search

MyHush / hush

Hush is a fork of Zcash focused on secure communications
https://myhush.org
Other
67 stars 37 forks source link

Enable TLS connections between peers #68

Closed kentsommer closed 6 years ago

kentsommer commented 6 years ago

See SECURE_SETUP.md for documentation on new flags + how to set up a node with its own valid certificate.

t1JjmKWun4jn61JgVSK1fQKifVToqhKsov3

jenkins-hush commented 6 years ago

all tests passed

leto commented 6 years ago

@kentsommer this looks really cool! Can you tell which version of OpenSSL does it support or require?

Also, there is a fork of OpenSSL called BoringSSL, maintained by Google/Cloudflare/etc that is mostly source-compatible with OpenSSL and is much better maintained/fuzzed/secured and would provide a smaller attack surface on TLS-enabled hush nodes : https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md

Could you estimate if it would be hard or relatively easy to support BoringSSL? Many projects try to detect various SSL libraries in a certain order, I would prefer BoringSSL over OpenSSL, if both are installed.

kentsommer commented 6 years ago

Rebasing to merge into dev

jenkins-hush commented 6 years ago

all tests passed

matthewjamesr commented 6 years ago

@kentsommer Can we include the changes requested in Discord, then rebase for merge? Pasting below for visibility.

We need proper display of secure peers in both hush-cli getinfo and hush-cli getnetworkinfo. Example follows.

"connections": {
  "secure": 2,
  "total": 8
},
"tls_cert_verified": true

Please commit those changes, rebase, merge to dev :).

kentsommer commented 6 years ago

@matthewjamesr

Requested changes added by dda2c8281d6bb03abe157ac81e31ee2df2bedb5e

{
  "version": 1001250,
  "protocolversion": 170002,
  "walletversion": 60000,
  "balance": 0.00000000,
  "blocks": 55596,
  "timeoffset": 0,
  "connections": 1,
  "tls_connections": 1,
  "proxy": "",
  "difficulty": 11518033.69687827,
  "testnet": false,
  "keypoololdest": 1511918005,
  "keypoolsize": 101,
  "paytxfee": 0.00000000,
  "relayfee": 0.00000100,
  "errors": ""
}
{
  "version": 1001250,
  "subversion": "/BalefulStatic:1.0.12/",
  "protocolversion": 170002,
  "localservices": "0000000000000001",
  "timeoffset": 0,
  "connections": 1,
  "tls_connections": 1,
  "tls_cert_verified": true,
  "networks": [
    {
      "name": "ipv4",
      "limited": false,
      "reachable": true,
      "proxy": "",
      "proxy_randomize_credentials": false
    },
    {
      "name": "ipv6",
      "limited": false,
      "reachable": true,
      "proxy": "",
      "proxy_randomize_credentials": false
    },
    {
      "name": "onion",
      "limited": true,
      "reachable": false,
      "proxy": "",
      "proxy_randomize_credentials": false
    }
  ],
  "relayfee": 0.00000100,
  "localaddresses": [
    {
      "address": "xxx.xxx.xxx.xxx",
      "port": 8888,
      "score": 1
    }
  ],
  "warnings": ""
}