ObjFW  View Ticket

Ticket UUID: 8f244fed8259aaf87ccc544a17e30ad340420f44
Title: Add client certificate support to OFTLSStream
Status: Open Type: Feature Request
Severity: Important Priority: Low
Subsystem: Resolution: Open
Last Modified: 2024-05-22 20:13:27
Version Found In: Milestone:
User Comments:
js added on 2021-11-21 10:00:39:

OFTLSStream currently provides no options. It would be nice to have options to enable/disable certain TLS versions, allow client-side certificates, etc. However, this needs special care as various TLS libraries handle that very differently, so an abstraction needs to be found that works with all of them.


js added on 2023-12-29 13:17:01:

Actually, letting the user select the allowed TLS protocol versions might be a bad idea, as then every application potentially needs to be updated in case new TLS issues become known. It is probably better to leave the defaults of the TLS implementation.