You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hardening of the library's TLS reference integrations beyond the
walking-skeleton + cert-validation work shipped under E03 and the
mbedTLS walking skeleton shipped under S08.07. Covers both Platform/OpenSsl/ (the original SL4-targeted hosted-target reference)
and Platform/MbedTls/ (the embedded-target reference). Targets
revocation visibility, resource-lifetime correctness, and other
client-side TLS concerns surfaced by real-world deployment patterns now
that the fail-fast reconnect model (S12.14) makes handshake frequency a
first-class concern.
E03 took the OpenSSL-on-POSIX reference integration from "no TLS" to
"validated, hardened, mutually authenticated TLS that satisfies SL4".
S08.07 brought the mbedTLS reference integration up to the same
client-auth feature set on embedded targets. E26 picks up the items
both deferred and the ones that surfaced once the rest of the stack
landed.
Scope
Client-side TLS concerns inside Platform/OpenSsl/ and Platform/MbedTls/. Concrete items:
Adapter resource lifetime — unwind on Open failure. When a
layered TLS adapter's Open fails after the inner transport or SSL
state has been allocated, the adapter must unwind so subsequent
retries are a clean cycle. S26.02 (mbedTLS), S26.03 (OpenSSL).
OCSP stapling / revocation visibility — E03 deferred CRL/OCSP
with an ADR; revisit once a deployment surfaces a need or the
regulator asks.
Renegotiation policy — explicit decision on whether to permit
server-initiated renegotiation; OpenSSL defaults are
platform-version dependent.
Handshake-failure audit callback — surface why a handshake
failed to the integrator without leaking OpenSSL or mbedTLS types
into the public API. E03 noted this could fold into E12; pulling it
here keeps TLS-specific diagnostics together.
Each item becomes a story when scope is clear and we're ready to do
the work.
Architecture boundary
Same boundary as E03 — Core stays untouched. All work lives in Platform/OpenSsl/Source/SolidSyslogTlsStream.c, Platform/MbedTls/Source/SolidSyslogMbedTlsStream.c, and the
corresponding unit / BDD / integration tests. Public configs
(SolidSyslogTlsStreamConfig, SolidSyslogMbedTlsStreamConfig) only
grow when an item genuinely requires integrator input.
Ideas live here until commitment, matching the E24 convention. Stories
get fleshed out only when we're close to doing the work — keeps the
backlog lean and avoids rework when the design shifts.
OCSP stapling support — opt-in via SSL_CTX_set_tlsext_status_cb / SSL_set_tlsext_status_type.
Re-evaluate whether to require, prefer, or ignore stapled responses.
Renegotiation policy — explicit decision and lockdown.
Handshake-failure audit callback — typed reason code surfaced to
the integrator without leaking OpenSSL SSL_ERROR_* or mbedTLS MBEDTLS_ERR_* values.
Cipher / group tightening beyond S03.08 — track FIPS /
quantum-safe group adoption.
Out of scope
TLS session resumption (RFC 5077 tickets / session IDs / RFC 8446
1.3 PSK) — out of scope for both reference integrations, on either
backend, for either TLS version. S26.01 (OpenSSL) closed won't-do;
S26.04 (mbedTLS) merged then reverted (revert: S26.04 mbedTLS client-side TLS session resumption #492). Rationale:
Resumption is an optimization, never correctness — a full
handshake must always succeed on every (re)connect regardless.
The TCP streams use keepalive: one handshake then a long-lived
stream, so resumption only pays at reconnect and reconnects are
rare.
When reconnects do happen they're usually a disgraceful close —
exactly when the server has discarded resumable state — so the
optimization is least likely to be available in the very case it
was meant to help.
Disproportionate cost to do honestly: 1.2 and 1.3 use different
mechanisms, 1.3 tickets arrive post-handshake, and mTLS-on-resume
has separate identity semantics — four cases each needing an
honest mechanism-correct test for an optional speedup.
If ever revisited: drive the real sender stack against an
off-the-shelf server (openssl s_server / stunnel) observed
server-side at the BDD/compose layer — do not hand-roll a TLS server
in the in-process harness.
TLS 1.3 0-RTT (early data) — replay-attack tradeoff not justified
for syslog. Likely never.
Alternate TLS backend integrations beyond OpenSSL and mbedTLS
(BearSSL, wolfSSL) — remain future work; would be a fresh
integration epic per backend.
Certificate rotation mid-connection — E03 retired S03.10; the
Open-rebuilds-CTX behaviour already satisfies CR 1.5 / CR 1.8.
Revisit only if a deployment surfaces a need.
Cert-validation policy itself — E03 (S03.08, S03.09) and S08.07
are the authoritative homes for what counts as an acceptable peer
cert in their respective backends.
Hardening of the library's TLS reference integrations beyond the
walking-skeleton + cert-validation work shipped under E03 and the
mbedTLS walking skeleton shipped under S08.07. Covers both
Platform/OpenSsl/(the original SL4-targeted hosted-target reference)and
Platform/MbedTls/(the embedded-target reference). Targetsrevocation visibility, resource-lifetime correctness, and other
client-side TLS concerns surfaced by real-world deployment patterns now
that the fail-fast reconnect model (S12.14) makes handshake frequency a
first-class concern.
E03 took the OpenSSL-on-POSIX reference integration from "no TLS" to
"validated, hardened, mutually authenticated TLS that satisfies SL4".
S08.07 brought the mbedTLS reference integration up to the same
client-auth feature set on embedded targets. E26 picks up the items
both deferred and the ones that surfaced once the rest of the stack
landed.
Scope
Client-side TLS concerns inside
Platform/OpenSsl/andPlatform/MbedTls/. Concrete items:layered TLS adapter's
Openfails after the inner transport or SSLstate has been allocated, the adapter must unwind so subsequent
retries are a clean cycle. S26.02 (mbedTLS), S26.03 (OpenSSL).
with an ADR; revisit once a deployment surfaces a need or the
regulator asks.
server-initiated renegotiation; OpenSSL defaults are
platform-version dependent.
failed to the integrator without leaking OpenSSL or mbedTLS types
into the public API. E03 noted this could fold into E12; pulling it
here keeps TLS-specific diagnostics together.
Each item becomes a story when scope is clear and we're ready to do
the work.
Architecture boundary
Same boundary as E03 — Core stays untouched. All work lives in
Platform/OpenSsl/Source/SolidSyslogTlsStream.c,Platform/MbedTls/Source/SolidSyslogMbedTlsStream.c, and thecorresponding unit / BDD / integration tests. Public configs
(
SolidSyslogTlsStreamConfig,SolidSyslogMbedTlsStreamConfig) onlygrow when an item genuinely requires integrator input.
Stories
Candidate ideas
Ideas live here until commitment, matching the E24 convention. Stories
get fleshed out only when we're close to doing the work — keeps the
backlog lean and avoids rework when the design shifts.
SSL_CTX_set_tlsext_status_cb/SSL_set_tlsext_status_type.Re-evaluate whether to require, prefer, or ignore stapled responses.
the integrator without leaking OpenSSL
SSL_ERROR_*or mbedTLSMBEDTLS_ERR_*values.quantum-safe group adoption.
Out of scope
TLS session resumption (RFC 5077 tickets / session IDs / RFC 8446
1.3 PSK) — out of scope for both reference integrations, on either
backend, for either TLS version. S26.01 (OpenSSL) closed won't-do;
S26.04 (mbedTLS) merged then reverted (revert: S26.04 mbedTLS client-side TLS session resumption #492). Rationale:
handshake must always succeed on every (re)connect regardless.
stream, so resumption only pays at reconnect and reconnects are
rare.
exactly when the server has discarded resumable state — so the
optimization is least likely to be available in the very case it
was meant to help.
mechanisms, 1.3 tickets arrive post-handshake, and mTLS-on-resume
has separate identity semantics — four cases each needing an
honest mechanism-correct test for an optional speedup.
If ever revisited: drive the real sender stack against an
off-the-shelf server (
openssl s_server/ stunnel) observedserver-side at the BDD/compose layer — do not hand-roll a TLS server
in the in-process harness.
TLS 1.3 0-RTT (early data) — replay-attack tradeoff not justified
for syslog. Likely never.
Alternate TLS backend integrations beyond OpenSSL and mbedTLS
(BearSSL, wolfSSL) — remain future work; would be a fresh
integration epic per backend.
Server-side TLS concerns — we're a client.
Cryptographic integrity / encryption of stored records — that's
E17 (E17: Cryptographic integrity and confidentiality at rest #105).
Certificate rotation mid-connection — E03 retired S03.10; the
Open-rebuilds-CTX behaviour already satisfies CR 1.5 / CR 1.8.
Revisit only if a deployment surfaces a need.
Cert-validation policy itself — E03 (S03.08, S03.09) and S08.07
are the authoritative homes for what counts as an acceptable peer
cert in their respective backends.
PSK mode — out of scope of E03, S08.07, and E26.