[mod_gnutls-devel] mod_gnutls + pkcs11 = less data leaked (?)

Thomas Calderon calderon.thomas at gmail.com
Thu Jun 26 20:13:51 CEST 2014


Hi there,

I followed your discussion back in April towards supporting PKCS#11 in
mod_gnutls.
I would like to point out that I co-developed Caml Crush, a  PKCS#11
filtering proxy. Our work address the various shortcomings of the PKCS#11
API.
However, since it is a client/server approach it can be used as an elegant
way to isolate the keying materials from the web server's memory.
We have successfully tested this approach using mod_nss (since PKCS#11
tokens are natively supported within NSS databases).

Caml Crush can be found at https://github.com/ANSSI-FR/caml-crush.

It would be great if a patch adding PKCS#11 support could be contributed to
mod_gnutls as it would offer an alternative, choice is always welcome !

Kind regards,

Thomas Calderon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140626/3014152e/attachment.html>


More information about the mod_gnutls-devel mailing list