Commit graph

8 commits

Author SHA1 Message Date
Albert Vaca Cintora
9a39eaa237 Use EC keys instead of RSA
Use smaller and safer EC keys, replacing 2048 bit RSA.

NID_X9_62_prime256v1 is roughly as secure as a 3072 bit RSA key, but way shorter. 
Since we have to embed the key in the identity packet that is sent over UDP and
some stacks aren't happy with large UDP messages (notably: macos), I switched to
EC instead of to a longer RSA key.

This seems to be compatible with other clients even on older systems like Android 5.0.

I did stick with NID_X9_62_prime256v1 because stronger EC like NID_secp384r1 failed
the handshake (I didn't investigate why).

We now store the kind of key in the config, so we can know which kind of key we are loading.
2024-05-19 10:04:43 +00:00
Alexander Lohnau
dc8f3e209e Reformat project with clang-format 2023-12-02 14:56:20 +01:00
Albert Vaca Cintora
f5b4a174e4 Use nullptr instead of NULL 2023-08-08 20:24:22 +02:00
Albert Vaca Cintora
675d1c1262 Make it compile and don't use .data() on temporary QByteArray 2023-07-29 10:36:12 +02:00
Edward Kigwana
20e7790773 core: sslhelper: Check return of openssl functions
Use unique_ptr to manage object lifetime and also avoid use of deprecated
MACROS and functions.
2023-07-29 10:36:09 +02:00
Edward Kigwana
1bbd9ff6e3 core: sslhelper: Extern openssl headers and add getSslError helper
openssl headers include C headers prior to #ifdef __cplusplus.

Signed-off-by: Edward Kigwana <ekigwana@gmail.com>
2023-07-29 10:35:37 +02:00
Albert Vaca Cintora
d0786d1b62 Simplify using QSslKey 2023-07-29 10:35:37 +02:00
Albert Vaca Cintora
d948d882aa Replace QCA with a simple OpenSSL wrapper 2023-07-29 08:19:17 +00:00