Hello all, I noticed WolfSSL has TLS 1.3, its other features seem decent too (1/20 size OpenSSL, ANSI C). However, I couldnt find any links on Gemini or HTTP concerning any implementations or tools using it. Any ideas regarding it? Would it be worth me developing clients and servers in it? I get the idea that some of the other TLS approaches have a lot of cruft given their scale and predisposition to non-Germini protocols and it would interest me to embed from a bespoke Gemini only compilation. Would such a project be a ballache? Any other suggestions? ==================== Jonathan McHugh indieterminacy@libre.brussels (mailto:indieterminacy@libre.brussels)
On 10/23/2021 11:33 AM, Jonathan McHugh wrote: > Hello all, > > I noticed WolfSSL has TLS 1.3, its other features seem decent too (1/20 size OpenSSL, ANSI C). > > However, I couldnt find any links on Gemini or HTTP concerning any implementations or tools using it. > > Any ideas regarding it? > > Would it be worth me developing clients and servers in it? I get the idea that some of the other TLS approaches have a lot of cruft given their scale and predisposition to non-Germini protocols and it would interest me to embed from a bespoke Gemini only compilation. > > Would such a project be a ballache? > > Any other suggestions? > > ==================== > Jonathan McHugh > indieterminacy@libre.brussels <mailto:indieterminacy@libre.brussels> I would consider the effort to be worth it.
I'm in the process of overhauling much of MoonGem currently, and would not mind doing away with the ugly OpenSSL boilerplate in the process. I'll check it out. panda-roux On October 23, 2021 6:35:12 PM UTC, stern <stern@tilde.club> wrote: >On 10/23/2021 11:33 AM, Jonathan McHugh wrote: >> Hello all, >> >> I noticed WolfSSL has TLS 1.3, its other features seem decent too (1/20 >> size OpenSSL, ANSI C). >> >> However, I couldnt find any links on Gemini or HTTP concerning any >> implementations or tools using it. >> >> Any ideas regarding it? >> >> Would it be worth me developing clients and servers in it? I get the >> idea that some of the other TLS approaches have a lot of cruft given >> their scale and predisposition to non-Germini protocols and it would >> interest me to embed from a bespoke Gemini only compilation. >> >> Would such a project be a ballache? >> >> Any other suggestions? >> >> ==================== >> Jonathan McHugh >> indieterminacy@libre.brussels <mailto:indieterminacy@libre.brussels> > >I would consider the effort to be worth it.
On Sat, Oct 23, 2021 at 06:33:02PM +0000, Jonathan McHugh wrote: > I noticed WolfSSL has TLS 1.3, its other features seem decent too (1/20 size OpenSSL, ANSI C). > > However, I couldnt find any links on Gemini or HTTP concerning any implementations or tools using it. > > Any ideas regarding it? > > Would it be worth me developing clients and servers in it? I get the idea that some of the other TLS approaches have a lot of cruft given their scale and predisposition to non-Germini protocols and it would interest me to embed from a bespoke Gemini only compilation. > > Would such a project be a ballache? I think WolfSSL and BearSSL are interesting projects as far as minimal TLS implementations go, but I'd personally like to see more love for stuff like libtls (simple spinoff of libressl with a much simpler API), or Boringssl (extremely well-made TLS lib that also provides the crypto primitives for libs like Rust's ring and RusTLS). Libtls would be an especially good fit for Gemini software. Outside of the C and C++ world, lots of programming langs also feature pretty good TLSv1.3 libs in their standard libraries; Go has one of the best. -- /Seirdy
On Sat, Oct 23, 2021 at 02:32:59PM -0700, Rohan Kumar wrote: > I think WolfSSL and BearSSL are interesting projects as far as minimal TLS implementations go, but I'd personally like to see more love for stuff like libtls (simple spinoff of libressl with a much simpler API), or Boringssl (extremely well-made TLS lib that also provides the crypto primitives for libs like Rust's ring and RusTLS). Libtls would be an especially good fit for Gemini software. A good primer on libtls from 2017 is over at https://ftp.openbsd.org/papers/linuxconfau2017-libtls/. Many OpenSSL-based distros also ship the "libretls" package, which is a confusingly-named port of libtls from libressl to OpenSSL; this should make it easy to strike a balance between reducing boilerplate and improving packageability/portability. -- /Seirdy
Rohan Kumar <seirdy@seirdy.one> writes: > [[PGP Signed Part:Undecided]] > On Sat, Oct 23, 2021 at 06:33:02PM +0000, Jonathan McHugh wrote: >> I noticed WolfSSL has TLS 1.3, its other features seem decent too >> (1/20 size OpenSSL, ANSI C). >> >> However, I couldnt find any links on Gemini or HTTP concerning any >> implementations or tools using it. >> >>Any ideas regarding it? >> >> Would it be worth me developing clients and servers in it? I get the >> idea that some of the other TLS approaches have a lot of cruft given >> their scale and predisposition to non-Germini protocols and it would >> interest me to embed from a bespoke Gemini only compilation. >> >>Would such a project be a ballache? > > I think WolfSSL and BearSSL are interesting projects as far as minimal > TLS implementations go, but I'd personally like to see more love for > stuff like libtls (simple spinoff of libressl with a much simpler > API), or Boringssl (extremely well-made TLS lib that also provides the > crypto primitives for libs like Rust's ring and RusTLS). Libtls would > be an especially good fit for Gemini software. I couldn't agree more. Both gmid and telescope use libtls and it's been a joy to use. Clean and simple APIs along with a great documentation (as expected ;-) libtls has also landed on debian unstable recently, while other distro (alpine, void, gentoo, ... even fedora) had that packaged for a while. > Outside of the C and C++ world, lots of programming langs also feature > pretty good TLSv1.3 libs in their standard libraries; Go has one of > the best.
---