Quantcast
Erlang Erlang Questions

Upgrading TCP connection to SSL

classic Classic list List threaded Threaded
3 messages Options
tom kelly
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Upgrading TCP connection to SSL

tom kelly
Hello List,

I've been reading the SSL documentation on upgrading a TCP connection to use SSL:
http://www.erlang.org/doc/apps/ssl/using_ssl.html

I've got a situation where I've accepted a TCP connection which the connector has initiated using SSL. It seems I can't at this point upgrade my TCP connection to SSL using the standard SSL library?
If I understand the documentation correctly I need to be in control of both ends of the connection to correctly execute this upgrade and in my application I'll never be in control of the connecting side.

Does anyone know if this is correct or see something that I'm missing? Anyone know any hack-arounds?

Thanks in advance.

//Tom.


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Kaiduan Xie-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Upgrading TCP connection to SSL

Kaiduan Xie-2
For TCP upgrading to SSL, client and server coordination is required.
The following is used in XMPP protocol,

1) Client initiates TCP connection,
2) Server accepts the TCP connection,
3) Server sends a message to client to notify client that server
supports TCP upgrade to SSL,
4) Client receives the feature notification from server, and then
client sends starttls to server,
5) Upon receiving starttls from client, server sends back proceed to
client, server waits for SSL handshake,
6) Upon receiving proceed from server, client starts SSL handshake with server.

For more details please refer 5.3.  Client-to-Server Example

www.ietf.org/rfc/rfc3290.txt

Thanks,

/Kaiduan

On Wed, May 25, 2011 at 11:35 AM, tom kelly <[hidden email]> wrote:

> Hello List,
>
> I've been reading the SSL documentation on upgrading a TCP connection to use
> SSL:
> http://www.erlang.org/doc/apps/ssl/using_ssl.html
>
> I've got a situation where I've accepted a TCP connection which the
> connector has initiated using SSL. It seems I can't at this point upgrade my
> TCP connection to SSL using the standard SSL library?
> If I understand the documentation correctly I need to be in control of both
> ends of the connection to correctly execute this upgrade and in my
> application I'll never be in control of the connecting side.
>
> Does anyone know if this is correct or see something that I'm missing?
> Anyone know any hack-arounds?
>
> Thanks in advance.
>
> //Tom.
>
>
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Ingela Andin-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Upgrading TCP connection to SSL

Ingela Andin-2
Hi!

As Kaiduan points out you need a scheme (agreed upon protocol) to
coordinate the upgrade but of course you do not need to control
both sides of the connection. In the upgrade example we show a
upgrade scenario, issuing commands from two erlang shells,
demonstrating the mechanism on the "erlang-ssl" level. Of course we
use the erlang client and server to show how our software should
be used, does not mean you can not use any other ssl client to connect
to our server or vice versa.

See for instance RFC 2817 to see how it is done in  HTTP/1.1

Regards Ingela Erlang/OTP team - Ericsson AB


2011/5/25 Kaiduan Xie <[hidden email]>:

> For TCP upgrading to SSL, client and server coordination is required.
> The following is used in XMPP protocol,
>
> 1) Client initiates TCP connection,
> 2) Server accepts the TCP connection,
> 3) Server sends a message to client to notify client that server
> supports TCP upgrade to SSL,
> 4) Client receives the feature notification from server, and then
> client sends starttls to server,
> 5) Upon receiving starttls from client, server sends back proceed to
> client, server waits for SSL handshake,
> 6) Upon receiving proceed from server, client starts SSL handshake with server.
>
> For more details please refer 5.3.  Client-to-Server Example
>
> www.ietf.org/rfc/rfc3290.txt
>
> Thanks,
>
> /Kaiduan
>
> On Wed, May 25, 2011 at 11:35 AM, tom kelly <[hidden email]> wrote:
>> Hello List,
>>
>> I've been reading the SSL documentation on upgrading a TCP connection to use
>> SSL:
>> http://www.erlang.org/doc/apps/ssl/using_ssl.html
>>
>> I've got a situation where I've accepted a TCP connection which the
>> connector has initiated using SSL. It seems I can't at this point upgrade my
>> TCP connection to SSL using the standard SSL library?
>> If I understand the documentation correctly I need to be in control of both
>> ends of the connection to correctly execute this upgrade and in my
>> application I'll never be in control of the connecting side.
>>
>> Does anyone know if this is correct or see something that I'm missing?
>> Anyone know any hack-arounds?
>>
>> Thanks in advance.
>>
>> //Tom.
>>
>>
>> _______________________________________________
>> erlang-questions mailing list
>> [hidden email]
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions
>
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Loading...
Powered by Nabble Edit this page