TLS 1.3 Development

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS 1.3 Development

asdf asdf
Hello,

I saw a post from a few months ago here: http://erlang.org/pipermail/erlang-questions/2017-August/093136.html about adding support for TLS 1.3 to the new OTP, and I am curious about the status of this and how I could get involved. I have made a deal of modifications to the underlying OTP ssl module to suit my businesses needs, and I believe I could help in the development. 

In the post I linked, the responder mentioned that there are many unknowns with the new TLS implementation, which is definitely true, but there are those who have implemented it successfully - both WolfSSL and OpenSSL support this (C implementation).

TLS 1.3 has huge advantages for embedded/iot devices - it reduces the number of RTTs which is huge for customers with data and processing constraints. For companies managing millions of devices, this would add huge cost savings, not to mention the increased levels of security. This will be a great advantage for Erlang to have.

Is there any work being done currently on development, and is it possible for a Non-Erricson employee to contribute?

Thanks for your help



_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.3 Development

Ingela Andin

Hello!

2018-01-01 1:23 GMT+01:00 asdf asdf <[hidden email]>:
Hello,

I saw a post from a few months ago here: http://erlang.org/pipermail/erlang-questions/2017-August/093136.html about adding support for TLS 1.3 to the new OTP, and I am curious about the status of this and how I could get involved. I have made a deal of modifications to the underlying OTP ssl module to suit my businesses needs, and I believe I could help in the development.
 

In the post I linked, the responder mentioned that there are many unknowns with the new TLS implementation, which is definitely true, but there are those who have implemented it successfully - both WolfSSL and OpenSSL support this (C implementation).

TLS 1.3 has huge advantages for embedded/iot devices - it reduces the number of RTTs which is huge for customers with data and processing constraints. For companies managing millions of devices, this would add huge cost savings, not to mention the increased levels of security. This will be a great advantage for Erlang to have.

Is there any work being done currently on development, and is it possible for a Non-Erricson employee to contribute?

Thanks for your help


The way you may contribute is to make PR (pull requests). My team is responsible for TLS development and we have done some preparations for TLS-1.3 but we have not added any TLS-1.3 specific code yet.
The latest changes was to handle cipher suites as maps instead of tuples internally.We are thinking of moving the API that way too. To make contributing easier for us both if would be helpful if you can make small logical steps
implementing some part of the code needed for TLS-1.3 support. If you need/want to make changes the does not follow the current design send me a mail at [hidden email]  so we can consider what will be best and also fit our plans.

Regards Ingela Erlang/OTP Team - Ericsson AB





_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions