EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Download and try SSL/TLS Library for C++


SecureBlackbox product diagram

Implement the complete functionality of the SSL/TLS protocol in C++ applications.

SSLBlackbox includes SSL classes for building SSL/TLS servers and client applications. With SSL/TLS libraries, you can easily add support for server authentication, implement secure HTTP connections (HTTPS), secure email and news communications.

The SSL/TLS library contains C++ classes supporting the entire family of SLL/TLS protocols including TLS 1.2, TLS 1.1, TLS 1.0, SSL 3 and SSL 2. In addition, the SSL/TLS library includes an implementation of Public Key Infrastructure (PKI), allowing to generate, revoke and manage secure certificates.

Download SSL/TLS Library for C++

The SSLBlackbox package is an integral part of SecureBlackbox. Download SecureBlackbox (C++ edition) to build client and server applications implementing the SSL/TLS protocol.

About SSL/TLS

The SSL/TLS family of protocols implement a transparent security layer for higher-level protocols working on top of TCP. By adding support for the SSL protocol to your applications, you will be able to secure Internet communications with a range of flexible authentication and encryption schemes. SSL/TLS classes included with SSLBlackbox provide transport security and guarantee server authenticity with a corresponding certificate.
By using the SSL/TLS library, you can quickly secure communications occurring over a range of communication protocols. The use of SSL/TLS security during Internet communications lets applications hide details of the protocol from network sniffers, packet filters and other traffic interception tools. Moreover, the use of the SSL protocol can help you ensure that your applications are actually talking to the right server, whose authenticity is guaranteed by a secure digital certificate. SSL/TLS classes allow your applications effectively resist interception.

Why Choose SSLBlackbox over Competing SSL Libraries for C++

  • Secure communications with SSL/TLS classes in minutes;
  • Build client, server and distributed applications;
  • SSL classes support all of the latest versions and features of SSL/TLS protocols such as AES and Camellia Cipher Suites, TLS compression, TLS extensions and more;
  • Complete control over SSL-secured connection including the ability to resume sessions, select/validate client and server certificates, etc.
  • Secure application layer protocols with built-in client-side HTTP/HTTPS and FTP/FTPS classes;
  • Implicit and explicit mode support in FTP and SMTP client components;
  • Royalty-free licensing;

SSL/TLS Library Major Features

  • Support for the entire range of SSL/TLS protocols including TLS 1.2, TLS 1.1, TLS 1.0, SSL 3, and SSL 2 question mark;
  • client and server DTLS (Datagram TLS) protocol support question mark;
  • 100% compatibility with all major SSL/TLS libraries including most recent additions (AES and Camellia cipher suites) question mark;
  • Built-in compression reduces bandwidth requirements and speeds up transfers question mark;
  • Implements Public Key Infrastructure (PKI) functions question mark;
  • Cryptocards and USB Crypto Tokens supported question mark;
  • unlike free open source code, SecureBlackbox comes with free individual technical support question mark
Complete list of features.



Download SecureBlackbox (C++ edition), an all-in-one security toolbox including an SSL/TLS classes for your C++ applications.

Read more about SSLBlackbox

Compression gives an additional level of security and lets you increase transfer speed significantly and reduce the network load and storage space requirements.

Synchronous operation mode gives you a linear programming approach without complicated callback functions. This approach saves your development time and reduces the number of errors.

Asynchronous operation mode, on the other hand, gives you flexibility and complete control over your application communications.

Synchronous operation mode gives you a linear programming approach without complicated callback functions. This approach saves your development time and reduces the number of errors. Simple SecureBlackbox components can be used for reliable data transfer no matter what type of proxy or firewall is used to protect the network.
HTTPS proxy access includes support for Basic, Digest and Windows Integrated (NTLM) authentication mechanisms.
You can process huge files and not be bound by restrictions of 32-bit environments. This feature works on both 32-bit and 64-bit systems without any limitations. To limit and control network load and bandwidth consumption you can setup maximum upload and download speed for the data transfer components. Transport (SSL, FTP, HTTP, SMTP, POP3, IMAP, WebDAV, LDAP, SSH, SFTP) components can be used in IPv6 networks without any problems, address conversions or packet wrapping. Transport (SSL, FTP, HTTP, SMTP, POP3, IMAP, WebDAV, LDAP, SSH, SFTP) components understand and make use of non-latin domain names (so-called International Domain Names, IDN). In FIPS operation mode SecureBlackbox uses only certified CryptoAPI modules of Windows to perform any cryptographic operations.
FIPS mode is available only on Windows platform.
Virtual File System adapters let SecureBlackbox components, which operate with files, work with various backend file storages and not just with "physical" disk.
For example, in WebDAV, SFTP, HTTP(S) and FTP(S) servers you can provide a personal storage space for each connected user.
Out of the box file system adapter and SolFS virtual file system adapter are included and you can easily create your own adapter.
With DNSSEC support enabled you protect your socket connection from being fooled by possible DNS cache poisoning and other malicious DNS activities.
DNSSEC requires that the DNS record for the destination server contains a certified signature.
Distributed Crypto modules let web site visitors use certificates accessible only on the client system to sign the data, stored on the server (no need to download this data).
This is done with help of client-side modules (Java applet, ActiveX control, Flash applet), embedded into the web page.
Cryptographic hardware gains more and more popularity every day. If your software deals with X.509 certificates or PKI in general (RSA keys etc.), it is time to support cryptocards and USB tokens.
To use cryptographic hardware you need a license for PKIBlackbox.
SecureBlackbox was written from the ground up by EldoS developers. It doesn't use third-party code to implement its cryptographic functions. This means that you are not bound by CryptoAPI or OpenSSL version when you need to use certain algorithm.
At the same time it's possible to plug third-party security libraries and hardware modules by utilizing the pluggable architecture of SecureBlackbox.
No royalties means the licensing procedure which is clear and easy to understand and manage. Pay for the license once and use it for development and deployment with no other payments. We provide free technical support via web-based Forum and HelpDesk. Support is available for everyone, and the requests from clients who purchased a license are given priority. Also you can use our extensive knowledgebase. With SSLBlackbox you get not just SSL support, but also feature-rich components for PKI support. This includes management of X.509 certificates, certificate requests and CRLs, PKI-based data encryption and signing operations, digital timestamping and more. With the wide choice of encryption, authentication and key exchange algorithms supported by SSLBlackbox, you will be able to meet the security requirements and get compatibility with the wide choice of differently configured servers and clients. With SSLBlackbox you can secure not just common TCP communications, but also UDP-based data transfer or other message-based transfer protocols. This lets you secure the whole new class of communications, such as audio and video delivery over internet, various message-based distributed protocols etc. The widest possible protocol support lets you get all that you can from SSL / TLS and that your software is compatible with the widest choice of client and server software. SSL session resumption speeds up subsequent session initiation and reduces server and network load. Resumption is supported by many SSL / TLS clients and servers. Validation of the other party's certificate is usually much more than just verifying the cryptographic signature. Correct validation includes verification of validity of the certificate and all of its issuer certficates, sometimes using CRLs (certificate revocation lists) and requests to the issuer servers using OCSP protocol. With SSLBlackbox you can build your own verification procedures easily. Usually only the server is authenticated during SSL / TLS handshake. But the situations when the client needs to authenticate itself using X.509 certificate become more and more often. Unfortunately most SSL/TLS and HTTPS or FTPS components don't provide support for client-side authentication.

SSLBlackbox provides full support for client-side certificate authentication in its server-side and client-side components.

Cryptographic hardware gains more and more popularity every day. If your software deals with X.509 certificates or PKI in general (RSA keys etc.), it is time to support cryptocards and USB tokens. Most SSL/TLS and HTTPS or FTPS components can't use the certificate with a private key stored on a cryptocard or USB token.

SSLBlackbox is fully capable to use the cryptographic hardware (which doesn't export the private key) for SSL authentication of both clients and servers.

To use cryptographic hardware you need a license for PKIBlackbox.
Originally SSL protocol used X.509 certificate for authenticating servers and clients. This type of authentication remains the most popular now. However various security needs and hardware limitations caused introduction of the alternative authentication methods. They are pre-shared key authentication (it can be named "password-based") and OpenPGP-based authentication (using OpenPGP keys instead of X.509 certificates).

Each of the alternative authentication methods has its own strengths and usage scenarios. SSLBlackbox provides full support for these new authentication methods.

TLS extensions are used to extend functionality of the TLS communication, transfer additional information and provide better service to the parties. SSL / TLS protocol offers the number of very useful features, which don't actually require TCP transport. The protocol can be used with any low-level transport protocols, and SecureBlackbox makes this possible. SSLBlackbox supports the keys of any length, used in modern computing. If you need more strength, you can generate and use 4096-bit keys without problems. SSLBlackbox supports algorithms based on Elliptic Curve Cryptography. These algorithms provide higher security level, than more traditional Diffie-Helman and DSA algorithms. Application-level protocols, such as HTTP, FTP and SMTP, can work in two modes - explicit and implicit. In implicit mode first SSL connection is established, then protocol connection is carried over the protected channel. In explicit mode the TLS connection parameters are negotiated using the command on the protocol level.

SSLBlackbox supports implicit and explicit modes in FTP and SMTP client components. This lets you connect to greater number of servers which use SSL/TLS.

|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!