TLS client and server on Windows [openssl vs. sspi vs. cryptlib] [closed] - c++

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Let me say that I am doing this first time and I know very little in this domain (learning more).
My requirement is to implement a secure channel of communication between server and client.
I will be proved x509 certificate on both side (server/client). Communication will via sockets.
One option is to use openssl. But priority is to develop it on the Windows API.
I see two options cryptolib & sspi.
Please suggest what is best and proven option on Windows.

OpenSSL works just fine on Windows, and there are precompiled DLLs available if you do not want to compile it yourself.
But, if for whatever reason, you cannot use OpenSSL, then have a look at SChannel:
Secure Channel
Creating a Secure Connection Using Schannel
It uses SSL/TLS and CryptoAPI internally. It also allows you to do your own socket I/O, so you can add it to existing socket code.
Alternatively, have a look at WinSock's built-in security:
Winsock Secure Socket Extensions

Related

Connection Management in UDP with C++ [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I have a client/Server systems implemented by Boost asio in C++ that a client sends a request to server. Then the server registers this client to the list of alive clients and keeps sending data to it over UDP protocol. But, the server should keep track of alive clients and stop sending data to a disconnected or dead client.
I wonder how I can implement the UDP session/socket management here since UDP is a connectionless protocol and cannot provide us any information about alive clients. Should I use another library for UDP session management in C++? Or I should use another protocol in the application layer for UDP session management.
I know there is a library in Java called Verax IPMI https://en.wikipedia.org/wiki/Verax_IPMI which provides this ability. But, how about in C++?
Thanks for reading my question.
Just keep a list of endpoints that you've seen recently (meaning they sent you a datagram). Usually, you allow for a grace time (e.g. 30s) before removing a client from the list.
That way, if some datagrams were dropped you don't immediately forget the "connection".

Configure VPN split tunneling for macOS based on selected apps [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
My task is to develop split tunnelling feature for macOS so if I am connected to a VPN connection only selected apps can send their traffic to the VPN while other apps will be using local internet connection.
I noticed other VPN apps like expressvpn offering these features but I couldn't find any help over the internet how to achieve that.
I haven't checked this myself but OpenVPN daemon exposes set of APIs which can be used to create multiple VPN tunnels for each application, as mentioned in your question.
So the solution of this problem is NKE, Apple's Network Kernel Extensions you can write your own kext which handles network operations on various levels.
I hope this clue will help someone in future.

Testing a TCP socket server? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I've written a simple TCP socket server in c++ that uses sys/socket and OpenSSL..
I wish to use this server in production and I haven't been able to find clear methods for testing a socket server at scale.
What are the best methods and/or tool for testing sockets?
Unless you want to write a custom test client, which obviously doesn't have to be in C++, there are some common tools that can be used to connect to your server. For example, you can use curl and telnet. Google for these tools and how to use them if you are not already familiar with them. The following answers might be helpful:
https connection using CURL from command line
https://superuser.com/questions/346958/can-the-telnet-or-netcat-clients-communicate-over-ssl

How Should I Implement Security On UDP Socket [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'm working on a peer to peer networking application but I cannot solve how I'm going to provide security on UDP sockets.
I don't want to reinvent the wheel, but I don't which method I should choose to implement security.
My idea is to generate RSA keys between every peer and share these keys over an insecure socket at first and keep the connection secure with those keys. But I'm not sure about how to implement RSA and if this is the most secure way to go.
I'm using C++ for this project by the way
Thank you very much
You are looking for DTLS, the Datagram TLS.
It is like the TLS protocol that you know from HTTPS and various other secure point-to-point communication links, but it is implemented over UDP. You will find it already implemented in various libraries including GnuTLS and OpenSSL.
From the security point-of-view, one major difference between TLS and DTLS is that TLS defines an ill-formed message as an unrecoverable error, whereas DTLS specifically allows the connection to continue in this case. This makes the protocol more sensitive to even slight coding errors (think Lucky Thirteen), so you had better not try to implement it yourself.

Has anyone used Facebook Scribe? (the tool for logging everything) [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
How does it work? (Explain it in terms of server, writes, GETs, values, whatever).
DOes it work with Win32 apps?
I'll try to explain:
There is an application, with thrift
class/interface. When event that you
want to log occures, you send
message to the
Server, which collect logs from many
sources (application, server logs,
etc)
And then server decides what do
do with it: generate visualization,
send over tcp/ip, store in a file,
nfs, hdfs, you decide.
Server and client can be the same
app or machine, or this log data can
be sent from client over internet.
Definitely works with win32 apps.
It Works Great.
We're using Scribe to test some message processing.
We're sending Apache logs with Scribe. (Under Ubuntu)