[stunnel-users] TLS-SRP patch

Kevin Sheldrake rtfcode at gmail.com
Tue Jun 6 16:07:26 CEST 2017


I recently produced a patch that permits use of TLS-SRP; it is based on the TLS-PSK code and this blog post:

It’s not the cleanest of code but it does work as a POC.  The patch is available here:

The README.txt provides some info on testing the patch and how it might be used to help dev web browsers and servers that support TLS-SRP (for IoT work).  There is a page on the forthcoming OWASP Summit ‘TLS for Local IoT’ workshop (for which it was developed) at:

In terms of using TLS-SRP support in stunnel as a proxy, it might be useful as a replacement for TLS-PSK where the credentials are user-memorable (pass phrase, for example) as TLS-SRP has lower entropy requirements than TLS-PSK.  For example, the creds could be stored in the user’s head rather than in a file and be less open to compromise if a device was seized.  I don’t know if that’s useful for anyone; it’s just a thought.



More information about the stunnel-users mailing list