1. Forum
  2. Usenet
  3. COMP.LANG.TCL

  • Re: ANNOUNCE: mtls 1.0.0

    From Harald Oehlmann@21:1/5 to All on Mon Apr 29 07:17:27 2024
    Am 28.04.2024 um 23:39 schrieb Kushnir Konstantin:
    Hi Everyone!

    I am pleased to announce the release of the first version of the mtls package, which provides TLS support for Tcl sockets.

    Here are its features:

    * uses the [mbedTLS](https://github.com/Mbed-TLS/mbedtls) library with minimal size
    * interface is compatible with tcltls, most of the existing code will
    work as is, without modifications
    * uses CA certificates from the operating system on Linux/Windows/MacOS platforms
    * uses only modern TLS1.2/TLS1.3 protocols, which are more than
    sufficient for successful connections to most services
    * certificate and hostname verification, SNI are enabled by default
    * multi-platform, Linux/Windows/MacOS supported
    * possibility to exclude the client or server part to minimize the size
    even more
    * easy to build, no 3rd-party libraries, everything you need to build is
    in this repository
    * was created as a base for the use of SSL/TLS alternative backends

    The homepage is at: https://github.com/chpock/tclmtls

    Please fill free to check/build/use it. Any feedback is welcome!


    Great !
    Would that be a candidate to be included in the TCL Core?
    Take care,
    Harald

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Christian Gollwitzer@21:1/5 to All on Mon Apr 29 08:48:50 2024
    Am 29.04.24 um 07:17 schrieb Harald Oehlmann:
    Am 28.04.2024 um 23:39 schrieb Kushnir Konstantin:
    Hi Everyone!

    I am pleased to announce the release of the first version of the mtls
    package, which provides TLS support for Tcl sockets.

    Great !
    Would that be a candidate to be included in the TCL Core?


    While I like core features, I think this is a bad idea, given the pace
    of Tcl development. If a security hole emerges, how long will it take
    Tcl to release a fix??

    Christian

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Harald Oehlmann@21:1/5 to All on Tue Apr 30 09:35:02 2024
    Am 29.04.2024 um 21:48 schrieb Konstantin Kushnir:
    On 29.04.2024 19:40, saito wrote:
    On 4/29/2024 2:48 AM, Christian Gollwitzer wrote:

    While I like core features, I think this is a bad idea, given the
    pace of Tcl development. If a security hole emerges, how long will it
    take Tcl to release a fix??
    Very good point.  Perhaps a good candidate for tcllib?

    I don't think it's possible to add things like TLS support to the Tcl
    core. There is a wide range of issues: optimized encryption routines are platform-specific, overly sensitive to security, and must be carefully updated. And the main issue is license. The mtls module uses mbedTLS
    library which is distributed under Apache2.0 and GPL, but Tcl uses own BSD-like license.

    For tcllib it is also not suitable. The main issue is the license incompatibility. And also, tcllib is mainly for Tcl modules written in
    Tcl, but this module is written in C.

    I doubt that the TLS solution will be "official" someday. It looks like
    it will always be out-of-box provided by semi-official and custom Tcl distributions.


    Thanks, Konstantin, for your valuable contribution.
    I thought about that, as TLS support is practically always required and
    it would enable many applications out of the box.

    The plugging of svgnano into Tk was a big success. We are now able to
    have scalable images and a scalable gui. To have a difficult feature
    always available is just a win, even in a restraint manner.

    Thank you for all,
    Harald

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)