is there some tls implementation for small devicdes? there is a tcp stack in kon-tiki, and maybe other implementations. is it possible to use tls on some 8bit device with 64kb of memory? i am thinking of potential implementations on avr, 6502. i guess m68k may even run real openssl library?

#programming

=> Posted in: s/Gemini
=> 🐙 norayr

2023-08-01 · 2 years ago

10 Comments ↓

=> 😎 Smokey · 2023-08-01 at 21:13:

if you consider pi zero and similar devices to be smol then there is the beppy device kelbot shared as well as pocketchip I am looking for beppy when it has a case for PCB. my kobo ereader has verry basic web browser which works well with portal.mozz.us

=> 🐙 norayr [OP] · 2023-08-02 at 16:17:

heh, something that can run linux (and my understanding that his device runs) is not small, since it can have openssl. i wonder how can we use gemini with smaller devices. let's say c64 can run gopher browser, and i guess i can write a spartan client (spartan doesn't use encryption, yes?) for such a machine. but gemini means tls encryption, and that is what i wonder.

=> 📻 solderpunk · 2023-08-02 at 19:00:

BearSSL (https://bearssl.org/) is designed for embedded devices and claims that a minimal server can take the form of a 20 kb binary that uses 25 kb of RAM. I don't know if anybody has built a Gemini client on top of it yet. I'd love to know if somebody has. I think AVRs and 6502/Z80s are right out of the question, but m68k is not only possible, it has been done, there is a Gemini client for some late model Amigas. There have also been a few people doing Gemini stuff on ESP8266 devices. I am interested in collecting resources on using very limited and/or very old devices for Gemini, and sometime this year I'll ask for help in setting up an official page for it.

=> 🚀 mbays · 2023-08-03 at 06:27:

gmni and gmnilm also use BearSSL (which also tripped me up in the same way it did michaelnordmeyer).

=> 📻 solderpunk · 2023-08-03 at 16:40:

@michaelnordmeyer Gosh darn it, I didn't want to hear that. Also on my TODO list for this year is to setup a TLS1.3 only, ED25519 certificate version of the official capsule on port 19650 and encourage people to try it out with as wide a range of clients and operating systems as possible to gather some good data on how feasible it would be to start encouraging migration in that direction. I sort of hoped that maybe we'd finally be getting close...

=> 😈 dimkr · 2023-08-04 at 07:12:

Probably not as small as you'd like. My capsule was slow when I hosted it on ESP32, and even slower on a Pi Pico W. It works, but the handshake is very slow with EC. (Both with mbedtls, which is still limited to TLS 1.2.)

=> 😎 Smokey · 2023-08-04 at 15:36:

@dimkr would the spartan protocol be a better fit for those kinds of devices since it does not do TLS?

=> 😈 dimkr · 2023-08-05 at 05:46:

@Smokey In some ways, Spartan is a good alternative for small devices with static content (so no need for "authenticated users"), as long as the users use a client that supports Spartan and not just Gemini

=> 📻 solderpunk · 2023-08-05 at 09:30:

@smokey @dimkr For devices where TLS is really not possible, there's also the option of running something like Cosmarmot on a Pi on the same network, it translates Gemini stuff to Gopher. See https://git.carcosa.net/jmcbray/cosmarmot/

=> 😈 dimkr · 2023-08-05 at 13:20:

@solderpunk (Seeing myself mentioned in your reply made me blush) Proxying is definitely an option, but I prefer not to add a "computer" that acts as a "TLS accelerator" for the Pico W running my Gemini capsule, and Gopher is not really an alternative (because of the fixed width and other limitations). I want to like Spartan but I'd prefer an "exactly Gemini minus the TLS" protocol supported by all conformant Gemini clients, for the sake of code reuse.