

Not-quite-so-broken TLS - amirmc
https://nqsb.io

======
amirmc
One of the really useful things is that there is now a (peer-reviewed) paper
on the work, which covers much more detail about the motivation, as well as
performance results ("same handshake performance as OpenSSL and 73% – 84% for
bulk throughput").

[https://nqsb.io/nqsbtls-usenix-security15.pdf](https://nqsb.io/nqsbtls-
usenix-security15.pdf)

~~~
pasbesoin
404 at the moment, and not in Wayback. Google Cache finds it at:

[http://webcache.googleusercontent.com/search?q=cache:https%3...](http://webcache.googleusercontent.com/search?q=cache:https%3A%2F%2Fnqsb.io%2Fnqsbtls-
usenix-security15.pdf)

in turn listing the source as:

[http://www.cl.cam.ac.uk/~pes20/nqsbtls-usenix-
security15.pdf](http://www.cl.cam.ac.uk/~pes20/nqsbtls-usenix-security15.pdf)

~~~
avsm
You're getting a 404 from nqsb.io? This: [https://nqsb.io/nqsbtls-usenix-
security15.pdf](https://nqsb.io/nqsbtls-usenix-security15.pdf) works fine for
me. What browser/cache setup do you have? Does a `curl` work?

I left another copy of the paper on my homepage at
[http://anil.recoil.org/papers/2015-usenixsec-
nqsb.pdf](http://anil.recoil.org/papers/2015-usenixsec-nqsb.pdf), but Peter's
version or the USENIX site should be fine as well.

~~~
pasbesoin
Sorry for my delay responding; HN Notify just, very belatedly (10 days later),
spit out a notification of your reply.

In case the information is of any value, this much later, the first link (at
nqsb.io) works for me, now. (So does the second link.)

------
hannesm
some might have heard of this TLS stack as OCaml-TLS, but we rebranded it for
our Usenix security paper. The paper includes an evaluation of common
vulnerabilities in widely used TLS stacks in 2014.

~~~
edwintorok
Is the rebranding just for the paper or you plan on keeping it? Or is it
because you plan on making this available to non-OCaml applications as well (I
think it was mentioned previously on HN that ctypes/cstubs could be used in
reverse mode for this)?

~~~
avsm
Definitely working on making it available to non-OCaml applications as well.
The most obvious way is by using 'tlstunnel' to act as a TLS terminator to
TCP, but also via inverted Ctypes to ship a shared library and C header files.
More on that when it's working...

