... | ... | @@ -4,11 +4,11 @@ Welcome to Kea 1.9.6, the seventh monthly release of the 1.9 development branch. |
|
|
|
|
|
This release adds new features, improves existing features, clarifies documentation, and fixes a few bugs. The most notable changes introduced in this version are:
|
|
|
|
|
|
**Experimental TLS support**. This release introduces support for TLS in CA (Control Agent). The CA can now be configured to accept incoming https connections. Right now three modes of operation. First is a plain HTTP with TLS completely disabled. This mode what the only mode available. The second mode is encryption, where the CA accepts TLS connections. You need to provide CA (Certificate Authority) and server public certificate and private key. This is the typical mode when securing a website, where clients and servers are not under the control of the same organization. The third mode is mutual authentication between connecting clients and the CA server. In this mode, clients are required to identify themselves using TLS certificates. #1726, #1661, #1662, #1663, #1664, #1748, #1758
|
|
|
**Experimental TLS support**. This release introduces support for TLS in CA (Control Agent). The CA can now be configured to accept incoming HTTPS connections. Three modes of operation are available. First is a plain HTTP with TLS completely disabled (this was the only mode available so far). The second mode is encryption, where the CA accepts TLS connections. This is the typical mode when securing a website, where clients and servers are not under the control of the same organization. The third mode is mutual authentication between connecting clients and the CA server. In this mode, clients are required to identify themselves using TLS certificates, clients verify server's certificate and server verify client's. This work was done in #1661, #1662, #1663, #1664, #1726, #1748, #1758.
|
|
|
|
|
|
The TLS support is considered experimental and currently has a number of limitations:
|
|
|
|
|
|
- It is reasonably well tested with OpenSSL and boost. Kea uses boost ASIO wrapper around OpenSSL. If your boost or OpenSSL are too old, you may encounter problems. See new Section 23. Kea Security section in Kea ARM for details.
|
|
|
- It is reasonably well tested with some versions of OpenSSL and Boost. Kea uses boost ASIO wrapper around OpenSSL. If your Boost or OpenSSL is too old, you may encounter problems. See new Section 23. Kea Security section in Kea ARM for details.
|
|
|
|
|
|
- Kea supports two cryptographic libraries: OpenSSL and Botan. The Kea code for Botan is not finished yet. The code will compile and unit tests will pass, but the TLS support may not work.
|
|
|
|
... | ... | |