[Privoxy-devel] WolfSSL support ready for testing
Roland Rosenfeld
roland at spinnaker.de
Mon Apr 1 16:58:24 CEST 2024
Hi Fabian!
On Mon, 01 Apr 2024, Fabian Keil wrote:
> I pushed a change to use X509_V_OK if it's available.
In contrast to the others, this didn't work, since X509_V_OK is part
of an enum in my somewhat outdated wolfssl 5.5.4 and not a precompiler
#define.
> > Just a first draft with wolfssl (without
> > --enable-renegotiation-indication).
> Did you check https://www.howsmyssl.com/ already?
Didn't even notice that this page exists :-)
I now checked the results of the API call
https://www.howsmyssl.com/a/check
While "no proxy", "no https-inspection" and "mbedtls" give the same
results in Firefox.
In contrast to openssl, which lists a lot more
cipher_suites (and is okay otherwise).
And wolfssl also lists a bunch of other cipher_suites (which are
interpreted as "Bad"), while "Session Ticket Support" is "Improvable"
here.
I'll attach the results of mbedtls (identical to no-proxy and
no-https-inspection), openssl and wolfssl.
I did some tests with https://badssl.com, but this is hard to automate
and compare the results. I think about writing a script to check all
mentioned URLs using curl and then compare the results
- without proxy
- with privoxy and without https-inspection
- with privoxy and with https-inspection with mbedtls
- with privoxy and with https-inspection with openssl
- with privoxy and with https-inspection with wolfssl
but this may take some time to implement...
> Does https://www.privoxy.org/ work?
Yes that seems to work with all variants.
But mbedtls currently seems to be the best variant to me.
BTW: In Debian the wolfssl package should only be used for packages,
that cannot use openssl because of licensing problems. Since GPLv3
allows to use OpenSSL and mbedTLS, I currently don't see a reason to
switch to wolfssl in Debian (but it's good to have the choice).
Greetings
Roland
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.privoxy.org/pipermail/privoxy-devel/attachments/20240401/8c323c77/attachment.bin>
More information about the Privoxy-devel
mailing list