Brian Kamotho
Brian Kamotho
Validate parameters as in rfc2631 or ANSI X9.42 to ensure the parameters we receive from the other party are cryptographically secure.
The function that implements section 2.2.1.1 of rfc2631 needs to be rewritten. This is needed because the current implementation does not pass the correctness tests in the specs.
Specified in https://tools.ietf.org/html/rfc6961 OCSP stapling eliminates privacy concerns for OCSP and saves bandwidth for clients by requiring server to query OCSP responders themselves.
This requires creating modified versions of the functions #'encrypt-and-send and #'ciphertext-to-compressed that handle mac-then-encrypt rather than encrypt-then mac. In addition, add mechanisms to the hello messages to facilitate negotiating this...