Project

General

Profile

Bug #19

Investiguate use of GNUtls instead of OpenSSL

Added by Yoann VANDOORSELAERE over 15 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Low
Target version:
-
Start date:
Due date:
% Done:

0%

Resolution:
fixed

Description

The SSLv3/TLS implementation might be rewritten using GNUtls. This library has a clean API, a full featured documentation, and is licensed under LGPL, avoiding the license incompatibility faced with [[OpenSSL]].

History

#1 Updated by Yoann VANDOORSELAERE over 15 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Fixed in r3812 r3813 r3814 r3815.

- [[OpenSSL]] licensing problem.
- potential [[OpenSSL]] dual licensing incompatibility.
- [[GnuTLS]] API is cleaner in my taste.
- [[GnuTLS]] security background is much better.

Complete overhaul of the certificate handling infrastructure,
things are much cleaner, and much more safe now. Authentication
is always ciphered, and the encryption layer is dropped if UNIX
connection are used.

manager-adduser / sensor-adduser are now obsoleted and replaced
by a brand new tool called prelude-adduser handling the whole
thing.

The certificate exchange is now done using SRP, and through
a certificate request.

#2 Updated by Yoann VANDOORSELAERE over 10 years ago

  • Project changed from PRELUDE SIEM to Libprelude
  • Category deleted (1)

Also available in: Atom PDF