XMLWordPrintable

    Details

      Description

      Since yassl doesn't support TLS v1.2 protcol and lacks of certain cipher and modes, it should be replaced by GnuTLS and Windows native libraries (bcrypt, schannel).

      Yassl is currently used for crypto (hash and encryption) and TLS communication, so we need to support the following components:

      Hashing:

      Replace existing hash functions (currently we have multiple function for different hash types) with generic wrapper functions:

      ma_crypto_hash(hash_algorithm,digest,source,length)

      Affects: server plugins, my_md5, my_sha1, my_sha2

      Encryption/Decryption:

      Instead of yassl the nettle library (used by GnuTLS) or bcrypt on Windows will be used. GnuTLS itself doesn't support all block cipher modes (like ECB).

      Affects: server plugins, mysys_ssl, des_encrypt, des_decrypt

      TLS communication

      Both GNUTLS and Schannel support TLS protocols v1.0, v1.1 and v1.2, session caching and handshake renegotiation. Most parts could be ported from Connector/C which already supports GnuTLS and SChannel in client mode.

      Affects: vio, status variables

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              georg Georg Richter
              Reporter:
              georg Georg Richter
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: