People
Owner: MIKEM [...] cpan.org
Requestors: Steffen_Ullrich [...] genua.de
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: support for ECDH, needed for performant perfect forward secrecy (patch included)
Download (untitled) / with headers
text/plain 544b
Hi, I'm the maintainer of IO::Socket::SSL and which to add support for perfect forward security (PFS). While it is currently possible to do PFS with simple DH it gets terribly slow when using secure DH parameters (e.g. numbits 1024 or 2048). With ECDH instead of DH it gets much faster. The attached patch adds support for the basic operations necessary to support ECDH for PFS, e.g. EC_KEY_new_by_curve_name, EC_KEY_free and SSL_CTX_set_tmp_ecdh. I would be glad if you could add the feature to the next Net::SSLeay version. Regards, Steffen
Subject: ecdh.patch
Download ecdh.patch
text/x-diff 781b
Index: typemap =================================================================== --- typemap (revision 382) +++ typemap (working copy) @@ -6,6 +6,7 @@ SSL * T_PTR RSA * T_PTR DH * T_PTR +EC_KEY * T_PTR const X509 * T_PTR const X509_CRL * T_PTR const X509_REQ * T_PTR Index: SSLeay.xs =================================================================== --- SSLeay.xs (revision 382) +++ SSLeay.xs (working copy) @@ -4127,6 +4127,23 @@ SSL_CTX * ctx RSA * rsa +#if OPENSSL_VERSION_NUMBER > 0x10000000L + +EC_KEY * +EC_KEY_new_by_curve_name(nid) + int nid + +void +EC_KEY_free(key) + EC_KEY * key + +long +SSL_CTX_set_tmp_ecdh(ctx,ecdh); + SSL_CTX * ctx + EC_KEY * ecdh + +#endif + void * SSL_get_app_data(s) SSL * s
Subject: Re: [rt.cpan.org #89408] support for ECDH, needed for performant perfect forward secrecy (patch included)
Date: Sat, 12 Oct 2013 08:37:02 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 1.3k
Hi Steffen, Thanks for your patch. It is now in SVN and will appear in the next release. Cheers. On Friday, October 11, 2013 12:11:05 PM you wrote: Show quoted text
> Fri Oct 11 12:11:03 2013: Request 89408 was acted upon. > Transaction: Ticket created by SULLR > Queue: Net-SSLeay > Subject: support for ECDH, needed for performant perfect forward > secrecy (patch included) > Broken in: (no value) > Severity: Wishlist > Owner: Nobody > Requestors: Steffen_Ullrich@genua.de > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=89408 > > > > Hi, > I'm the maintainer of IO::Socket::SSL and which to add support for perfect > forward security (PFS). While it is currently possible to do PFS with > simple DH it gets terribly slow when using secure DH parameters (e.g. > numbits 1024 or 2048). With ECDH instead of DH it gets much faster. > > The attached patch adds support for the basic operations necessary to > support ECDH for PFS, e.g. EC_KEY_new_by_curve_name, EC_KEY_free and > SSL_CTX_set_tmp_ecdh. I would be glad if you could add the feature to the > next Net::SSLeay version. > > Regards, > Steffen
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474 Fax +61 7 5598-7070


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.