Current design of the peer protocol handshake limits alternative implementations in languages other than C/C++ as described in this article. Indeed, src/ripple/overlay/README.md refers to the current implementation rather than describing the protocol:
* `Session-Signature`
This field must be present. It contains a cryptographic token formed
from the SHA512 hash of the shared data exchanged during SSL handshaking.
For more details see the corresponding source code.
apparently referring to lines 31-93 in src/ripple/overlay/impl/TMHello.cpp.
OpenSSL routines SSL_get_finished and SSL_get_peer_finished are being used to access Finished messages sent over the socket which violates TLS socket transparency. These low-lever routines are only available in C/C++ for a reason.
Requesting protocol upgrade to RTXP/1.3 with Session-Signature (HTTP header) and nodeproof (the corresponding field of the Hello message in protobuf protocol) replaced by a more portable mechanism which would not be language-specific and could be implemented in other programming languages, for example using Node.js.
Current design of the peer protocol handshake limits alternative implementations in languages other than C/C++ as described in this article. Indeed,
src/ripple/overlay/README.mdrefers to the current implementation rather than describing the protocol:apparently referring to lines 31-93 in
src/ripple/overlay/impl/TMHello.cpp.OpenSSL routines
SSL_get_finishedandSSL_get_peer_finishedare being used to accessFinishedmessages sent over the socket which violates TLS socket transparency. These low-lever routines are only available in C/C++ for a reason.Requesting protocol upgrade to RTXP/1.3 with
Session-Signature(HTTP header) andnodeproof(the corresponding field of theHellomessage inprotobufprotocol) replaced by a more portable mechanism which would not be language-specific and could be implemented in other programming languages, for example using Node.js.