CreateNetworkServerSSL()

Got an idea for enhancing PureBasic? New command(s) you'd like to see?
swhite
Enthusiast
Enthusiast
Posts: 726
Joined: Thu May 21, 2009 6:56 pm

CreateNetworkServerSSL()

Post by swhite »

Hi

I would like to request a function that lets you create a Socket Server to handle connection via SSL with an additional parameter to specify the SSL certifcate. I would like to be able to use all the Network functions that you can use with CreateNetworkServer(). With the increased push for everything on the Web to use SSL this is becoming a priority for our business.

Thanks,
Simon
Simon White
dCipher Computing
User avatar
RSBasic
Moderator
Moderator
Posts: 1218
Joined: Thu Dec 31, 2009 11:05 pm
Location: Gernsbach (Germany)
Contact:

Re: CreateNetworkServerSSL()

Post by RSBasic »

+1
Image
Image
LuckyLuke
Enthusiast
Enthusiast
Posts: 181
Joined: Fri Jun 06, 2003 2:41 pm
Location: Belgium

Re: CreateNetworkServerSSL()

Post by LuckyLuke »

+1

LuckyLuke
User avatar
the.weavster
Addict
Addict
Posts: 1531
Joined: Thu Jul 03, 2003 6:53 pm
Location: England

Re: CreateNetworkServerSSL()

Post by the.weavster »

+1
purenet
User
User
Posts: 30
Joined: Wed Oct 21, 2009 10:11 am

Re: CreateNetworkServerSSL()

Post by purenet »

+1
User avatar
Sicro
Enthusiast
Enthusiast
Posts: 538
Joined: Wed Jun 25, 2014 5:25 pm
Location: Germany
Contact:

Re: CreateNetworkServerSSL()

Post by Sicro »

+1
Image
Why OpenSource should have a license :: PB-CodeArchiv-Rebirth :: Pleasant-Dark (syntax color scheme) :: RegEx-Engine (compiles RegExes to NFA/DFA)
Manjaro Xfce x64 (Main system) :: Windows 10 Home (VirtualBox) :: Newest PureBasic version
User avatar
Caronte3D
Addict
Addict
Posts: 1014
Joined: Fri Jan 22, 2016 5:33 pm
Location: Some Universe

Re: CreateNetworkServerSSL()

Post by Caronte3D »

+1
User avatar
NicTheQuick
Addict
Addict
Posts: 1218
Joined: Sun Jun 22, 2003 7:43 pm
Location: Germany, Saarbrücken
Contact:

Re: CreateNetworkServerSSL()

Post by NicTheQuick »

Security is not a thing you just add to a command. There are so many things to consider to make it secure, there are a lot of options and you always should use the latest libraries. For the moment I think it is easier to just use a SSL/TLS proxy that is up to date.
Also SSL is outdated, nowadays we use TLS. Therefore a better naming would be "CreateNetworkServerSecure()" or something similar.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
User avatar
the.weavster
Addict
Addict
Posts: 1531
Joined: Thu Jul 03, 2003 6:53 pm
Location: England

Re: CreateNetworkServerSSL()

Post by the.weavster »

NicTheQuick wrote: Tue Oct 19, 2021 11:58 am Security is not a thing you just add to a command. There are so many things to consider to make it secure, there are a lot of options and you always should use the latest libraries. For the moment I think it is easier to just use a SSL/TLS proxy that is up to date.
Presumably those SSL/TLS proxies would be written with a programming language that did have those commands?
:?
infratec
Always Here
Always Here
Posts: 6810
Joined: Sun Sep 07, 2008 12:45 pm
Location: Germany

Re: CreateNetworkServerSSL()

Post by infratec »

Just today I wrote this already:

As workaround in linux you can use stunnel or haproxy.

stunnel is easy to configure, but you need exclusive access to the port 443.
User avatar
idle
Always Here
Always Here
Posts: 5018
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: CreateNetworkServerSSL()

Post by idle »

Simplest way to create a secure network server in PB is to use Curve25519 elliptic curve module to generate an encryption key
viewtopic.php?f=12&t=55892


https://en.wikipedia.org/wiki/Curve25519
Since 2013, Curve25519 has become the de facto alternative to P-256, being used in a wide variety of applications.[17] Starting in 2014, OpenSSH[18] defaults to Curve25519-based ECDH and GnuPG adds support for Ed25519 keys for signing and encryption.[19] Behavior for general SSH protocol is still being standardized as of 2018.[20]

In 2017, NIST announced that Curve25519 and Curve448 would be added to Special Publication 800-186, which specifies approved elliptic curves for use by the US Federal Government.[21] Both are described in RFC 7748.[22] A 2019 draft of "FIPS 186-5" confirms this claim.[23]

In 2018, DKIM specification was amended so as to allow signatures with this algorithm.[24]

Also in 2018, RFC 8446 was published as the new Transport Layer Security v1.3 standard. It requires mandatory support for X25519, Ed25519, X448, and Ed448 algorithms.[25]
Post Reply