Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable TLS connections between peers #68

Merged
merged 7 commits into from
Nov 29, 2017
Merged

Enable TLS connections between peers #68

merged 7 commits into from
Nov 29, 2017

Conversation

kentsommer
Copy link
Contributor

@kentsommer kentsommer commented Nov 16, 2017
edited
Loading

See SECURE_SETUP.md for documentation on new flags + how to set up a node with its own valid certificate.

t1JjmKWun4jn61JgVSK1fQKifVToqhKsov3

@kentsommer kentsommer self-assigned this Nov 16, 2017
@kentsommer kentsommer changed the title This PR enables TLS connections peers This PR enables TLS connections to peers Nov 16, 2017
@jenkins-hush
Copy link

all tests passed

@kentsommer kentsommer changed the title This PR enables TLS connections to peers Enable TLS connections between peers Nov 16, 2017
@leto
Copy link
Member

leto commented Nov 16, 2017

@kentsommer this looks really cool! Can you tell which version of OpenSSL does it support or require?

Also, there is a fork of OpenSSL called BoringSSL, maintained by Google/Cloudflare/etc that is mostly source-compatible with OpenSSL and is much better maintained/fuzzed/secured and would provide a smaller attack surface on TLS-enabled hush nodes : https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md

Could you estimate if it would be hard or relatively easy to support BoringSSL? Many projects try to detect various SSL libraries in a certain order, I would prefer BoringSSL over OpenSSL, if both are installed.

@kentsommer kentsommer changed the base branch from master to dev November 29, 2017 00:41
@kentsommer
Copy link
Contributor Author

Rebasing to merge into dev

@jenkins-hush
Copy link

all tests passed

@kentsommer kentsommer merged commit 86abbf2 into MyHush:dev Nov 29, 2017
@matthewjamesr
Copy link
Contributor

@kentsommer Can we include the changes requested in Discord, then rebase for merge? Pasting below for visibility.

We need proper display of secure peers in both hush-cli getinfo and hush-cli getnetworkinfo. Example follows.

"connections": {
  "secure": 2,
  "total": 8
},
"tls_cert_verified": true

Please commit those changes, rebase, merge to dev :).

@kentsommer kentsommer mentioned this pull request Nov 29, 2017
Closed
@kentsommer
Copy link
Contributor Author

@matthewjamesr

Requested changes added by dda2c82

{
  "version": 1001250,
  "protocolversion": 170002,
  "walletversion": 60000,
  "balance": 0.00000000,
  "blocks": 55596,
  "timeoffset": 0,
  "connections": 1,
  "tls_connections": 1,
  "proxy": "",
  "difficulty": 11518033.69687827,
  "testnet": false,
  "keypoololdest": 1511918005,
  "keypoolsize": 101,
  "paytxfee": 0.00000000,
  "relayfee": 0.00000100,
  "errors": ""
}

{
  "version": 1001250,
  "subversion": "/BalefulStatic:1.0.12/",
  "protocolversion": 170002,
  "localservices": "0000000000000001",
  "timeoffset": 0,
  "connections": 1,
  "tls_connections": 1,
  "tls_cert_verified": true,
  "networks": [
    {
      "name": "ipv4",
      "limited": false,
      "reachable": true,
      "proxy": "",
      "proxy_randomize_credentials": false
    },
    {
      "name": "ipv6",
      "limited": false,
      "reachable": true,
      "proxy": "",
      "proxy_randomize_credentials": false
    },
    {
      "name": "onion",
      "limited": true,
      "reachable": false,
      "proxy": "",
      "proxy_randomize_credentials": false
    }
  ],
  "relayfee": 0.00000100,
  "localaddresses": [
    {
      "address": "xxx.xxx.xxx.xxx",
      "port": 8888,
      "score": 1
    }
  ],
  "warnings": ""
}

@kentsommer kentsommer mentioned this pull request Nov 29, 2017
Closed
@tarrenj tarrenj mentioned this pull request Jun 21, 2018
Closed
4 tasks
@oDinZu oDinZu mentioned this pull request Mar 16, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewjamesr matthewjamesr Awaiting requested review from matthewjamesr

@radix42 radix42 Awaiting requested review from radix42

Assignees

@kentsommer kentsommer

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kentsommer @jenkins-hush @leto @matthewjamesr