[Help-gnutls] Re: Still replacing OpenSSL function with GnuTLS

Simon Josefsson simon at josefsson.org
Thu Jun 18 08:32:28 CEST 2009

Jouni Malinen <jkmalinen at gmail.com> writes:

> On Wed, Jun 17, 2009 at 3:18 PM, Simon Josefsson<simon at josefsson.org> wrote:
>> Using GnuTLS in more EAP environments would be good, it has seen too
>> little testing there.
> Talking of which..  Are there any plans on adding support for TLS
> Session Ticket (RFC 5077) into GnuTLS?

It would be fun to do it, although my time is limited right now.  I'll
look into it.

The hard part appears to be the section 4 recommended ticket
construction.  Is this something you need?  I could easily see some
environments using completely different tickets.

> It (or well, a bit modified version of it) would be needed to be able
> to implement EAP-FAST.

Do you have some pointers one what modifications are required?

> I finally got the needed patch to do this into OpenSSL, but if I've
> understood correctly, this functionality is missing from GnuTLS and
> consequently, no EAP-FAST support with it is currently possible.

Right, GnuTLS does not support it right now.

> By the way, http://www.gnu.org/software/gnutls/comparison.html could
> be updated to say that OpenSSL does support session tickets if seeing
> GnuTLS as the only row with red here would motivate someone to work on
> this ;-).

Indeed.  I fixed the webpage.


More information about the Gnutls-help mailing list