SSL/TLS - am I doing it right?

From: "Frank Millman" <frank@xxxxxxxxxxxx>
Date: 13 Mar 2006 01:03:27 -0800

Hi all

I am writing a multi-user accounting/business application, which uses
sockets to communicate between client and server. I want to offer the
option of encrypting the traffic between the two. The main reason for
this is to cater for wireless communication.

I have read up on SSL, and more or less understand the concepts. I have
downloaded some additional software, read the instructions, and seem to
have got it working. However, I have no in-depth knowledge of what is
going on, and I have no idea how to check if I am doing it correctly.

The subject is too important to learn the hard way that I am doing
something wrong. Therefore I would be grateful if someone would review
the steps I have taken (listed below), and advise on whether there is
anything obviously wrong or missing.

TIA

Frank Millman

1. Install
----------
OpenSSL
M2Crypto
TLSLite

2. Create KeyPair + Certificate
-------------------------------
openssl genrsa -out privkey.key 1024
openssl req -new -x509 -key privkey.key -out privkey.crt -days 1095
cp privkey.key privkey.pem
cat privkey.crt >> privkey.pem

3. Modify Server
----------------
old -
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((HOST,PORT))
s.listen(1)
while 1:
conn,addr = s.accept()
data = conn.recv(1024)

new -
f = open('/home/frank/secrets/privkey.pem').read()
x509 = X509()
x509.parse(f)
certChain = X509CertChain([x509])
f = open('/home/frank/secrets/privkey.pem').read()
privateKey = parsePEMKey(f,private=True)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((HOST,PORT))
s.listen(1)
while 1:
conn,addr = s.accept()
c = TLSConnection(conn)
c.handshakeServer(certChain=certChain,privateKey=privateKey)
data = c.recv(1024)

4.Modify Client
---------------
old -
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST,PORT))
s.send(data)

new -
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST,PORT))
c = TLSConnection(s)
c.handshakeClientCert()
c.send(data)

.

Follow-Ups:
- Re: SSL/TLS - am I doing it right?
  - From: Sybren Stuvel

Prev by Date: Re: Is this possible in Python?
Next by Date: Re: __del__ not called?
Previous by thread: Is this possible in Python?
Next by thread: Re: SSL/TLS - am I doing it right?
Index(es):
- Date
- Thread

Relevant Pages

Re: jboss normal client/server communication
... > some client side libraries for marshalling and setting up the ... > Setting up a servlet on the server and communicate directly with this ... The servlet could even emit ... > going to run in the same local area network as the server, ...
(comp.lang.java.programmer)
Re: jboss normal client/server communication
... some client side libraries for marshalling and setting up the ... Setting up a servlet on the server and communicate directly with this ...
(comp.lang.java.programmer)
CryptImportKey
... To secure the transmission i use public key encrypting. ... The privatekeyblob goes with the server and the publickeyblob exists in the client application. ...
(microsoft.public.platformsdk.security)
Re: Sockets programming
... > I've been following a socket programming tutorial to make a simple TCP ... > However the structure of it is to have a server listening for requests from ... > client but only that one. ... > paragraph above to communicate with multiple clients at the same time on the ...
(microsoft.public.vc.language)
Re: Bidirectional RPC communication, [callback] or client string binding?
... Thank you for the info on why "callback" examples have been removed. ... The server can not communicate to the client if it relies on the client ...
(microsoft.public.win32.programmer.networks)