Forum: Ruby SSL

SSL
1b258fd642afa967d154d552eb52539c?d=identicon&s=25 Nokan Emiro (Guest)
on 2013-04-13 11:18
(Received via mailing list)
Hi,

I have a client-server application that communicates on a TCP channel.
The goal is to "upgrade" the connection at a certain point to SSL, but
only after a few messages sent without encryption.

Is it somehow possible to use an already existing io object and start an
SSL hangshake on it?

u.
E2cc2f0e2348266c536838e4e9f67a74?d=identicon&s=25 Eliezer Croitoru (Guest)
on 2013-04-13 23:33
(Received via mailing list)
On 4/13/2013 12:18 PM, Nokan Emiro wrote:
> Is it somehow possible to use an already existing io object and start an
> SSL hangshake on it?
>
> u.
I will be glad to hear about an option like that.
Aa082c8b00a50928e5860dcd70bf2368?d=identicon&s=25 tamouse mailing lists (Guest)
on 2013-04-13 23:55
(Received via mailing list)
On Apr 13, 2013 4:19 AM, "Nokan Emiro" <uzleepito@gmail.com> wrote:
> u.
>

I don't know whether any of the std lib or gems do such, but SSL/TLS
runs
on top of TCP, so it's technically possible...
B4054d25c6a36ea004c2eee9339b6057?d=identicon&s=25 Cliff Rosson (beaon)
on 2013-04-14 00:35
(Received via mailing list)
From a TCP perspective you will have to make a new connection. New 3 way
handshake and all etc...


On Sat, Apr 13, 2013 at 2:55 PM, tamouse mailing lists <
B4054d25c6a36ea004c2eee9339b6057?d=identicon&s=25 Cliff Rosson (beaon)
on 2013-04-14 00:36
(Received via mailing list)
Your control channel can just negotiate with the client. IF both sides
agree a new SSL connection can be built. We use this method for my
employer
in streaming.
E2cc2f0e2348266c536838e4e9f67a74?d=identicon&s=25 Eliezer Croitoru (Guest)
on 2013-04-14 10:01
(Received via mailing list)
On 4/14/2013 1:36 AM, Cliff Rosson wrote:
> Your control channel can just negotiate with the client. IF both sides
> agree a new SSL connection can be built. We use this method for my
> employer in streaming.
The idea is to start SSL on the same existing channel which reduce the
need for new overhead.
it is possible with OpenSSL libs in a very low level code.

IN squid there is such thing in progress.

Eliezer
B4054d25c6a36ea004c2eee9339b6057?d=identicon&s=25 Cliff Rosson (beaon)
on 2013-04-15 04:17
(Received via mailing list)
In the same TCP session?
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.