SSL with "accept" command?
Bob Sneidar
bobsneidar at iotecdigital.com
Wed Sep 7 18:30:40 EDT 2016
I have looked into this some and it gets really dicey. First of all, SSL (if you mean openSSL) has licensing requirements. This is why the compiled versions of mySQL for windows do not use openSSL, they use yaml ssl which I think is a fork of openSSL. They could not distribute compiled versions of the openSSL library for some reason I do not understand. It violates the license I guess, or maybe money had to change hands or something.
Then there are versions of SSL and TLS. OpenSSL 2.0 was apparently compromised a couple years back (if you recall the heartbleed bug) and TLS got caught up in it because TLS 1.0 was written to fall back on SSL if TLS failed. Now we have SSL 1.0, 2.0 and 3.0, as well as TLS 1.0, 1.1 and 1.2. Additionally, there was an update to TLS 1.2 to no longer fall back on SSL.
So the upshot is, SSL is a mess right now. I would love to see an updated SSL library that actually works without too much trouble, but certificate handling and the various ciphers and what have you all conspire to make it fairly difficult to support.
There is a neat telnet utility called SMTPConsole where a company called Socket Labs compiled a console based telnet client with SSL libraries, so you can test SMTP connections end to end. You can find this easily by googling for it. I posted a support request at their web site, so let's see what they come back with. Unfortunately I am not a C programmer by any means so I'd get lost after the 3rd sentence with any of them.
Bob S
On Sep 7, 2016, at 14:27 , Richard Gaskin <ambassador at fourthworld.com<mailto:ambassador at fourthworld.com>> wrote:
I know it's a long shot, but I wonder if perhaps any of the goodies in the next network externals have anything that can help with this request:
http://quality.livecode.com/show_bug.cgi?id=16871
That's for the equivalent of something like:
accept secure connections on port <portNumber>
That syntax is apparently valid in as much as it doesn't throw an error, but according to comment #9 there it doesn't currently do anything.
If there's nothing currently in the hopper for this, anyone here have a feel for how much effort would be involved in making that happen?
FWIW the Dictionary in v8.1 includes a "secure socket" command, apparently introduced in v6.6 but somehow I'd missed it. Might there be a way a socket server could use that to secure a socket connection opened by a client?
--
Richard Gaskin
More information about the use-livecode
mailing list