Rémy,
On 7/4/24 09:15, Rémy Maucherat wrote:
As an experiment, I tested with LibreSSL and BoringSSL on LInux using
the FFM code. Both did not need too many API changes to start working,
so I committed the changes to "add support" for them.
\o/
I'm very happy that you have had the inclination to make this work.
While OpenSSL is everywhere, many OSs are opting to provide "compatible"
clones such as LibreSSL and BoringSSL and the fact is that they aren't
100% compatible.
I'd really like to support them because that means supporting Good
Crypto in as many places as are possible.
(I'd like to see some updated performance numbers from Jean-Frederic on
"Pure Java" TLS versus OpenSSL-based TLS. When we talked about it years
ago it looked like there was a bug in Java preventing it from using
hardware crypto to Java performed terribly in comparison. And of course
used much more resources (e.g. power).
LibreSSL:
- I cannot get it to renegotiate anything. The client always gets a
"no_renegotiation" alert.
- Seems relatively complete.
- I tested with Linux and 3.9.
- Testing is easy on GitHub. Out of the box with macos-latest using
LibreSSL 3.3. Verified it does the same as my 3.9.
Maybe LibreSSL refuses to renegotiate?
BoringSSL:
- Only TLS 1.3 "renegotiation" seems to work (TestClientCertTls13).
This could be seen as acceptable.
- It seems very bare bones, all the stuff for supporting exotic certs
seems to be gone. So basically you need a standard certificate doing
TLS 1.3 and that's all it does, but it then just works.
- When it doesn't like something, the client gets a connection close
(no alert, no nothing; I guess sending alerts is less efficient ;) ).
- Testing is far more problematic. The project is quite "original" in
that it does not do releases. Funny (not ...).
I think the above (except maybe lack of alerts) is all intentional.
BoringSSL is intended to support "What people should be using today" and
so it lacks all those decades of old code to support things nobody
should be using anymore. I thought it supported TLSv1.2 though...
I don't have much experience with these so maybe I'm doing something
wrong. For both, the basics (TestSsl) and quite a bit more work, but
not everything. BoringSSL inspires more confidence in what it does and
how it does it than the other one, but not having releases is
obviously a deal breaker ...
So I'm not very impressed. Given the amount of work it still seems
"ok", but that's about it, OpenSSL is by far the best choice for
Tomcat without even factoring in possible quic support in the future.
I think michael-o has done some more elaborate testing with LibreSSL. He
might be willing to enable FFM and put it through its paces a little
more than you have had time for so far.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
