OpENer icon indicating copy to clipboard operation
OpENer copied to clipboard

Published 20 hours ago verified publisher icon EIPStackGroup

Choose suitable TLS/DTLS library

Open MartinMelikMerkumians opened this issue 5 years ago • 3 comments

CIP Security needs TLS/DTLS capabilites. A library with the needed functionality and a compatible license has to be found and integrated

MartinMelikMerkumians avatar Aug 27 '19 08:08 MartinMelikMerkumians

Requirements:

  1. TLS 1.2 or newer
  2. DTLS 1.2 or newer
  3. Has to support secp256r1 and secp384r1 curves For (D)TLS
  4. TLS_RSA_WITH_NULL_SHA256, {0x00, 0x3B}
  5. TLS_RSA_WITH_AES_128_CBC_SHA256, {0x00, 0x3C}
  6. TLS_RSA_WITH_AES_256_CBC_SHA256, {0x00, 0x3D}
  7. TLS_ECDHE_ECDSA_WITH_NULL_SHA, 0xC0, 0x06}
  8. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, {0xC0, 0x23}
  9. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, {0xC0, 0x24} For PSK
  10. TLS_ECDHE_PSK_WITH_NULL_SHA256 {0xC0,0x3A}
  11. TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, {0xC0,0x37

MartinMelikMerkumians avatar Aug 27 '19 10:08 MartinMelikMerkumians

Perhaps mbedTLS might suit.. https://en.wikipedia.org/wiki/Mbed_TLS

I'm unsure if the Apache license is entirely suited for the OpENer modified BSD application. From my quick investigation it seems like it should be ok, but I'm not a lawyer.

bevanweiss avatar Jun 06 '20 06:06 bevanweiss

Hi @bevanweiss,

thanks for the hint. I will check this.

Best regards, Martin

MartinMelikMerkumians avatar Jun 08 '20 09:06 MartinMelikMerkumians

mbed-TLS chosen as external depcendency

MartinMelikMerkumians avatar Apr 24 '23 09:04 MartinMelikMerkumians