EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Using SSLServer as a classic .Net socket

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#36024
Posted: 02/28/2016 13:04:21
by Nicolas Mariot (Standard support level)
Joined: 02/28/2016
Posts: 10

Hello,

I would like to know how can I use your SSLServer (TElSSLServer) as a classic socket (with methods Bind, BeginAccept, BeginReceive ...) ?

In old samples, I found the ElServerSSLSocket object which seems to perfectly fit my needs : has this object been obsoloted (like the TElServerSSLSocket object) ?
If obsolete, are there another ways of creating such an object (kind of socket object) ?
If not obsolete, where can I find it ?

Thanks for your answer

Nicolas
#36030
Posted: 02/29/2016 02:52:53
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

ElServerSSLSocket can be found in \EldoS\SecureBlackbox.NET\Classes\SecureBlackbox.SSLSocket after SecureBlackbox installation.
#36130
Posted: 03/05/2016 16:51:24
by Nicolas Mariot (Standard support level)
Joined: 02/28/2016
Posts: 10

Thanks for your reply.

I've seen the classes you've mentioned but as these classes don't compile (9 errors) I was not sure at all, I could use them :


C:\Temp\TestSocket\SSLServerSocket.cs(312,28): error CS0234: The type or namespace name 'TElServerSSLExtensions' does not exist in the namespace 'SBSSLServer' (are you missing an assembly reference?)
C:\Temp\TestSocket\SSLClientSocket.cs(34,23): error CS0234: The type or namespace name 'TSBCloseReason' does not exist in the namespace 'SBSSLClient' (are you missing an assembly reference?)
C:\Temp\TestSocket\SSLClientSocket.cs(278,22): error CS0234: The type or namespace name 'TSBCloseReason' does not exist in the namespace 'SBSSLClient' (are you missing an assembly reference?)
C:\Temp\TestSocket\SSLClientSocket.cs(288,28): error CS0234: The type or namespace name 'TElClientSSLExtensions' does not exist in the namespace 'SBSSLClient' (are you missing an assembly reference?)
C:\Temp\TestSocket\SSLClientSocket.cs(360,16): error CS0234: The type or namespace name 'TSBCloseReason' does not exist in the namespace 'SBSSLClient' (are you missing an assembly reference?)



I've fixed these compile issues but using the following code and calling from a browser (with https) :
Code
s.Bind(localEndPoint);
s.Listen(10);
s.Accept();
byte[] buffer = new byte[1024];
int t = s.Receive(buffer);

I now get an error "Connection not opened" (Line 783 in the ElSSLSocket class)

Is there something wrong in my code, is there another bug in the ElSSLSocket class ?
#36131
Posted: 03/06/2016 02:47:51
by Ken Ivanov (EldoS Corp.)

Hi Nicolas,

Thank you for the detailed report.

Indeed, SSL Socket classes were not updated for quite some time, primarily due to low demand for them and client-side functionality having been replaced with much more powerful and flexible TElSimpleSSLClient component.

We will check the component anyway. I believe the problem must have something to do with TLS compatibility issues. As per changes of TLS usage policy all major TLS-capable browsers and servers have been updated to support the latest features of the protocol with older features completely switched off. I think one of such features is the reason for the connectivity issue.

Just two questions,

- are you using the sockets in synchronous or asynchronous mode, and

- do you use the sample application to conduct your tests?

Ken
#36133
Posted: 03/06/2016 04:27:36
by Nicolas Mariot (Standard support level)
Joined: 02/28/2016
Posts: 10

Thanks for your quick answer

- I'm using the sockets in synchronous mode (I will have a try with the asynchronous mode)
- No I do not use the sample application because I did not find any sample using the ElServerSSLSocket object but if you have any sample showing how to use it, I will be very pleased

Nicolas
#36135
Posted: 03/06/2016 05:03:12
by Nicolas Mariot (Standard support level)
Joined: 02/28/2016
Posts: 10

I've also done some asynchronous test using this MSDN sample : https://msdn.microsoft.com/en-us/library/fx6588te(v=vs.110).aspx and replacing Socket by ElServerSSLSocket (and few other trivial modifications)

Using the socket, the sample works great but with the ElServerSLLSocket, I do not receive any data when requesting from a browser

As you have probably understood, my final goal is to developed a http/https server and as the http part is already, I do not wish to use the secureBlackBox HTTPSServer.

Finally and just to be sure, does this mean that the current version of SecureBlackBox (14.0.287) does not fully support TLS when the call is done from a browser ?
#36137
Posted: 03/06/2016 08:12:33
by Ken Ivanov (EldoS Corp.)

Nicolas,

Thank you so much for the detailed elaboration. We will have a look at what might be causing the connectivity problem.

SecureBlackbox does fully support TLS (including all versions and the absolute majority of cipher suites and extensions); what I actually meant by 'TLS compatibility issue' is outdated TLS layer tune-up in the SSL socket component (the things around TLS had changed recently, so the configuration that used to work in the past doesn't work that good anymore).

BTW, often connectivity issues might be caused by an inappropriate certificate being used on the server side. For example, we came across reports recently where Chrome sometimes closes the connection if it dislikes the certificate. At least it makes sense to try connecting with several different browsers and compare the symptoms.

Ken
#36139
Posted: 03/06/2016 16:26:36
by Nicolas Mariot (Standard support level)
Joined: 02/28/2016
Posts: 10

Here is the code that I use for my test :

In non-secure HTTP, this work when calling the url http://localhost/Test/Test
Code
Socket s = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
s.Bind(GetEndPoint(80));
s.Listen(10);
Socket s2 = s.Accept();
byte[] buffer = new byte[1024];
int recBytes = s2.Receive(buffer);
txtResultat.Text = ASCIIEncoding.ASCII.GetString(buffer, 0, recBytes);
s.Close();
    s2.Close();


In secure HTTPS, this does not work (connection not opened) :
Code
ElServerSSLSocket s = new ElServerSSLSocket();
s.Bind(GetEndPoint(443));
s.Listen(10);
ElServerSSLSocket s2 = s.Accept();
buffer = new byte[1024];
int recBytes = s2.Receive(buffer);
txtResultat.Text = ASCIIEncoding.ASCII.GetString(buffer, 0, recBytes);
s.Dispose();
s2.Dispose();


I've done test using Edge, Chrome & Firefox and loading a certificate without any success.
#36152
Posted: 03/07/2016 09:04:34
by Ken Ivanov (EldoS Corp.)

Hi Nicolas,

Thank you for the sample code, it clarifies a lot.

The code you are using is not complete to enable TLS facilities. Please follow the below steps to configure your socket object:

1. Add a server certificate. While in theory TLS peers can talk without a server certificate (using anonymous DH cipher suites), most of implementations do not support these due to bad security they provide.

Code
ElServerSSLSocket s = new ElServerSSLSocket();

TElMemoryCertStorage certStorage = new TElMemoryCertStorage();
TElX509Certificate cert = new TElX509Certificate();
cert.LoadFromFileAuto("servercert.pfx", "password");
certStorage.Add(cert, true);
s.CertStorage = certStorage;

...


2. Call OpenSSLSession() after accepting the connection:

Code
ElServerSSLSocket s2 = s.Accept();
s2.OpenSSLSession();


3. (Not necessary but highly recommended). Handle the OnError event to get notified about any TLS protocol-specific errors.

Code
s.OnError += s_OnError;

...

void s_OnError(object Sender, int ErrorCode, bool Fatal, bool Remote)
{
    System.Diagnostics.Debug.WriteLine("TLS error: " + ErrorCode.ToString());
}


We've checked the components otherwise and they appear to work as expected. Thank you for pointing out the compilation issues, we will fix them for the next SecureBlackbox update.

Ken
#36157
Posted: 03/07/2016 17:29:00
by Nicolas Mariot (Standard support level)
Joined: 02/28/2016
Posts: 10

I've done what you recommended and this works perfectly : I'm now able to use your socket for my https WebServer.

For information, I'm using a self-signed certificate for my test and, as you've told me, the behaviour is different depending on the browser :
* For Chrome & Edge : the connection is refused
* For Firefox, I can add an exception to accept the incoming connection

thanks for your help :)

Nicolas
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 4307 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!