elfprince13 wrote:
Been browsing USB <-> Ethernet adapters on Amazon and very few seem to specify which spec they implement. Any tips for avoiding RNDIS devices?
This is an issue I have been having as well, and I have about 5 adapters lying around that I've bought specifically for testing this project.
2 of them are Gigabit adapters, both are NCM. This may be a reliable thing.
1 of them is 10/100/1000 (also listed as Gigabit). It is also NCM.
It might be reliable that Gigabit adapters are NCM.
1 of them is 10/100 (Cablecreations). It is ECM.
A final one was 10/100. It is vendor-specific and thus did not work.
I could test more of these out.
I also have an Ethernet to WiFi-N with WPS adapter for testing that and it works as well. If there is a standard for SSID checking and selection (can we implement wpa_supplicant?), we may be able to support them too.
Regarding TLS, it seems our best bet for max compatibility for 1.2 is to support:
ECDSA Certificates: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
RSA Certificates: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
For TLS 1.3 we could use:
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_AES_128_CCM_SHA256
TLS_AES_128_CCM_8_SHA256
or implement AES-CCM.
*SHA-384 not currently implemented
So to sum up...
For TLS .12
- Ephemeral Elliptic Curve Diffie-Hellman w SECP256k1
- RSA encrypt/decrypt/sign, min 2048 bits
- AES-128-GCM (already implemented)
- SHA-256 (already implemented)
and to support TLS 1.3, the following additional
- SHA-384
Lastly, here are a list of issues that are currently open for TLS support and assistance welcome. If anyone has time, knowledge, feel free to nab one and complete it, then pull request to the TLS branch.
https://github.com/cagstech/lwip-ce/issues/11
https://github.com/cagstech/lwip-ce/issues/12
https://github.com/cagstech/lwip-ce/issues/14
https://github.com/cagstech/lwip-ce/issues/15