SSL/TLS - am I doing it right?

Frank Millman frank at chagford.com
Mon Mar 13 04:03:27 EST 2006 

Hi all

I am writing a multi-user accounting/business application, which uses
sockets to communicate between client and server. I want to offer the
option of encrypting the traffic between the two. The main reason for
this is to cater for wireless communication.

I have read up on SSL, and more or less understand the concepts. I have
downloaded some additional software, read the instructions, and seem to
have got it working. However, I have no in-depth knowledge of what is
going on, and I have no idea how to check if I am doing it correctly.

The subject is too important to learn the hard way that I am doing
something wrong. Therefore I would be grateful if someone would review
the steps I have taken (listed below), and advise on whether there is
anything obviously wrong or missing.

TIA

Frank Millman


1. Install
----------
  OpenSSL
  M2Crypto
  TLSLite

2. Create KeyPair + Certificate
-------------------------------
  openssl genrsa -out privkey.key 1024
  openssl req -new -x509 -key privkey.key -out privkey.crt -days 1095
  cp privkey.key privkey.pem
  cat privkey.crt >> privkey.pem

3. Modify Server
----------------
  old -
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.bind((HOST,PORT))
    s.listen(1)
    while 1:
      conn,addr = s.accept()
      data = conn.recv(1024)

  new -
    f = open('/home/frank/secrets/privkey.pem').read()
    x509 = X509()
    x509.parse(f)
    certChain = X509CertChain([x509])
    f = open('/home/frank/secrets/privkey.pem').read()
    privateKey = parsePEMKey(f,private=True)

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.bind((HOST,PORT))
    s.listen(1)
    while 1:
      conn,addr = s.accept()
      c = TLSConnection(conn)
      c.handshakeServer(certChain=certChain,privateKey=privateKey)
      data = c.recv(1024)

4.Modify Client
---------------
  old -
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((HOST,PORT))
    s.send(data)

  new -
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((HOST,PORT))
    c = TLSConnection(s)
    c.handshakeClientCert()
    c.send(data)

More information about the Python-list mailing list