SRP Open-Source Software

This site continues to host the SRP Distribution, which has historically been a useful demontration of SRP authentication and continues to serve an educational purpose. In recent years, the rapid growth in third-party implementations of SRP has meant that the best building blocks for most developers to integrate SRP into their projects are now most likely to be found through external sites.

With the advent of TLS-SRP, it is now possible to integrate SRP into most software projects by linking against one of the many third-party TLS-SRP implementations and calling the appropriate API. The SRP/TLS download section on this site will host mostly patches and add-ons to third-party libraries or software to enable SRP-TLS functionality. It is a good idea to check the links page first before trying the patches on this site, since many TLS stacks already support SRP natively.

Some of the SRP software and patches available from this site are designed to interface with strong cryptographic libraries from third parties. Please ensure that you are in compliance with local import/export and/or usage restrictions before downloading any packages from this site.

SRP/TLS Downloads

Patches to add SRP ciphersuite support to OpenSSL:

OpenSSL 1.0.0

NOTE: Users of OpenSSL 1.0.0b can apply the 1.0.0a patch.

OpenSSL 0.9.8

NOTE: Users of OpenSSL 0.9.8o through 0.9.8q can apply the 0.9.8m patch.

NOTE: Users of OpenSSL 0.9.8l and 0.9.8k can apply the 0.9.8j patch.

NOTE: Patches against development snapshots are available through OpenSSL's Request Tracker (use guest as username and password if prompted).

NOTE: For patches against OpenSSL 0.9.7, visit the EdelKey project website.

SRP Distribution

The SRP Distribution contains SRP-enabled Telnet and FTP, as well as the original SRP API library.

Table of Contents

NOTE: Version 2.1.2 incorporates security fixes for SRP parameter checking in the FTP client and a security fix for a Telnet server vulnerability. Please upgrade if you are running an older version.

NOTE: Version 2.1.1 incorporates security fixes in Telnet and for SRP parameter checking. Please upgrade if you are running an older version.

NOTE: Version 2.0.0 supports the new SRP-6 protocol, removes limitations on group size, and improves performance relative to 1.x. Support for crypto accelerators is also available via OpenSSL. This version also adds LibTomCrypt and MPI math library support.

NOTE: Version 1.7.5 fixes the "FTPd glob() vulnerability". Please upgrade if you are running an older version of ftpd.

NOTE: Version 1.7.4 fixes the "Telnetd AYT vulnerability". Please upgrade if you are running an older version of telnetd.

NOTE: Version 1.7.1 no longer bundles strong encryption code with the SRP distribution, but instead links against crypto libraries like OpenSSL to enable strong encryption.

NOTE: Version 1.7.0 is a major new release with a large number of fixes and new features. Read the 1.7.0 release notes for more information.

NOTE: Version 1.6.0 added parameter checking to the SRP client library for full conformance to RFC 2945. Clients are strongly urged to upgrade to this new release.

NOTE: Beginning with release 1.5.2, the SRP distribution can be linked against the OpenSSL libraries for large number math and crypto support. The following package is recommended for this option:

NOTE: Beginning with release 1.4, the large number math library has been unbundled from the main SRP distribution. To build the SRP distribution from scratch, you will need to build one of the following packages if you don't already have one installed on your system.

Binary distributions are also available for those of you unable to build from source. This includes all the PAM modules, as well as the secure Telnet and FTP clients for Windows 95/NT.

Mirrors

The entire SRP distribution is available via FTP; this includes both source and binary distributions.

North America, West Coast

North America, East Coast

International

If you mirror any of our software and want me to add a link to your site, please let me know.


Back