Page 1 of 1
CreateNetworkServerSSL()
Posted: Thu Nov 09, 2017 10:25 pm
by swhite
Hi
I would like to request a function that lets you create a Socket Server to handle connection via SSL with an additional parameter to specify the SSL certifcate. I would like to be able to use all the Network functions that you can use with CreateNetworkServer(). With the increased push for everything on the Web to use SSL this is becoming a priority for our business.
Thanks,
Simon
Re: CreateNetworkServerSSL()
Posted: Mon Nov 13, 2017 8:53 am
by RSBasic
+1
Re: CreateNetworkServerSSL()
Posted: Mon Nov 13, 2017 3:21 pm
by LuckyLuke
+1
Re: CreateNetworkServerSSL()
Posted: Tue Nov 14, 2017 8:08 pm
by the.weavster
+1
Re: CreateNetworkServerSSL()
Posted: Sun Nov 19, 2017 11:49 am
by purenet
+1
Re: CreateNetworkServerSSL()
Posted: Sun Nov 19, 2017 12:22 pm
by Sicro
+1
Re: CreateNetworkServerSSL()
Posted: Tue Oct 19, 2021 9:58 am
by Caronte3D
+1
Re: CreateNetworkServerSSL()
Posted: Tue Oct 19, 2021 11:58 am
by NicTheQuick
Security is not a thing you just add to a command. There are so many things to consider to make it secure, there are a lot of options and you always should use the latest libraries. For the moment I think it is easier to just use a SSL/TLS proxy that is up to date.
Also SSL is outdated, nowadays we use TLS. Therefore a better naming would be "CreateNetworkServerSecure()" or something similar.
Re: CreateNetworkServerSSL()
Posted: Tue Oct 19, 2021 1:22 pm
by the.weavster
NicTheQuick wrote: ↑Tue Oct 19, 2021 11:58 am
Security is not a thing you just add to a command. There are so many things to consider to make it secure, there are a lot of options and you always should use the latest libraries. For the moment I think it is easier to just use a SSL/TLS proxy that is up to date.
Presumably those SSL/TLS proxies would be written with a programming language that did have those commands?
Re: CreateNetworkServerSSL()
Posted: Thu Oct 21, 2021 1:01 pm
by infratec
Just today I wrote this already:
As workaround in linux you can use stunnel or haproxy.
stunnel is easy to configure, but you need exclusive access to the port 443.
Re: CreateNetworkServerSSL()
Posted: Fri Oct 22, 2021 12:31 am
by idle
Simplest way to create a secure network server in PB is to use Curve25519 elliptic curve module to generate an encryption key
viewtopic.php?f=12&t=55892
https://en.wikipedia.org/wiki/Curve25519
Since 2013, Curve25519 has become the de facto alternative to P-256, being used in a wide variety of applications.[17] Starting in 2014, OpenSSH[18] defaults to Curve25519-based ECDH and GnuPG adds support for Ed25519 keys for signing and encryption.[19] Behavior for general SSH protocol is still being standardized as of 2018.[20]
In 2017, NIST announced that Curve25519 and Curve448 would be added to Special Publication 800-186, which specifies approved elliptic curves for use by the US Federal Government.[21] Both are described in RFC 7748.[22] A 2019 draft of "FIPS 186-5" confirms this claim.[23]
In 2018, DKIM specification was amended so as to allow signatures with this algorithm.[24]
Also in 2018, RFC 8446 was published as the new Transport Layer Security v1.3 standard. It requires mandatory support for X25519, Ed25519, X448, and Ed448 algorithms.[25]