[zeromq-dev] Experimental TLS transport

[Pieter Hintjens]

Hi Lourens,

Nice to see this code emerge into daylight! You might want to add the
link here: http://www.zeromq.org/topics:encryption

And IMO it'd be worth putting your notes into the source tree so
people getting the code know what to do with it.

-Pieter



On Tue, Apr 16, 2013 at 1:53 PM, Lourens Naudé
<lourens at methodmissing.com> wrote:
> Hi Guys,
>
> I synced my a TLS ( OpenSSL ) branch I've been working on ( well mostly
> "off" than "on" due to time constraints ) the last few months as I've hit a
> wall with some issues and was wondering if there's anyone in the community
> with experience with OpenSSL, specifically :
>
> * Async OpenSSL
> * OpenSSL + threads ( there's still a nondeterministic issue that can be
> reproduced with tests, but it's evading me )
> * OpenSSL on windows
>
> I'm also not sure if any of this would apply moving forward as I noticed
> Pieter's working on a new auth and security layer and noticed the
> discussions around a newer ZMTP 3.0 spec ( http://hintjens.com/blog:39 ).
>
> Branch :
>
> https://github.com/methodmissing/libzmq/tree/tls
>
> Diff with current master :
>
> https://github.com/methodmissing/libzmq/compare/tls
>
> To build ( it's fully backwards compatible with master otherwise ) :
>
> "./configure --with-tls"
>
> Pending items :
>
> * Haven't been tested on Windows
> * Depends on system OpenSSL installation
> * Support for tls:// in /perf
> * Default certificates ?
> * There's still some non-deterministic edge cases on connector shutdown
> despite the OpenSSL static locks implemented ( triggers100% CPU from within
> OpenSSL - mostly SSL_free )
>
> Anyways - just wanted to put this out there to see if there's still an
> interest and if someone more knowledgeable could lend a hand ...
>
> - Lourens
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>