SSLClient and SSLServer are companion programs designed to demonstrate Transport Layer Security (TLS) Version 1.0. At the present time, they only support 2 cipher suites:
TLS_RSA_WITH_RC4_128_MD5 (0x00,0x04)
TLS_RSA_WITH_RC4_128_SHA (0x00,0x05)
These 2 suites are supported by virtually all modern browsers and servers, although SHA is more commonly preferred. In addition, 2048 bit asymmetric keys are utilized for the session handshake, since these are strongly recommended by the Internet Engineering Task Force (IETF) since the end of 2013.
In order to support TLS without the use of third party controls or libraries, Microsoft's RSA/SChannel (schannel.dll) is utilized. This library is shipped with all modern Windows Operating Systems. As well, my own cSocket2 Class and accompanying Module (mWinsock2) are utilized. These 2 modules will support IPv6 when it becomes universally available. Although the Cryptography routines will work on most Windows Operating Systems, cSocket2 will only work on systems that support dual stack (IPv4/IPv6). This more or less restricts it to Windows Vista or better.
Originally, I planned on developing only the Client program without Certificates. But the severe lack of detailed information on TLS using SChannel made troubleshooting difficult if not impossible, and I could not connect with remote servers. So I decided to develop a Server program as well. Several months later, I had 2 programs that would communicate with each other, but I still could not communicate with external servers, and online assistance was virtually non-existent. So I then decided to test the server program using my local browser. That meant providing support for Certificates and a whole new level of complexity. But at least the browser provided a little more troubleshooting information than a remote server. This particular project has by far been the most challanging I have ever attempted. The programming itself was not all that difficult, but the lack of information, and the conflict between information that I did manage to find, made it a struggle. Troubleshooting was very difficult because Cryptographers basically strive to eliminate repeatability. Repeatability facilitates hacking.
The included ReadMe file contains the necessary setup instructions.
J.A. Coutts
TLS_RSA_WITH_RC4_128_MD5 (0x00,0x04)
TLS_RSA_WITH_RC4_128_SHA (0x00,0x05)
These 2 suites are supported by virtually all modern browsers and servers, although SHA is more commonly preferred. In addition, 2048 bit asymmetric keys are utilized for the session handshake, since these are strongly recommended by the Internet Engineering Task Force (IETF) since the end of 2013.
In order to support TLS without the use of third party controls or libraries, Microsoft's RSA/SChannel (schannel.dll) is utilized. This library is shipped with all modern Windows Operating Systems. As well, my own cSocket2 Class and accompanying Module (mWinsock2) are utilized. These 2 modules will support IPv6 when it becomes universally available. Although the Cryptography routines will work on most Windows Operating Systems, cSocket2 will only work on systems that support dual stack (IPv4/IPv6). This more or less restricts it to Windows Vista or better.
Originally, I planned on developing only the Client program without Certificates. But the severe lack of detailed information on TLS using SChannel made troubleshooting difficult if not impossible, and I could not connect with remote servers. So I decided to develop a Server program as well. Several months later, I had 2 programs that would communicate with each other, but I still could not communicate with external servers, and online assistance was virtually non-existent. So I then decided to test the server program using my local browser. That meant providing support for Certificates and a whole new level of complexity. But at least the browser provided a little more troubleshooting information than a remote server. This particular project has by far been the most challanging I have ever attempted. The programming itself was not all that difficult, but the lack of information, and the conflict between information that I did manage to find, made it a struggle. Troubleshooting was very difficult because Cryptographers basically strive to eliminate repeatability. Repeatability facilitates hacking.
The included ReadMe file contains the necessary setup instructions.
J.A. Coutts