All times are UTC - 5 hours

Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: OpenSSL engine support & lightweight PKI
PostPosted: Sun Oct 31, 2010 9:10 am 

Joined: Thu Oct 28, 2010 5:24 am
Posts: 4
Two feature requests:

1) NRSERVER support for the openssl engine api parameter (if not already present). In my case I would like to specify the Via PADLOCK engine to perform SSL tunnel encryption offloading to the crypto chip on Via C7/Eden cpu. Could be implemented as a Feature.ini parameter (e.g. SSL_ENGINE="string", which is if present is passed as the ssl engine parameter in corresponding openssl API calls by NRSERVER).

2) Support for lightweight PKI security. In addition to the end point user authentication (over the SSL tunnel) security it would be useful to have the ability to authorise at the SSL tunnel connection as well using public certificate for a NRSERVER instance that is deployed to the clients. NRSERVER could be configured (via a Feature.ini option) to only allow clients with its public certificate present to connect before performing user level authentication and connectivity. This would be particularly useful for Android and USB/portable clients as an additional security consideration - clients could also be configured with their own Feature.ini to point to a directory holding the server certificates (e.g. on the SDCARD for android or USB stick for portable).

Kind regards

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 5 hours

Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: