1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Original TLS Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
TLS 1.4.1 Copyright (C) 2000 Ajuba Solutions
TLS 1.6 Copyright (C) 2008 ActiveState Software Inc.
TLS 1.7 Copyright (C) 2016 Matt Newman, Ajuba Solutions, ActiveState
Software Inc, Roy Keene <tcltls@rkeene.org>
TLS (aka SSL) Channel - can be layered on any bi-directional Tcl_Channel.
Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.
Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.
The current release is TLS 1.7, with binaries built against OpenSSL 1.1.1.
For best security and function, always compile from source with the latest
official release of OpenSSL (http://www.openssl.org/).
TLS 1.7 and newer require Tcl 8.4.0+, older versions may be used if older
versions of Tcl need to be used.
TclTLS requires OpenSSL or LibreSSL in order to be compiled and function.
Non-exclusive credits for TLS are:
Original work: Matt Newman @ Novadigm
Updates: Jeff Hobbs @ ActiveState
Tcl Channel mechanism: Andreas Kupries
Impetus/Related work: tclSSL (Colin McCormack, Shared Technology)
SSLtcl (Peter Antman)
This code is licensed under the same terms as the Tcl Core.
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
|
<
<
|
<
<
<
<
<
<
<
<
>
>
>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
Tool Command Language (TCL) Transport Layer Security (TLS) Extension
Intro
=====
This package provides an extension which implements Secure Socket Layer (SSL)
and Transport Layer Security (TLS) over Transmission Control Protocol (TCP)
network communication channels. It utilizes either the OpenSSL or LibreSSL
software library.
Version 2.0 also provides a cryptography library providing TCL scripts access
to the crypto capabilities of the OpenSSL library.
Description
===========
This extension works by creating a layered TCL Channel on top of an existing
bi-directional channel created by the TLS socket command. All existing socket
functionality is supported, in addition to several new options. Both client
and server modes are supported.
Documentation
=============
See the doc directory for the full usage documentation.
Compatibility
=============
This package requires TCL 8.5 or later.
This package is compatible with:
- OpenSSL v1.1.1 or later. See (http://www.openssl.org/
- LibreSSL (TBD version)
Installation
============
This package uses the Tcl Extension Architecture (TEA) to build and install on
any supported Unix, Mac, or MS Windows system. Either the OpenSSL or LibreSSL
software libraries must be built and available prior to building TCL TLS.
UNIX and Linux
--------------
The standard TEA config, make and install process is supported.
$ cd tcltls
$ ./configure --enable-64bit --enable-deterministic --with-builtin-dh-params-size=2048
$ make
$ make test
$ make install
The supported configure options include all of the standard TEA configure script
options, plus:
--disable-tls1 disable TLS1 protocol
--disable-tls1_1 disable TLS1.1 protocol
--disable-tls1_2 disable TLS1.2 protocol
--disable-tls1_3 disable TLS1.3 protocol
--enable-deterministic enable deterministic DH parameters
--enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library
--enable-hardening enable hardening attempts
--enable-static-ssl enable static linking to the SSL library
--with-builtin-dh-params-size=<bits> specify the size of the built-in, precomputed, DH params
If either TCL or OpenSSL are installed in non-standard locations, the following
configure options are available. For all options, see ./configure --help.
--with-tcl=<dir> path to where tclCondig.sh file resides
--with-tclinclude=<dir> directory containing the public Tcl header files
--with-openssl-dir=<dir> path to root directory of OpenSSL or LibreSSL installation
--with-openssl-includedir=<dir> path to include directory of OpenSSL or LibreSSL installation
--with-openssl-libdir=<dir> path to lib directory of OpenSSL or LibreSSL installation
--with-openssl-pkgconfig=<dir> path to root directory of OpenSSL or LibreSSL pkgconfigdir
MacOS
-----
The standard TEA installation process is supported. Use the --with-tcl option
to set the TCL path if the ActiveState or other non-Apple version of TCL is to
be used.
$ cd tcltls
$ ./configure --with-tcl=/Library/Frameworks/Tcl.framework/
$ make
$ make test
$ make install
Windows
-------
If installing with MinGW, use the TEA build process. If using MS Visual C
(MSVC), see the win/README.txt file for the installation instructions.
Copyrights
==========
Original TLS Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
TLS 1.4.1 Copyright (C) 2000 Ajuba Solutions
TLS 1.6 Copyright (C) 2008 ActiveState Software Inc.
TLS 1.7 Copyright (C) 2016 Matt Newman, Ajuba Solutions, ActiveState
Software Inc, Roy Keene <tcltls@rkeene.org>
TLS 1.9-2.0 Copyright (C) 2023 Brian O'Hagan
Acknowledgments
===============
Non-exclusive credits for TLS are:
Original work: Matt Newman @ Novadigm
Updates: Jeff Hobbs @ ActiveState
Tcl Channel mechanism: Andreas Kupries
Impetus/Related work: tclSSL (Colin McCormack, Shared Technology)
SSLtcl (Peter Antman)
License
=======
This code is licensed under the same terms as the Tcl Core.
|