SSL/TLS library with tomcrypt

[eduard...@gmail.com]

Hello,

I'm really happy to announce that I managed to implement TLS(1.2, 1.1, 1.0) with tomcrypt, with no extra dependencies. AES (CBC + GCM), RSA, ECC work just fine. I even managed to define a custom curve (secp256r1). The only two problems I've had:
- DH, but I've modified the tomcrypt code accept custom prime and generator.
- RSA signature verification using md5+sha1 (TLS 1.1 and older). Tomcrypt supports md5, sha1, but not both at the same time. Same as with DH, modified the function.


The library is implemented into a single C-file, public domain, and can be downloaded from here: https://github.com/eduardsui/tlslayer.

It scores A on the ssllabs.com ssl test page, thanks to libtomcrypt :).

It also supports certificate chain validation.

Tomcrypt rules! :)

Implemented ciphers: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384





[Ron Aaron]

And I'm happy to say that 8th (http://8th-dev.com) has incorporated his code, and it works a treat!