Encrypted connection

[Jens Thoms Toerring]

Hi,

I'm in the planning stage of writing a server-client
application for which I need good enryption of all data
exchanged between the server and client. While the client-
server part as such does't pose a major problem I don't
have much experience with encrypting a connection. I have
done quite a bit of reading and checking what's available
on CPAN, but I haven't yet a good idea about the best way
to do it. Some packages seem to only cover the client side,
others have rather mixed reviews etc. I guess several peo-
ple here have been doing this kind of stuff for years and
years and I would be really grateful for all pointers and
recommendations.
Thanks and best regards, Jens
--
\ Jens Thoms Toerring ___ j...@toerring.de
\__________________________ http://toerring.de

[Eli the Bearded]

In comp.lang.perl.misc, Jens Thoms Toerring <j...@toerring.de> wrote:
> I'm in the planning stage of writing a server-client
> application for which I need good enryption of all data
> exchanged between the server and client. While the client-
> server part as such does't pose a major problem I don't
> have much experience with encrypting a connection.

Net::SSLeay

DESCRIPTION
There is a related module called "Net::SSLeay::Handle" included
in this distribution that you might want to use instead. It has
its own pod documentation.

This module offers some high level convinience functions for
accessing web pages on SSL servers (for symmetry, same API is
offered for accessing http servers, too), a "sslcat()" function
for writing your own clients, and finally access to the SSL api
of SSLeay/OpenSSL package so you can write servers or clients
for more complicated applications.


I've only used it for Net::SSLeay::Handle clients, but it looks like
the Net::SSLeay documentation includes sample client and server code.

Elijah
------
all in favor of someone else coding the encryption bits

[Ben Morrow]

Quoth Eli the Bearded <*@eli.users.panix.com>:

> In comp.lang.perl.misc, Jens Thoms Toerring <j...@toerring.de> wrote:
> > I'm in the planning stage of writing a server-client
> > application for which I need good enryption of all data
> > exchanged between the server and client. While the client-
> > server part as such does't pose a major problem I don't
> > have much experience with encrypting a connection.
>
> Net::SSLeay

That's a good answer, but it's probably easier to use IO::Socket::SSL,
which is a layer over New::SSLeay that looks (almost) just like
IO::Socket::INET. Remember to be careful about verifying the server
certificate, and the client cert if you use one. You don't necessarily
need certs from a public CA: using a private self-signed CA is fine, but
you do need to check the certificate has been properly signed by the
right CA.

Sensible alternatives include ssh, Kerberos, and using HTTPS with a web
server to handle the server-side encryption.

Ben

[Tim Watts]

And to the OP - don't discount the possibility of hooking IO through an
external tool, eg:

stunnel or socat or a real ssh client. A variation on this trick is to rig
stunnel/socat (and inetd) to deal with the SSL connection and present an
unencrypted net socket (or unix domain socket) on the loopback address to
which the local client or server will connect.

It's not as neat as having the client/server program deal with it - OTOH it
may be simpler and often, simpler lessens problems that lead to security
issues.

Cheers,

Tim
--
Tim Watts

[Jens Thoms Toerring]

Hi,

thank you very much to all of you - I guess I have now
a better idea were to look first and how to get started!

Best regards, Jens