[racket-dev] [patch] OpenSSL ECDH(E) + DHE support.

From: Edward Lee (e45lee at plg.uwaterloo.ca)
Date: Sat Feb 8 17:52:07 EST 2014


Racket's OpenSSL bindings do not currently enable the ECDH(E) and the
DHE ciphers, which are needed for perfect forward secrecy.

I've attached a patch that:
  - Embeds reasonable defaults for DHE mode.
  - Adds two functions, ssl-server-context-enable-dhe! and
    ssl-server-context-enable-ecdhe! that when given
    DHE/ECDHE setup arguments (for DHE, a DH parameter file path,
    for ECDHE, the name of one of the built-in OpenSSL elliptic curves 
    [currently, only secp521r1])
  - (unrelated, but also useful) Adds bindings for TLS 1.1/1.2-only
    server/client contexts.

This patch is currently a work in progress (it currently only supports
one elliptic curve name) that works well enough for what I am using it
for, but I'm interested in getting this patch upstream.

What's the exact process for this?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: racket-ssl.patch
Type: text/x-diff
Size: 6804 bytes
Desc: not available
URL: <http://lists.racket-lang.org/dev/archive/attachments/20140208/c169e74c/attachment.bin>

Posted on the dev mailing list.