=> Re: "is there some tls implementation for small devicdes? there..." | In: s/Gemini
gmni and gmnilm also use BearSSL (which also tripped me up in the same way it did michaelnordmeyer).
=> ๐ mbays
2023-08-03 ยท 2 years ago
=> ๐ป solderpunk ยท 2023-08-03 at 16:40:
@michaelnordmeyer Gosh darn it, I didn't want to hear that. Also on my TODO list for this year is to setup a TLS1.3 only, ED25519 certificate version of the official capsule on port 19650 and encourage people to try it out with as wide a range of clients and operating systems as possible to gather some good data on how feasible it would be to start encouraging migration in that direction. I sort of hoped that maybe we'd finally be getting close...
=> ๐ dimkr ยท 2023-08-04 at 07:12:
Probably not as small as you'd like. My capsule was slow when I hosted it on ESP32, and even slower on a Pi Pico W. It works, but the handshake is very slow with EC. (Both with mbedtls, which is still limited to TLS 1.2.)
=> ๐ Smokey ยท 2023-08-04 at 15:36:
@dimkr would the spartan protocol be a better fit for those kinds of devices since it does not do TLS?
=> ๐ dimkr ยท 2023-08-05 at 05:46:
@Smokey In some ways, Spartan is a good alternative for small devices with static content (so no need for "authenticated users"), as long as the users use a client that supports Spartan and not just Gemini
=> ๐ป solderpunk ยท 2023-08-05 at 09:30:
@smokey @dimkr For devices where TLS is really not possible, there's also the option of running something like Cosmarmot on a Pi on the same network, it translates Gemini stuff to Gopher. See https://git.carcosa.net/jmcbray/cosmarmot/
=> ๐ dimkr ยท 2023-08-05 at 13:20:
@solderpunk (Seeing myself mentioned in your reply made me blush) Proxying is definitely an option, but I prefer not to add a "computer" that acts as a "TLS accelerator" for the Pico W running my Gemini capsule, and Gopher is not really an alternative (because of the fixed width and other limitations). I want to like Spartan but I'd prefer an "exactly Gemini minus the TLS" protocol supported by all conformant Gemini clients, for the sake of code reuse.
is there some tls implementation for small devicdes? there is a tcp stack in kon-tiki, and maybe other implementations. is it possible to use tls on some 8bit device with 64kb of memory? i am thinking of potential implementations on avr, 6502. i guess m68k may even run real openssl library?
=> ๐ฌ norayr ยท 11 comments ยท 2023-08-01 ยท 2 years ago ยท #programming This content has been proxied by September (3851b).Proxy Information
text/gemini; charset=utf-8