C++ Programming on Linux - Update From TCP to TLS Example using OpenSSL
Рет қаралды 498
Күн бұрынIn previous video, it has demonstrated how to create an TCP client and server using libevent. As we know in these days, security becomes more and more important, and it requires to updated network communication from TCP to SSL/TLS protocol.
TCP (Transmission Control Protocol) : en.wikipedia.o...
The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP.
TLS ransport Layer Security : en.wikipedia.o...
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.
In short word :
TCP protocol, after established socket connection, data transmitted in text mode between network communication
SSL/TLS protocol, after established socket connection, handshake and exchange RSA key, then data will be encypted and decrypted between network communication.
www.openssl.or...
OpenSSL is one of most popular used library for building SSL/TLS network communication API, there are few videos in this channel it has discuss some OpenSSL topic
In this short video, it will convert TCP client and server program to SSL/TLS using OpenSSL library.
Example Code of this video has been uploaded onto GitHub:
github.com/yua...
@timbopoise1218 6 ай бұрын
Mr. Yuan, this was an awesome video and really helped me understand many of the issues I wondered about-- you showed an example that used comm across processes, you showed how an original tcp client/server is updated to perform TLS handshake and comm. And its on linux and uses C++. Excellent If I could ask, here are a few thing that remain in my mind and I need explanation: a) why doesn't the client need to reference the public key of the server? I know they are on the same host but still the client process and ssl code does not reference the key files? b) If one needs to add authentication, how is that handled? Early in my reading I learned that best to use an cypher that qualifies as Authenticated Encryption, e.g. gcm. Thanks
@cf2647-im9lh 6 ай бұрын
Hi! I have some ideas, but i'm not an expert. a) Before client trust CA, CA has given the public key in certificate to client. b) GCM + MAC function.
@huiyuan1295 6 ай бұрын
Question a) public key, it's embedded in x509 certificate, there is a previous video explained x509 structure. kzbin.info/www/bejne/mGfcc3VugplshqM and it can be displayed both using c++ code or OpenSSL view certificate command.
@huiyuan1295 6 ай бұрын
Question b), it's possible to have peer verification or host verification during TLS handshake process, it's optional, OpenSSL has functions to perform certification authentication, it's been used for server/client decide if establish or reject connection, example in this video, we just focus TLS process concept, and skipped authentication. Regard GCM cypher, there are many algorithms available for encryption/decryption, in this video, we just selected one of popular, sha256, RSA Encryption, 2048 bit public key.
@makigero27 8 ай бұрын
👏👏👏👏
@pippallamohanpavankumar6540 2 ай бұрын
please make a video on session resumption from client side, i am searching the internet from past 1 week, but couldn't crack it, whenever i try to resume, a new session is getting created
@huiyuan1295 2 ай бұрын
Thanks for your suggestion and feedback, I have penciled down it in my todo list, and I'll try to cover session resumption from the client side in a future video.
Hui Yuan
Рет қаралды 464
BUBBLEGUN
Рет қаралды 3,9 МЛН
Practical Networking
Рет қаралды 140 М.
BUBBLEGUN
Рет қаралды 3,9 МЛН