David said:
I'd be interested with breaking the dependency on OpenSSL, for various reasons: [snip]
Can't say I'm surprised by these. Its unfortunate the situation hasn't improved. I recall a half decent O'Reilly book on OpenSSL but if you weren't using it as a cookbook (and wanted a 1-off solution) then it wasn't so useful.
So, a replacement would need to be a complete replacement for TLS. I did in fact try to start with this, implementing my own simpler TLS-ish protocol, using crypto primitives directly. It took a group of crypto experts about 5 minutes to punch 3 different holes in the protocol
You could have gone to Hackage and checked your protocols correctness using CPSA, not that the side-channel attacks would be discovered by such a tool.
That said, with the Haskell Crypto API stabilizing, I've been toying with the project of a pure Haskell TLS implementation, which would solve the annoying dependency issue while hanging on to a hardened protocol.
I'm releasing crypto-api-0.1 on Tuesday so if you have any last minute comments now is the time!
However, this is also far from a simple endeavor, especially if the implementation is to be hardened against side-channel attacks, which I'm not even sure is possible in Haskell.
Well, to determine if that's possible we'd need a definition of side-channel attack which is counter to many definitions of side-channel ;-). Perhaps a list of common ones OpenSSL thinks it addresses would give us a good start. If you start on such a task (Haskell TLS) then perhaps you could drop a line to l@h.o or c@h.o? Cheers, Thomas