Hi again everybody, I'm in the following situation and need some advice, mainly on a course of action. What I have are two programs I've written, which communicate over the LAN using TCP. The first is a Java applet, the second is a linux daemon written in C. This means of course that the applet is the client. What I basically want to do is to create some kind of authentication mechanism between the two (using a password for example) so that the daemon KNOWS that whoever is using the applet at the time is actually the administrator. Even more important, those two communicate using a special protocol that I designed, and thus it would be nice to be able to secure any traffic between the applet and the server. Another thing to consider is how to stop tcp session hijacking or spoofing attacks. The most obvious thing to do is to solve the auth and the secure traffic issues. I was wondering what to use for this. I want to make it clear that I still haven't gone and researched into SSL or TLS much. >From the few things I've read, there is (or was) a problem using SSL because of legal problems with RSA over the cipher algorithms. I was wondering if this is still the case and SSL is a no-option. I also noticed that you have the same kind of problem if using openSSL with the above mentioned algorithms. I'm not sure what others exists, and I'd like to take some suggestions. Regarding the Java platform, if I'm not mistaken Sun has a JSSP (i think that was the name) in order to implement secure programming over sockets. As for libraries in C, I know about openssl and libssl, but I'm worried about the legal rights, and of course, nothing forces me to actually use the SSL protocol, I could use TLS. Which is better ? And finally, if anyone can suggest good resources regarding programming using crypt libraries (to secure TCP sessions), I'd greatly appreciate it.
After all the replies I got regarding the JS thingie, it seems only logical to ask for opinions on a more "heavy" issue. Regards, Eli
