[stunnel-users] TLS-SRP patch

Kevin Sheldrake rtfcode at gmail.com
Tue Jun 6 16:07:26 CEST 2017


Hello

I recently produced a patch that permits use of TLS-SRP; it is based on the TLS-PSK code and this blog post:
https://matthewarcus.wordpress.com/2014/05/10/srp-in-openssl/

It’s not the cleanest of code but it does work as a POC.  The patch is available here:
https://github.com/rtfcode/tls-srp

The README.txt provides some info on testing the patch and how it might be used to help dev web browsers and servers that support TLS-SRP (for IoT work).  There is a page on the forthcoming OWASP Summit ‘TLS for Local IoT’ workshop (for which it was developed) at:
https://owaspsummit.org/Working-Sessions/IoT/TLS-for-Local-IoT.html

In terms of using TLS-SRP support in stunnel as a proxy, it might be useful as a replacement for TLS-PSK where the credentials are user-memorable (pass phrase, for example) as TLS-SRP has lower entropy requirements than TLS-PSK.  For example, the creds could be stored in the user’s head rather than in a file and be less open to compromise if a device was seized.  I don’t know if that’s useful for anyone; it’s just a thought.

Thanks

Kev




More information about the stunnel-users mailing list