Posts by Quinn Slack
I just posted a patch for Python 3.3 to add TLS-SRP support (Issue #11943). This patch adds support for TLS-SRP (RFC 5054) to Python ssl.SSLSocket, _ssl.c, http, and urllib. TLS-SRP lets a client and server establish a mutually authenticated SSL channel using only a username and password (a certificate may also be used to supplement [...]
I just posted a patch for TLS-SRP support in Apache 2 mod_ssl on the wiki and as ASF Bugzilla #51075.
I updated Steffen Schulz’s NSS patch for TLS-SRP support and posted it to Bugzilla #405155. NSS (Network Security Services) is a Mozilla library that provides SSL and crypto routines to Firefox, Chrome, and lots of other apps. I modified Steffen Schulz’s patch to: use the same format for the SRP passwd and group param file [...]
I just posted an in-progress patch that adds TLS-SRP support to Chrome over at the Chromium code review site. I also posted a Chromium-discuss message announcing my progress. To install it yourself, see the TLS-SRP in Chrome wiki page.
I submitted a patch to TLS Lite that updates its TLS-SRP support to comply with RFC 5054. Read the email message to tlslite-users or download the the patch (tlslite+tls-srp-rfc5054.patch). I’ve also applied this patch to my tlslite git repository.
Looks like TLS-SRP will be in OpenSSL 1.0.1. Tom Wu’s patch at http://cvs.openssl.org/chngview?cn=20484 was finally accepted. (HT: Tom Wu and Daniel Stenberg)
cURL 7.21.4 was just released, with support for TLS-SRP. I submitted the patch for this feature (based on a previous patch by Peter Sylvester). If you are using, or are interested in using, TLS-SRP on the Web, I’d love to hear from you. I also have instructions on setting up a TLS-SRP Web server, and [...]
(Posted to curl-library) I revived a proposed patch by Peter Sylvester to add support to cURL for TLS-SRP (RFC 5054), which is mutually authenticated TLS with passwords instead of client/server certs. Peter’s patch was postponed because it relied on OpenSSL, which still doesn’t have TLS-SRP support (unlike GnuTLS, which now does). My patch exposes GnuTLS’s [...]
I’m keeping my notes on TLS and HTTP mutual authentication at trustedhttp.org.