Encrypted connection

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

   I'm in the planning stage of writing a server-client
application for which I need good enryption of all data
exchanged between the server and client. While the client-
server part as such does't pose a major problem I don't
have much experience with encrypting a connection. I have
done quite a bit of reading and checking what's available
on CPAN, but I haven't yet a good idea about the best way
to do it. Some packages seem to only cover the client side,
others have rather mixed reviews etc. I guess several peo-
ple here have been doing this kind of stuff for years and
years and I would be really grateful for all pointers and
                   Thanks and best regards, Jens
  \   Jens Thoms Toerring  ___      jt@toerring.de
   \__________________________      http://toerring.de

Re: Encrypted connection

Quoted text here. Click to load it


       There is a related module called "Net::SSLeay::Handle" included
       in this distribution that you might want to use instead. It has
       its own pod documentation.

       This module offers some high level convinience functions for
       accessing web pages on SSL servers (for symmetry, same API is
       offered for accessing http servers, too), a "sslcat()" function
       for writing your own clients, and finally access to the SSL api
       of SSLeay/OpenSSL package so you can write servers or clients
       for more complicated applications.

I've only used it for Net::SSLeay::Handle clients, but it looks like
the Net::SSLeay documentation includes sample client and server code.

all in favor of someone else coding the encryption bits

Re: Encrypted connection

Quoted text here. Click to load it

That's a good answer, but it's probably easier to use IO::Socket::SSL,
which is a layer over New::SSLeay that looks (almost) just like
IO::Socket::INET. Remember to be careful about verifying the server
certificate, and the client cert if you use one. You don't necessarily
need certs from a public CA: using a private self-signed CA is fine, but
you do need to check the certificate has been properly signed by the
right CA.

Sensible alternatives include ssh, Kerberos, and using HTTPS with a web
server to handle the server-side encryption.


Re: Encrypted connection

Ben Morrow wrote:

Quoted text here. Click to load it

And to the OP - don't discount the possibility of hooking IO through an
external tool, eg:

stunnel or socat or a real ssh client. A variation on this trick is to rig
stunnel/socat (and inetd) to deal with the SSL connection and present an
unencrypted net socket (or unix domain socket) on the loopback address to
which the local client or server will connect.

It's not as neat as having the client/server program deal with it - OTOH it
may be simpler and often, simpler lessens problems that lead to security


Tim Watts

Re: Encrypted connection


   thank you very much to all of you - I guess I have now
a better idea were to look first and how to get started!

                      Best regards, Jens
  \   Jens Thoms Toerring  ___      jt@toerring.de
   \__________________________      http://toerring.de

Site Timeline