On Fri, Jul 5, 2024 at 10:55 PM Christopher Schultz <ch...@christopherschultz.net> wrote: > > Rémy, > > On 7/4/24 09:15, Rémy Maucherat wrote: > > As an experiment, I tested with LibreSSL and BoringSSL on LInux using > > the FFM code. Both did not need too many API changes to start working, > > so I committed the changes to "add support" for them. > > \o/ > > I'm very happy that you have had the inclination to make this work. > While OpenSSL is everywhere, many OSs are opting to provide "compatible" > clones such as LibreSSL and BoringSSL and the fact is that they aren't > 100% compatible. > > I'd really like to support them because that means supporting Good > Crypto in as many places as are possible. > > (I'd like to see some updated performance numbers from Jean-Frederic on > "Pure Java" TLS versus OpenSSL-based TLS. When we talked about it years > ago it looked like there was a bug in Java preventing it from using > hardware crypto to Java performed terribly in comparison. And of course > used much more resources (e.g. power).
I lack the expertise in these libraries to really know what the expected behavior is ... Insights welcome. > > LibreSSL: > > - I cannot get it to renegotiate anything. The client always gets a > > "no_renegotiation" alert. > > - Seems relatively complete. > > - I tested with Linux and 3.9. > > - Testing is easy on GitHub. Out of the box with macos-latest using > > LibreSSL 3.3. Verified it does the same as my 3.9. > > Maybe LibreSSL refuses to renegotiate? > > > BoringSSL: > > - Only TLS 1.3 "renegotiation" seems to work (TestClientCertTls13). > > This could be seen as acceptable. > > - It seems very bare bones, all the stuff for supporting exotic certs > > seems to be gone. So basically you need a standard certificate doing > > TLS 1.3 and that's all it does, but it then just works. > > - When it doesn't like something, the client gets a connection close > > (no alert, no nothing; I guess sending alerts is less efficient ;) ). > > - Testing is far more problematic. The project is quite "original" in > > that it does not do releases. Funny (not ...). > > I think the above (except maybe lack of alerts) is all intentional. > BoringSSL is intended to support "What people should be using today" and > so it lacks all those decades of old code to support things nobody > should be using anymore. I thought it supported TLSv1.2 though... TLS 1.2 seems to work without renegotiation. For both TestSsl [and also the browsers] works. > > I don't have much experience with these so maybe I'm doing something > > wrong. For both, the basics (TestSsl) and quite a bit more work, but > > not everything. BoringSSL inspires more confidence in what it does and > > how it does it than the other one, but not having releases is > > obviously a deal breaker ... > > > > So I'm not very impressed. Given the amount of work it still seems > > "ok", but that's about it, OpenSSL is by far the best choice for > > Tomcat without even factoring in possible quic support in the future. > > I think michael-o has done some more elaborate testing with LibreSSL. He > might be willing to enable FFM and put it through its paces a little > more than you have had time for so far. Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
