Is it currently possible to add ssl to tcp socket connections?

[skinkairewalker]

Hello everyone, is it currently possible to create a secure TCP socket server?

I'm currently using node.js with socket.io to create my game server with ssl, is it currently possible to do the same with purebasic?

[idle]

SSL has been added in 6.20

load your ssl keys into strings from file, then call

UseNetworkTLS(KeyFile,CertFile,CaCertFile)

Note: I found you have to set you server ip address on "0.0.0.0" or it won't be visible to the WAN, if you bind to interface address like "192.168.1.10" it's only visible on the LAN. I'm not sure why that's happening?

[skinkairewalker]

Just one more question, if I use TLS, will the clients only be able to connect and communicate if the language or engine supports Socket TCP with TLS?

or just the server that should be configured with the keys?

[idle]

take a look at the example here
viewtopic.php?p=632017#p632017

[skinkairewalker]

thanks by u awesome support

[skinkairewalker]

Has anyone tried using certbot to generate a valid certificate?

[Sergey]

And now we need FTPS command too

[tj1010]

Has anyone tried using certbot to generate a valid certificate?

There are windows builds of OpenSSL, and to generate a self-signed x.509 you run the following immediately after install

Code: Select all

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout "key.rsa" -out "cert.pem"

One problem is you can't prioritize or restrict cipher suites to forward-secret suites like TLS_AES_256_GCM_SHA384 and TLS_CHACHA20_POLY1305_SHA256. Every suite under TLS 1.3 uses nonce and DH for handshake and key exchange, but some session suites still remain that aren't forward-secret.

Side-Note: TLS is currently adding quantum-safe suites

[skinkairewalker]

Has anyone tried using certbot to generate a valid certificate?

There are windows builds of OpenSSL, and to generate a self-signed x.509 you run the following immediately after install

Code: Select all

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout "key.rsa" -out "cert.pem"

One problem is you can't prioritize or restrict cipher suites to forward-secret suites like TLS_AES_256_GCM_SHA384 and TLS_CHACHA20_POLY1305_SHA256. Every suite under TLS 1.3 uses nonce and DH for handshake and key exchange, but some session suites still remain that aren't forward-secret.

Side-Note: TLS is currently adding quantum-safe suites

that's interesting, i wonder if it's possible to use tlsv1_3 using zerossl.com

[skinkairewalker]

Has anyone tried using certbot to generate a valid certificate?

There are windows builds of OpenSSL, and to generate a self-signed x.509 you run the following immediately after install

Code: Select all

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout "key.rsa" -out "cert.pem"

One problem is you can't prioritize or restrict cipher suites to forward-secret suites like TLS_AES_256_GCM_SHA384 and TLS_CHACHA20_POLY1305_SHA256. Every suite under TLS 1.3 uses nonce and DH for handshake and key exchange, but some session suites still remain that aren't forward-secret.

Side-Note: TLS is currently adding quantum-safe suites

I created the key and certificate with this command, and I'm trying to import them via file reading,
and it still gives the error: Can't create the server

Code: Select all

Define.i Con, Timeout, Length, Format
Define Receive$, Key$, Cert$, ClientID
Define *Buffer
Global tmpKey.s = ""
Global tmpCert.s = ""

If ReadFile(0, "server.key")        ; if the file could be read, we continue ...
  Format = ReadStringFormat(0)
  While Eof(0) = 0                ; loop as long the 'end of file' isn't reached
    tmpKey = tmpKey + ReadString(0, Format)   ; display line by line in the debug window
  Wend
  CloseFile(0)                    ; close the previously opened file
Else
  MessageRequester("Information", "Couldn't open the file!")
EndIf

If ReadFile(0, "server.crt")        ; if the file could be read, we continue ...
  Format = ReadStringFormat(0)
  While Eof(0) = 0                ; loop as long the 'end of file' isn't reached
    tmpCert = tmpCert + ReadString(0, Format)   ; display line by line in the debug window
  Wend
  CloseFile(0)                    ; close the previously opened file
Else
  MessageRequester("Information", "Couldn't open the file!")
EndIf  
  
Debug "key - "+tmpKey
Key$ = tmpKey

Debug "cert - "+tmpCert
Cert$ = tmpCert

UseNetworkTLS(Key$, Cert$)
Con = CreateNetworkServer(#PB_Any, 20252, #PB_Network_TCP | #PB_Network_IPv4 | #PB_Network_TLSv1_3)
*Buffer = AllocateMemory(1000)

If Con
  Timeout = 10000
  
  Debug ("TCP Server with TLSv1_3")
  Debug ("Server Running on port : 20253")
  Repeat
    
      ClientID = EventClient()  
    
      Select NetworkServerEvent()
          
        Case #PB_NetworkEvent_Connect
          Debug ("client connected  ["+Str(ClientID)+"]")
        Case #PB_NetworkEvent_Disconnect  
          Debug ("client disconnected ["+Str(ClientID)+"]")
        Case #PB_NetworkEvent_Data
          
          Debug "Data !"
          PokeA(*Buffer, 0)
          Debug ReceiveNetworkData(ClientID, *Buffer, 1000)
          
          Debug ( "MsgReceived: "+PeekS(*Buffer, -1, #PB_UTF8) )
          SendNetworkString(ClientID, "Well received !!!")
          
        Case #PB_NetworkEvent_None
          Delay(200)
          Timeout - 1
      EndSelect
          
    Until Timeout = 0
    
    CloseNetworkServer(Con)
  Else
    Debug "Can't create the server"
EndIf

[Paul]

You are not creating the key/cert string in the format Fred shows in his example.
( #LF$ missing in the appropriate places)

[skinkairewalker]

now works
thanks

[benubi]

And now we need FTPS command too

Good news for you, as you can use normal FTP commands after connecting to an "FTPS" server; https downloads (other lib) also worked for some while, even though I only checked on Windows. I discovered that by coincidence, testing 6.20 and trying to connect to my raspberry Pi (with success).

[Quin]

And now we need FTPS command too

Good news for you, as you can use normal FTP commands after connecting to an "FTPS" server; https downloads (other lib) also worked for some while, even though I only checked on Windows. I discovered that by coincidence, testing 6.20 and trying to connect to my raspberry Pi (with success).

Why did you have to discover it that way? Why not just read the history?

- Added: SFTP support to the FTP lib !

[HeX0R]

SFTP <> FTPS