cloudflare / keyless

Cloudflare's Keyless SSL Server Reference Implementation
Other
275 stars 79 forks source link

Updated cipher suites, adding ECDSA support. Generated separate testing Keyserver/Keyless CAs #72

Closed 0xhaven closed 10 years ago

0xhaven commented 10 years ago

Set available ciphers to just ECDHE-ECDSA-AES256-GCM-SHA384 and ECDHE-RSA-AES256-GCM-SHA384, removing --cipher-list command line argument. Enabled use of ECDSA with curve prime256v1 (NIST P-256).

Generated separate CAs for Keyserver and Keyless client certificates. Generated ECDSA and RSA certs to test each cipher suite. Corralled all certificates and keys into testing/ directory.

Updated make test to run against both ECDSA and RSA keyservers.

0xhaven commented 10 years ago

Currently, all of testclient is being run against both ECDSA and RSA Keyservers. If this starts taking too long, it might make sense to just run --alive connection tests against one of them.

jgrahamc commented 10 years ago

Builds and tests pass for me.

But hold merging until I have finished debugging a problem seen by a customer with the current HEAD.

0xhaven commented 10 years ago

@jgrahamc Have you figured out that problem? Does this PR look fine?

jgrahamc commented 10 years ago

Yes. This looks fine.