ekrishnamohan
asked on
can we port OPENSSL into FREEBSD kernel? just the TLSV1 stack alone
I am looking for porting the OPENSSL to kernel with or without the crypto engine support available in FREEBSD 9.1. can u advice if it is possible? if it is possible, what is the minimum set of files required for porting the TLSV1 alone?
Thanks
Krishna Mohan.
Thanks
Krishna Mohan.
Dave Baldwin
Are you sure it's not already there? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html#openssl If it is not, you should be able to get it thru the Package Manager which will make sure that you get a compatible version.
ASKER
HI Dave,
it is not there for kernel. I am looking porting openssl only to kernel.
THanks
Krishna Mohan.
it is not there for kernel. I am looking porting openssl only to kernel.
THanks
Krishna Mohan.
Openssl deals with encryption methods and , TLS is an application level transport method
What application do you want to limit to tlsv1 versus both TLS/SSLv2, v3?
What application do you want to limit to tlsv1 versus both TLS/SSLv2, v3?
From http://www.openssl.org/ ...
http://www.freebsd.org/releases/9.1R/relnotes-detailed.html
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.It is usually included with most Linux distributions to implement those functions. OpenSSL version 0.9.8 is included with FREEBSD 9.1.
http://www.freebsd.org/releases/9.1R/relnotes-detailed.html
ASKER
Dear Arnold,
We want to port it to the kernel. As of now, it is available in user space. We would like to support only TLSV1 with NIST cipher list as bare minimum. For this, we needed help to find if it is feasible, if feasible how we can do it.
Thanks
Krishna Mohan.
We want to port it to the kernel. As of now, it is available in user space. We would like to support only TLSV1 with NIST cipher list as bare minimum. For this, we needed help to find if it is feasible, if feasible how we can do it.
Thanks
Krishna Mohan.
Disabling cyphers is part of the config within openssl.conf.
I am not sure why you would want to place/integrate openssl into the kernel.
An old discussion just on this matter
http://marc.info/?l=openssl-users&m=97931343106136
What do you think/hope to achieve?
Openssl is more of a library on which other applications rely/depend to add certain functionality.
Updates to openssl at times occur frequently. This will require a rapid update to the kernel.
I am not sure why you would want to place/integrate openssl into the kernel.
An old discussion just on this matter
http://marc.info/?l=openssl-users&m=97931343106136
What do you think/hope to achieve?
Openssl is more of a library on which other applications rely/depend to add certain functionality.
Updates to openssl at times occur frequently. This will require a rapid update to the kernel.
ASKER
HI Arnold,
Thanks for the pointer in openssl-users mail chain. This is for a storage box to act as SSL Server. Sorry for not disclosing company details. Due to performance reasons, we would like the SSL stack to be in kernel. I didn't see any risks with ciphers being ported to kernel. Porting looks like tough with SSL stack. I am looking for porting the entire openssl/partial set which supports NIST cipher list to kernel, though updating risks are present. Even if there is a alternate to openssl, we are open to try it out.
Thanks in advance
Krishna Mohan.
Thanks for the pointer in openssl-users mail chain. This is for a storage box to act as SSL Server. Sorry for not disclosing company details. Due to performance reasons, we would like the SSL stack to be in kernel. I didn't see any risks with ciphers being ported to kernel. Porting looks like tough with SSL stack. I am looking for porting the entire openssl/partial set which supports NIST cipher list to kernel, though updating risks are present. Even if there is a alternate to openssl, we are open to try it out.
Thanks in advance
Krishna Mohan.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What is an "SSL Server"? SSL/TLS are for encrypting network communications. There is also the matter of generating and validating SSL/TLS certificates. ??
ASKER
I didn't got full solution. Part is answered.