Secure Sockets

Björnke von Gierke bvg at mac.com
Mon Oct 20 11:07:52 EDT 2014 

So can I safely assume that no one ever has tried to use secure sockets in LC?


On 15 Oct 2014, at 18:59, Björnke von Gierke <bvg at mac.com> wrote:

> Hi all
> 
> I'm rather uneducated with encryption stuff, so I wanted to try out secure sockets. However, most likely due to my incapability to understand what I'm doing, I've been unable to get a simple example working.
> 
> I've used my own "simplest socket client/server" stacks from rev online, ran them in two different LC instances (because LC locks up if you do server and client in the same executable), and then I modified them to use secure stuff.
> 
> First I simply set the client to use "open secure socket to...". Funnily this would show what I assumed where encrypted handshake messages on the server side (gibberish). But of course I have no Idea about how to decrypt those, plus, that's probably not how things should work.
> 
> I then Added a "secure" to the server side by using "accept secure sockets on..." which would actually result in a connection (note: "secure" is undocumented for "accept" so I have made a bug report in regards to that, because it seems to work just fine.) However, If I then try to send a message from the client to the server, it fails with these errors on their respective ends:
> 
> client: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
> server: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> 
> I assume that I am using the commands correctly, but that I guess I do need to specify the server to use a certificate?
> 
> Questions Galore!
> 
> - Has anyone done secure sockets with both server and client implemented in LC (or just the server)?
> - Is it possible to do a secure connection as CLIENT, when the certificate does not exist or remains unspecified on the client side? (I assume this is when I need to specify "without verification")?
> - Is it possible to do a secure SERVER and not specify a certificate or a key on the server side? I guess not, but Is it possible to let LC do certificates and keys for me behind the curtains?
> - I'm testing on mac os x, so I can create a certificate using Keychain.app. What settings would I need to do there?
> - Is it insecure to issue a certificate for 127.0.0.1 (localhost)?
> - If I got a certificate that is applicable, how do I tell LC to use it as my server certificate?
> - SSLv3 Is deemed insecure. In case I ever get anything working, how can I disable SSL completely, and force my connections to always use TLS or even only TLSv1.2?
> - How about any of the other minuteas of cypher selection and key exchange, how can I do that manually? should I do that manually?
> 
> Thank you for any information, and feel free to answer any questions even if only partially or guesswork. Also feel free to answer questions which I neglected to ask. If I ever get this to work, and have some basic comprehension, I'll make a lesson at lessons.runrev.com, so everyone can benefit in the future.
> 
> cheers
> Björnke
> 
> -- 
> 
> Use an alternative Dictionary viewer:
> http://bjoernke.com/bvgdocu/
> 
> Chat with other RunRev developers:
> http://bjoernke.com/chatrev/
> 
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list