CreateNetworkServerSSL()
CreateNetworkServerSSL()
Hi
I would like to request a function that lets you create a Socket Server to handle connection via SSL with an additional parameter to specify the SSL certifcate. I would like to be able to use all the Network functions that you can use with CreateNetworkServer(). With the increased push for everything on the Web to use SSL this is becoming a priority for our business.
Thanks,
Simon
I would like to request a function that lets you create a Socket Server to handle connection via SSL with an additional parameter to specify the SSL certifcate. I would like to be able to use all the Network functions that you can use with CreateNetworkServer(). With the increased push for everything on the Web to use SSL this is becoming a priority for our business.
Thanks,
Simon
Simon White
dCipher Computing
dCipher Computing
- the.weavster
- Addict
- Posts: 1537
- Joined: Thu Jul 03, 2003 6:53 pm
- Location: England
Re: CreateNetworkServerSSL()
+1
Why OpenSource should have a license :: PB-CodeArchiv-Rebirth :: Pleasant-Dark (syntax color scheme) :: RegEx-Engine (compiles RegExes to NFA/DFA)
Manjaro Xfce x64 (Main system) :: Windows 10 Home (VirtualBox) :: Newest PureBasic version
- NicTheQuick
- Addict
- Posts: 1226
- Joined: Sun Jun 22, 2003 7:43 pm
- Location: Germany, Saarbrücken
- Contact:
Re: CreateNetworkServerSSL()
Security is not a thing you just add to a command. There are so many things to consider to make it secure, there are a lot of options and you always should use the latest libraries. For the moment I think it is easier to just use a SSL/TLS proxy that is up to date.
Also SSL is outdated, nowadays we use TLS. Therefore a better naming would be "CreateNetworkServerSecure()" or something similar.
Also SSL is outdated, nowadays we use TLS. Therefore a better naming would be "CreateNetworkServerSecure()" or something similar.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
- the.weavster
- Addict
- Posts: 1537
- Joined: Thu Jul 03, 2003 6:53 pm
- Location: England
Re: CreateNetworkServerSSL()
Presumably those SSL/TLS proxies would be written with a programming language that did have those commands?NicTheQuick wrote: ↑Tue Oct 19, 2021 11:58 am Security is not a thing you just add to a command. There are so many things to consider to make it secure, there are a lot of options and you always should use the latest libraries. For the moment I think it is easier to just use a SSL/TLS proxy that is up to date.
Re: CreateNetworkServerSSL()
Just today I wrote this already:
As workaround in linux you can use stunnel or haproxy.
stunnel is easy to configure, but you need exclusive access to the port 443.
As workaround in linux you can use stunnel or haproxy.
stunnel is easy to configure, but you need exclusive access to the port 443.
Re: CreateNetworkServerSSL()
Simplest way to create a secure network server in PB is to use Curve25519 elliptic curve module to generate an encryption key
viewtopic.php?f=12&t=55892
https://en.wikipedia.org/wiki/Curve25519
viewtopic.php?f=12&t=55892
https://en.wikipedia.org/wiki/Curve25519
Since 2013, Curve25519 has become the de facto alternative to P-256, being used in a wide variety of applications.[17] Starting in 2014, OpenSSH[18] defaults to Curve25519-based ECDH and GnuPG adds support for Ed25519 keys for signing and encryption.[19] Behavior for general SSH protocol is still being standardized as of 2018.[20]
In 2017, NIST announced that Curve25519 and Curve448 would be added to Special Publication 800-186, which specifies approved elliptic curves for use by the US Federal Government.[21] Both are described in RFC 7748.[22] A 2019 draft of "FIPS 186-5" confirms this claim.[23]
In 2018, DKIM specification was amended so as to allow signatures with this algorithm.[24]
Also in 2018, RFC 8446 was published as the new Transport Layer Security v1.3 standard. It requires mandatory support for X25519, Ed25519, X448, and Ed448 algorithms.[25]