Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 89408
Status: resolved
Worked: 10 min
Priority: 0/
Queue: Net-SSLeay
People
Owner: MIKEM [...] cpan.org
Requestors: Steffen_Ullrich [...] genua.de
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Fri Oct 11 12:11:03 2013 Steffen_Ullrich [...] genua.de - Ticket created
Subject: support for ECDH, needed for performant perfect forward secrecy (patch included)
Hi, I'm the maintainer of IO::Socket::SSL and which to add support for perfect forward security (PFS). While it is currently possible to do PFS with simple DH it gets terribly slow when using secure DH parameters (e.g. numbits 1024 or 2048). With ECDH instead of DH it gets much faster. The attached patch adds support for the basic operations necessary to support ECDH for PFS, e.g. EC_KEY_new_by_curve_name, EC_KEY_free and SSL_CTX_set_tmp_ecdh. I would be glad if you could add the feature to the next Net::SSLeay version. Regards, Steffen
Subject: ecdh.patch
Index: typemap =================================================================== --- typemap (revision 382) +++ typemap (working copy) @@ -6,6 +6,7 @@ SSL * T_PTR RSA * T_PTR DH * T_PTR +EC_KEY * T_PTR const X509 * T_PTR const X509_CRL * T_PTR const X509_REQ * T_PTR Index: SSLeay.xs =================================================================== --- SSLeay.xs (revision 382) +++ SSLeay.xs (working copy) @@ -4127,6 +4127,23 @@ SSL_CTX * ctx RSA * rsa +#if OPENSSL_VERSION_NUMBER > 0x10000000L + +EC_KEY * +EC_KEY_new_by_curve_name(nid) + int nid + +void +EC_KEY_free(key) + EC_KEY * key + +long +SSL_CTX_set_tmp_ecdh(ctx,ecdh); + SSL_CTX * ctx + EC_KEY * ecdh + +#endif + void * SSL_get_app_data(s) SSL * s
  Fri Oct 11 18:37:21 2013 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #89408] support for ECDH, needed for performant perfect forward secrecy (patch included)
Date: Sat, 12 Oct 2013 08:37:02 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hi Steffen, Thanks for your patch. It is now in SVN and will appear in the next release. Cheers. On Friday, October 11, 2013 12:11:05 PM you wrote: Show quoted text
> Fri Oct 11 12:11:03 2013: Request 89408 was acted upon. > Transaction: Ticket created by SULLR > Queue: Net-SSLeay > Subject: support for ECDH, needed for performant perfect forward > secrecy (patch included) > Broken in: (no value) > Severity: Wishlist > Owner: Nobody > Requestors: Steffen_Ullrich@genua.de > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=89408 > > > > Hi, > I'm the maintainer of IO::Socket::SSL and which to add support for perfect > forward security (PFS). While it is currently possible to do PFS with > simple DH it gets terribly slow when using secure DH parameters (e.g. > numbits 1024 or 2048). With ECDH instead of DH it gets much faster. > > The attached patch adds support for the basic operations necessary to > support ECDH for PFS, e.g. EC_KEY_new_by_curve_name, EC_KEY_free and > SSL_CTX_set_tmp_ecdh. I would be glad if you could add the feature to the > next Net::SSLeay version. > > Regards, > Steffen
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474 Fax +61 7 5598-7070
  Fri Oct 11 18:37:22 2013 The RT System itself - Status changed from 'new' to 'open'
  Thu Dec 05 20:31:45 2013 MIKEM [...] cpan.org - TimeWorked changed from (no value) to '10'
  Thu Dec 05 20:31:46 2013 MIKEM [...] cpan.org - Status changed from 'open' to 'resolved'
  Thu Dec 05 20:31:46 2013 MIKEM [...] cpan.org - Taken