If I create a SslStream instance like this: secureStream = new SslStream(stream, true, tlsRemoteCallback, tlsLocalCallback); And then I use one of the AuthenticateAsServer or BeginAuthenticateAsServer methods, is it at all possible for the LocalCertificateSelectionCallback (tlsLocalCallback) to be invoked? And if so, how? I'm under ...
I'm currently attempting to implement having a (signed) applet communicate to a server program via SSL. I have found the right kind of incantations to create key stores for the client, the client's trust manager, and the server. This allows me to create compatible SSL contexts on the client and the server. However, as it stands, this se...
I'm trying to configure a Realm in Tomcat to access an LDAP server with TLS security. My basic Realm configuration looks like this: <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://localhost:389/" userPattern="uid={0},ou=People,dc=nsdl,dc=org" /> I get an error like ...
Many of us have web and application servers that use plain TCP. Some of us have web and other servers that use a secure layer such as SSL. My understanding of SSL is that the handshaking is very computationally intensive, and the encryption of an ongoing connection is (relatively) cheap. My assumption for you to correct: an average ho...
Hi there! Is there any (hopefully free/open source) code available that does native TLS/SSL communication? I do not speak about the HTTPListener/Client and WebRequest classes. I'd like to do raw TLS communication in my C# code. Thanks in advance, Max ...
hi everyone, is there any way to securely get the method invoker while running the called method (server-side)? i know there's a client string reachable through the server properties, but isn't it too "weak"? any way to get e.g. the client certificate owner? please give me a couple of hints, WILL RTFD right afterwards ;) thanks in ad...
An asyncore-based XMPP client opens a normal TCP connection to an XMPP server. The server indicates it requires an encrypted connection. The client is now expected to start a TLS handshake so that subsequent requests can be encrypted. tlslite integrates with asyncore, but the sample code is for a server (?) and I don't understand what i...
I am trying to get a Comodo certificate recognized on a webserver written in Python using ssl. When I visit in IE8, the certificate is recognized without difficulty. But when I visit with Firefox 3.0.11/Ubuntu, it says the CA is invalid. Should Firefox recognize Comodo certificates without giving an invalid CA warning? What can I do to ...
Hello all does any one had success with gmail smtp servers ? smtp.gmail.com to send emails from c++ code ? i know its using secure layer but i have no idea how to implement such one . ...
I would like to create a singleton class that is instantiated once in each thread where it is used. I would like to store the instance pointers in TLS slots. I have come up with the following solution but I am not sure whether there are any special considerations with multithreaded access to the singelton factory when thread local storag...
I know similar questions were already asked and answered, but not exactly the same. I'm looking for a FTP client that can do TLS/SSL connection and SFTP aswell on Linux with a nice GUI. This is main requirement, though tabbed session are a plus. FTPRush is my idol for FTP-ing on Windows, something similar on linux would be a rockstar. ...
I keep getting this intermittent error when trying to send through 'smtp.gmail.com'. Traceback (most recent call last): File "/var/home/ptarjan/django/mysite/django/core/handlers/base.py", line 92, in get_response response = callback(request, *callback_args, **callback_kwargs) File "/var/home/ptarjan/django/mysite/registratio...
(Approximately) how many more bits of data must be transferred over the network during an encrypted connection compared to an unencrypted connection? IIUC, once the TLS handshake has completed, the number of bits transferred is equal to those transferred during an unencrypted connection. Is this accurate? As a follow up, is transferrin...
Hello everyone, I have a server component that I'm trying to load-test. All connections to the server use TLS 1.0. I have a simple test program that essentially does this on as many threads as I want: Full TLS handshake to the server send a request read reply close connection repeat ad nauseam My virtual machine is as follows: Java(...
How to run or test the ssl3ext.c inside Mozilla's Network Security Services? I have my own extension and would like to code it but don't understand how the file will work. ...
Ok, now i have my own function that runs inside or after the NSS_init. This functions return 2 values. Now, my problem is, how to pass this return value to the tls extension inside NSS? I found a file called ssl3ext.c in NSS, but dont have any clue where to start or what to do. So in the end, I have a Http header with additional inform...
Hi, As far as I understand, https is http plus SSL/TLS. What do I need to do if I want to add 3 more parameters for the header? I found a file inside Mozilla's NSS - ssl3ext.c, but I don't understand it and don't know how to start. Need a clue from you guys.. Is this something about SSL/TLS extension? But it is far more complex right...
I'm wondering if there are any demo sites which show different cases where HTTPS is misconfigured or broken. Or does anyone know of websites in the wild that display various broken / misconfigured HTTPS cases? ... Perhaps ideas on how to track them down with a search engine? I'm looking for sites which exhibit broken https behaviors, for...
For a long time sending email uing SMTP (port 25) via a remote mail server (usually at the website hosting company) was easy to do with an application. Open a TCP port 25, send "HELO ..." etc To do this using googles email service is giving me a problem because they insist on using port 465 SMTPS ie SMTP with TLS encryption: http://en....
Any good documentation about how Server Name Indication works? I really need it now .. I'm currently searching for which part of the code inside ssl3ext.c that handles the sni. I would like to add one more sni-like inside the code. ...