Welcome! Log In Create A New Profile

Advanced

Re: Adding a second TLS implementation

February 10, 2021 09:30PM
Kevin,

BoringSSL is already for the most part supported (in code, if not
officially) if I am not mistaken

On Thu, 11 Feb 2021 at 12:02, Kevin Burke <kevin@meter.com> wrote:

> Hi,
> There has been a recent push by some members of the security community to
> try to make more critical code run in memory safe languages, because of the
> high prevalence of security issues related to memory safety, for example,
> use-after-free, double-free or heap buffer vulnerabilities.
>
> In that light, I was wondering if you'd be open to adding a second TLS
> implementation that could be used in place of OpenSSL. Ideally, the target
> would be a TLS implementation in a memory safe language, for example,
> rustls, available at https://github.com/ctz/rustls. Curl just merged a
> patch to support the rustls backend.
>
> This would require a lot of changes to make the TLS implementation
> portable so before investigating it I figured I would see if you're open to
> it at all.
>
> Kevin
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Adding a second TLS implementation

Kevin Burke 187 February 10, 2021 08:04PM

Re: Adding a second TLS implementation

splitice 103 February 10, 2021 09:30PM

Re: Adding a second TLS implementation

Maxim Dounin 82 February 10, 2021 09:40PM

Re: Adding a second TLS implementation

Kevin Burke 77 February 10, 2021 11:10PM

Re: Adding a second TLS implementation

Maxim Dounin 109 February 11, 2021 08:30AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 70
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready