Re: [Chicken-users] OpenSSL egg option defaults poll

[Thomas Chust]

On Thu, 16 Oct 2014, Thomas Chust wrote:

> [...]
> So I would like to poll for opinions from people on this list concerning this 
> situation. Do you think the default options in the OpenSSL egg should be 
> "hardened"? Do you think more options should be introduced? Is compatibility 
> with the rest of the internet a concern at all? ;-)
> [...]

Hello,

judging by the responses you wrote, there seems to be an interest in more 
secure defaults indeed.

I looked over the OpenSSL egg API again to see how it could be improved 
with better default options and figured that some additional constructor 
parameters would be useful but there were already too many optional 
parameters in my opinion.

Therefore I took another route: The existing procedures keep their current 
defaults, but there is a new set of object constructors that uses only 
keyword arguments and configures things in a more secure way by default.

The latest SVN trunk of the OpenSSL egg includes the following additions:

  [parameter] ssl-default-certificate-authority-directory

    Holds the default directory with acceptable certificate authorities.

  [procedure] (ssl-make-client-context* #!key
    ((protocol <symbol>) 'tls) ((cipher-list <string|list>) "HIGH")
    ((certificate-authorities <string>) #f)
    ((certificate-authority-directory <string>) #f)
    ((verify? <boolean>) #t))

    Creates a new client context. Defaults to TLS protocol using only
    ciphers marked as strong. Loads the certificate authorities from the
    default directory unless other sources are specified and switches
    server certificate verification on by default.

  [procedure] (ssl-connect* #!key
    (hostname <string>) (port <exact>)
    ((protocol <symbol>) 'tls) ((cipher-list <string|list>) "HIGH")
    ((certificate-authorities <string>) #f)
    ((certificate-authority-directory <string>) #f)
    ((verify? <boolean>) #t))

    Connects to a server using the same defaults as
    ssl-make-client-context*

  [procedure] (ssl-listen* #!key
    (hostname <string>) ((port <exact>) #f) ((backlog <exact>) 4)
    ((protocol <symbol>) 'tls) ((cipher-list <string|list>) "HIGH")
    (certificate <string>) (private-key <string>)
    ((private-key-rsa? <boolean>) #t)
    ((private-key-asn1? <boolean>) #f))
    ((certificate-authorities <string>) #f)
    ((certificate-authority-directory <string>) #f)
    ((verify? <boolean>) #t))

    Creates a listener. Defaults to TLS protocol using only ciphers marked
    as strong. Loads the certificate authorities from the default
    directory unless other sources are specified but doesn't switch client
    certificate verification on by default. Advertises the certificates
    loaded via the certificate-authorities argument to the client.

I'd be glad if some of you could test this out and tell me what you think 
about it :-)

Ciao,
Thomas


--
When C++ is your hammer, every problem looks like your thumb.