Implementation of TLS #267
Comments
|
Is there a mandatory requirement for full TLS? Noise strictly only supports the following handshake protocol: Nodes have ephemeral Ed25519 keys established. To communicate with each other, they:
The handshake overall is very much similar to TLS v1.3 but is simpler and more straightforward. Should you have the need to implement a custom handshake, it would for the time being require forking the repository and modifying a single function here. Happy to assist should this be the case. |
|
Unfortunately, it is a requirement to use CA cert to validate peer client cert. If there's no straightforward way, I'll probably use tls.Conn in place of Aside from deriving shared secret and the encryption provided by default, do you have any other tips? |
In pseudocode, it would resemble: if c.side == clientSideInbound {
conn := tls.Server(c.conn, &tls.Config{...})
if err := conn.Handshake(); err != nil { return err }
} else {
conn := tls.Client(c.conn, &tls.Config{...})
if err := conn.Handshake(); err != nil { return err }
}To help support these types of use cases, in the next patch I'll make it a medium priority to provide options to allow for disabling the default handshake + session encryption/decryption, and to optionally provide your own customary handshake function that will be injected into For the time being, please do keep me posted on how your TLS implementation goes :) It will help when it comes the time I work on a PR to make these options available. |
|
Thanks for the feedback, that really helps. Will definitely keep you posted. Thank you! |
Is there any existing implementation of TLS? Our current infrastructure uses CA auth and I would like to use the same. Is there any example on how to do that? If there isn't, can anyone point me where to start on implementing a plugin for TLS?
The text was updated successfully, but these errors were encountered: