2010-09-09 21:47:19 +00:00
|
|
|
protocol:
|
|
|
|
|
|
|
|
- finish implementing renegocitiation Client and Server
|
|
|
|
- implement Certificate Verify / Certificate Request
|
|
|
|
- add Client Certificates
|
|
|
|
- add check for non-self signed certificate
|
|
|
|
- alert correctly on errors
|
|
|
|
- process session as they should
|
|
|
|
- put 4 bytes of time in client/server random
|
|
|
|
- implement compression
|
|
|
|
- proper separation for key exchange algorithm (hardcoded to RSA at the moment in differents place)
|
|
|
|
- implements different key exchange algorithm
|
|
|
|
|
|
|
|
tls v1.2:
|
|
|
|
|
|
|
|
- finish implementation of extensions
|
|
|
|
- implement finish digest generation with hmac256
|
|
|
|
- implement finish digest generation with client/server negociated algorithm
|
|
|
|
- proper version dispatch in marshalling packets
|
|
|
|
- properly separate different version of the protocol
|
|
|
|
- implement AEAD
|
|
|
|
|
|
|
|
code cleanup:
|
|
|
|
|
|
|
|
- remove show derivation on internal crypto state
|
|
|
|
- opaquify differents data type through newtype
|
|
|
|
|
|
|
|
security audit:
|
|
|
|
|
2010-09-26 16:04:28 +00:00
|
|
|
- add more unit tests for pure parts
|
2010-09-09 21:47:19 +00:00
|
|
|
- match security recommendation from the RFC
|
|
|
|
|
|
|
|
misc:
|
|
|
|
|
2010-09-26 16:04:28 +00:00
|
|
|
- stunnel: actually make it works like stunnel instead of hardcoding the data received/sent
|
2010-12-06 22:54:18 +00:00
|
|
|
- investigate an iteratee/enumerator interface
|
2010-09-09 21:47:19 +00:00
|
|
|
- portability
|
|
|
|
- implement more ciphers
|
|
|
|
- check & optimize memory footprint
|
|
|
|
- compare & optimize performance
|