[stunnel-users] TLS-SRP patch
rtfcode at gmail.com
Tue Jun 6 16:07:26 CEST 2017
I recently produced a patch that permits use of TLS-SRP; it is based on the TLS-PSK code and this blog post:
It’s not the cleanest of code but it does work as a POC. The patch is available here:
The README.txt provides some info on testing the patch and how it might be used to help dev web browsers and servers that support TLS-SRP (for IoT work). There is a page on the forthcoming OWASP Summit ‘TLS for Local IoT’ workshop (for which it was developed) at:
In terms of using TLS-SRP support in stunnel as a proxy, it might be useful as a replacement for TLS-PSK where the credentials are user-memorable (pass phrase, for example) as TLS-SRP has lower entropy requirements than TLS-PSK. For example, the creds could be stored in the user’s head rather than in a file and be less open to compromise if a device was seized. I don’t know if that’s useful for anyone; it’s just a thought.
More information about the stunnel-users