search

EIPStackGroup / OpENer

OpENer is an EtherNet/IP stack for I/O adapter devices. It supports multiple I/O and explicit connections and includes objects and services for making EtherNet/IP-compliant products as defined in the ODVA specification.
Other
680 stars 260 forks source link

Choose suitable TLS/DTLS library #228

Closed MartinMelikMerkumians closed 1 year ago

MartinMelikMerkumians commented 5 years ago

CIP Security needs TLS/DTLS capabilites. A library with the needed functionality and a compatible license has to be found and integrated

MartinMelikMerkumians commented 5 years ago

Requirements:

  1. TLS 1.2 or newer
  2. DTLS 1.2 or newer
  3. Has to support secp256r1 and secp384r1 curves For (D)TLS
  4. TLS_RSA_WITH_NULL_SHA256, {0x00, 0x3B}
  5. TLS_RSA_WITH_AES_128_CBC_SHA256, {0x00, 0x3C}
  6. TLS_RSA_WITH_AES_256_CBC_SHA256, {0x00, 0x3D}
  7. TLS_ECDHE_ECDSA_WITH_NULL_SHA, 0xC0, 0x06}
  8. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, {0xC0, 0x23}
  9. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, {0xC0, 0x24} For PSK
  10. TLS_ECDHE_PSK_WITH_NULL_SHA256 {0xC0,0x3A}
  11. TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, {0xC0,0x37
bevanweiss commented 4 years ago

Perhaps mbedTLS might suit.. https://en.wikipedia.org/wiki/Mbed_TLS

I'm unsure if the Apache license is entirely suited for the OpENer modified BSD application. From my quick investigation it seems like it should be ok, but I'm not a lawyer.

MartinMelikMerkumians commented 4 years ago

Hi @bevanweiss,

thanks for the hint. I will check this.

Best regards, Martin

MartinMelikMerkumians commented 1 year ago

mbed-TLS chosen as external depcendency