I hadn't looked at the "bounties" page recently. It includes

"improve the tls(3) device $10 - The TLS device implements the record layer
protocols of Transport Layer Security version 1.0 and Secure Sockets Layer
version 3.0. It does not implement the handshake protocols, which are
responsible for mutual authentication and key exchange. Wanted: more
ciphers, support for user certificates, support for certificate
verification. ECDSA! ECDHE!"

I think that I'd avoid putting the negotiation and certificate stuff (as
such) in the kernel device.


On 2 July 2015 at 13:57, Charles Forsyth <charles.forsyth@gmail.com> wrote:

>
> On 2 July 2015 at 13:30, Anthony Sorace <a@9srv.net> wrote:
>
>> The p9sk1 *model* is great, and it'd be a real shame to drop it.
>
>
> There always seems to be trouble setting it up, which suggests that the
> documentation people typically first see might need revising
> (or better pointers if it exists but people don't find it).
>