[stunnel-users] TLS-SRP patch
Kevin Sheldrake
rtfcode at gmail.com
Tue Jun 6 16:07:26 CEST 2017
Hello
I recently produced a patch that permits use of TLS-SRP; it is based on the TLS-PSK code and this blog post:
https://matthewarcus.wordpress.com/2014/05/10/srp-in-openssl/
It’s not the cleanest of code but it does work as a POC. The patch is available here:
https://github.com/rtfcode/tls-srp
The README.txt provides some info on testing the patch and how it might be used to help dev web browsers and servers that support TLS-SRP (for IoT work). There is a page on the forthcoming OWASP Summit ‘TLS for Local IoT’ workshop (for which it was developed) at:
https://owaspsummit.org/Working-Sessions/IoT/TLS-for-Local-IoT.html
In terms of using TLS-SRP support in stunnel as a proxy, it might be useful as a replacement for TLS-PSK where the credentials are user-memorable (pass phrase, for example) as TLS-SRP has lower entropy requirements than TLS-PSK. For example, the creds could be stored in the user’s head rather than in a file and be less open to compromise if a device was seized. I don’t know if that’s useful for anyone; it’s just a thought.
Thanks
Kev
More information about the stunnel-users
mailing list