is there additional header which is presented by openssl before sending the message to socket ?
Thanks
+1
A:
I assume you're talking about TLS ("Secured TCP").
Then yes. Once the handshake between client and server is done, the "data" messages usually start with 3 special bytes (if I remember well) that indicates to the SSL layer that the frame is ciphered.
On the other hand, you cannot assume that the size of a ciphered frame will be the same of the raw frame/data.
Here you get an example function in C/C++.
bool isCiphered(const char* buf, size_t buflen)
{
if (buflen < 3)
{
return false;
}
uint8_t c = buf[0];
switch (c)
{
case 0x14:
case 0x15:
case 0x16:
case 0x17:
{
uint8_t v1 = buf[1];
uint8_t v2 = buf[2];
/* TLS v1 */
if ((v1 == 0x03) && (v2 == 0x01))
{
return true;
}
/* DTLS v1 */
if ((v1 == 0xfe) && (v2 == 0xff))
{
return true;
}
break;
}
}
return false;
}
I had to adapt my existing code so i'm not sure that compiles, but you should get the idea.
ereOn
2010-03-29 08:24:29
what if I dont want to use SSL_read and SSL_write method to get connection with socket, just use common read and write method from POSIX, and I am sure that datas is TLS v1. What should I do or is there any manual or demos to encrypt and decrypt my datas and send it via common read and write ?.
deddihp
2010-03-29 08:46:08
SSL_read() don't directly read from socket. You must supply a buffer (which you eventually fill using classic POSIX sockets). SSL_write() encapsulates the sendto() or send() call.You have to understand that using TLS is not just ciphering data and send it to another host: there is a complex mechanism behind SSL_read() and SSL_write() to handle handshaking, key exchange, and so on.Maybe if you tell us why you want to avoid using SSL_read() and SSL_write() we might be able to find another solution.
ereOn
2010-03-29 09:50:23
in some cases, I want to made some datas with certain header of my own without encryption, and in the middle of it is TLS data. In other word I just want specific encrypt/decrypt function without bundle it with ssl header. Thanks
deddihp
2010-03-29 13:23:54
I did the same thing so it's definitely possible. Basically, TLS uses a posix socket to communicate. You can access this socket and do a regular sendto() (not using SSL_write()): as long as you don't give unciphered data to SSL_read() on the receiving side, you'll be safe. And here is where my function can help you ;)
ereOn
2010-03-29 13:53:23
oh my gosh, is that so ?.. hmm i am gonna try it. I just feel i don't have much time to take in deep with ssl code n I can't find any suitable manual. Thanks anyway.
deddihp
2010-03-29 15:05:00
I'm not a "reputation addict" but if my answer somehow helped you, you might "accept" it ;)
ereOn
2010-03-29 15:37:20
sure, I just forgot to "accept" it. Hey, I just post another question, Please take a look at http://stackoverflow.com/questions/2542156/openssl-ssl-encryption.Thanks.
deddihp
2010-03-30 00:34:51