ObjFW  View Ticket

2023-12-29
13:17 Ticket [8f244fed82] Add client certificate support to OFTLSStream status still Open with 6 other changes artifact: 45926f20a5 user: js
2021-11-21
10:00 New ticket [8f244fed82]. artifact: cb783fa382 user: js

Ticket UUID: 8f244fed8259aaf87ccc544a17e30ad340420f44
Title: Add client certificate support to OFTLSStream
Status: Open Type: Feature_Request
Severity: Important Priority: Low
Subsystem: Resolution: Open
Last Modified: 2023-12-29 13:17:01
Version Found In: Milestone: none
User Comments:
js added on 2021-11-21 10:00:39:

OFTLSStream currently provides no options. It would be nice to have options to enable/disable certain TLS versions, allow client-side certificates, etc. However, this needs special care as various TLS libraries handle that very differently, so an abstraction needs to be found that works with all of them.


js added on 2023-12-29 13:17:01:

Actually, letting the user select the allowed TLS protocol versions might be a bad idea, as then every application potentially needs to be updated in case new TLS issues become known. It is probably better to leave the defaults of the TLS implementation.