r15087@tombo: nickm | 2007-11-30 22:32:26 -0500

 Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation.  None of this is enabled unless you define V2_HANDSHAKE_SERVER.


svn:r12622

1 files changed, 14 insertions, 0 deletions

diff --git a/doc/TODO b/doc/TODO
index 92d9a79722..9c35111ca3 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -31,6 +31,20 @@ Things we'd like to do in 0.2.0.x:
     D 118 if feasible and obvious
     D Maintain a skew estimate and use ftime consistently.
     - 105+TLS, if possible.
+      . TLS backend work
+        - New list of ciphers for clients
+        o Servers detect new ciphers, and only send ID cert when they
+          get an older cipher list, and only request client cert when
+          they get an older cipher list.
+        - Clients only send certificates when asked for them.
+        o Servers disable callback once negotiation is finished, so
+          that renegotiation happens according to the old rules.
+        - Clients initiate renegotiation immediately on completing
+          a v2 connection.
+        - Servers detect renegotiation, and if there is now a client
+          cert, they adust the client ID.
+          o Detect.
+          - Adjust.
       o Add a separate handshake structure that handles version negotiation,
         and stores netinfo data until authentication is done.
       o Revise versions and netinfo to use separate structure; make