Security/DNSSEC-TLS-details: Difference between revisions

Security/DNSSEC-TLS-details (view source)

101 bytes removed , 7 July 2011

Confirmed users

299

edits

@@ Line 96: / Line 96: @@
 == nginx and openssl ==
-The following patch adds DNSSEC-TLS functionality to nginx 1.0.4: [http://wiki.mozilla.org/File:Nginx-1.0.4-pwyll.patch.gz nginx-1.0.4-dnssec-tls.patch.gz]. This requires the generation of a dnssec chain file (see the "ssl_dnssec_chain" option in nginx's conf/nginx.conf). The code to do this has not been released yet.
+Patches that add DNSSEC-TLS functionality to nginx 1.0.4 and openssl-1.0.0d can be found in the repository (see below). This requires the generation of a dnssec chain file (see the "ssl_dnssec_chain" option in nginx's conf/nginx.conf). The code to do this is also in the repository (see "generate.c").
-This patch is adds DNSSEC-TLS functionality to openssl 1.0.0d (required for nginx) : [http://wiki.mozilla.org/File:Openssl-1.0.0d-pwyll.patch.gz openssl-1.0.0d-dnssec-tls.patch.gz]
+Of course, this is useless without a client that also supports this functionality. A simple telnet-like client has been modified as a proof of concept (client.c).
-Of course, this is useless without a client that also supports this functionality. A simple telnet-like client has been written as a proof of concept, but the code has not yet been released.
+There is also a patch that adds preliminary support for this mechanism in Firefox (as a patch on the mozilla-central branch).
 == Code Repository ==
 Preliminary code for this project can be found [http://hg.mozilla.org/users/dkeeler_mozilla.com/dnssec-tls/ here].