Updating TLS; bounty


#1

I’ve got a rough estimate for updating TLS from Cyphre depending on what we need of $1500-2000.

I’ll ask him to post to this thread what he wants to know.

Basically I think we need TLS 1.2 with ECDHE. Full server implementation also nice to have.

Eg. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

Please comment.


#2

My original goal was to restore Ren-C networking functionality to the way it worked prior to TLS 1.2. I’ll need others with deeper familarity with protocols to decide if there are worthy side-goals that can be met for this bounty.
Per Brian Otto’s previous comments, it would be great to also pick-up SFTP / SCP if those are along the same route.


#3

I don’t think we want to regress the networking functionality!

Basically websites have moved to TLS 1.1 or 1.2 and Rebol networking is only sitting at 1.0 with mostly obsolete cipher suites.

We can do FTPS easily enough which is FTP over SSL but SFTP is FTP over SSH which is a different protocol altogether and would require someone to write the SSH in Rebol.


#4

To clarify, I meant that I wanted to restore the level of networking functionality which was lost when much of the Internet adopted TLS 1.2.


#5

So, I think this just basically means getting the elliptic curve encryption suites with SHA384 if we want to be up to date.


#6

Anyway, we do need an indication of how much, if anything, people are willing to contribute to this bounty before I approach Cyphre again. I presume his estimate was in USD and not Koruna!


#7

How would one actually go about sending money?


#8

Count me in up to 50% assuming a $2k cap. I can adjust depending if there are other contributors, or if there are additional features we can get into the deliverables.


#9

I’m the treasurer for the Rebol Foundation so you can send the donation to me as PayPal, crypto, or whatever.


#10

Thanks. Really appreciated.


#11

I could donate $50 when I refresh my memory on how to use paypal.


#12

All good. Thanks.

Running total is now USD1050.


#13

Count me in for $100


#14

Thanks … running total now USD1150.


#15

So we’ve got $1150 to work with so far. What does Cyphre want to get started? (I assume he’s not expecting the $ up-front.)


#16

He hasn’t replied to me yet about that.


#17

Ok, thanks. I just wanted to follow-up on this so it stays on the radar.


#18

Basically he hasn’t replied since he set the fee he was looking at. Maybe there’s someone else amongst the old guard who are willing to do this.


#19

Still no reply, eh? That’s a disappointment.


#20

@BlackATTR what sites do you have for testing that fail with the current ren-c builds?

I know that https://discourse.org fails