MozillaWiki

Security/DNSSEC-TLS-details: Difference between revisions

Page Discussion

Security/DNSSEC-TLS-details (view source)

Revision as of 22:48, 20 July 2011

419 bytes removed ,  20 July 2011
→‎nginx and openssl
Line 110: Line 110:
== nginx and openssl ==
== nginx and openssl ==


Patches that add DNSSEC-TLS functionality to nginx 1.0.4 and openssl-1.0.0d can be found in the repository (see below). This requires the generation of a dnssec chain file (see the "ssl_dnssec_chain" option in nginx's conf/nginx.conf). The code to do this is also in the repository (see "generate.c").
The webserver 'nginx' has been modified to send DNSSEC chains as a TLS extension. The details of how to set up such a modified server are [[Security/DNSSEC-TLS-nginx here]].
 
Of course, this is useless without a client that also supports this functionality. A simple telnet-like client has been modified as a proof of concept (client.c).
 
There is also a patch that adds preliminary support for this mechanism in Firefox (as a patch on the mozilla-central branch).


== Code Repository ==
== Code Repository ==


Preliminary code for this project can be found [http://hg.mozilla.org/users/dkeeler_mozilla.com/dnssec-tls/ here].
Preliminary code for this project can be found [http://hg.mozilla.org/users/dkeeler_mozilla.com/dnssec-tls/ here].
Dkeeler
Confirmed users
299

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/331807"