Hi all I'm rather uneducated with encryption stuff, so I wanted to try out secure sockets. However, most likely due to my incapability to understand what I'm doing, I've been unable to get a simple example working.
I've used my own "simplest socket client/server" stacks from rev online, ran them in two different LC instances (because LC locks up if you do server and client in the same executable), and then I modified them to use secure stuff. First I simply set the client to use "open secure socket to...". Funnily this would show what I assumed where encrypted handshake messages on the server side (gibberish). But of course I have no Idea about how to decrypt those, plus, that's probably not how things should work. I then Added a "secure" to the server side by using "accept secure sockets on..." which would actually result in a connection (note: "secure" is undocumented for "accept" so I have made a bug report in regards to that, because it seems to work just fine.) However, If I then try to send a message from the client to the server, it fails with these errors on their respective ends: client: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure server: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher I assume that I am using the commands correctly, but that I guess I do need to specify the server to use a certificate? Questions Galore! - Has anyone done secure sockets with both server and client implemented in LC (or just the server)? - Is it possible to do a secure connection as CLIENT, when the certificate does not exist or remains unspecified on the client side? (I assume this is when I need to specify "without verification")? - Is it possible to do a secure SERVER and not specify a certificate or a key on the server side? I guess not, but Is it possible to let LC do certificates and keys for me behind the curtains? - I'm testing on mac os x, so I can create a certificate using Keychain.app. What settings would I need to do there? - Is it insecure to issue a certificate for 127.0.0.1 (localhost)? - If I got a certificate that is applicable, how do I tell LC to use it as my server certificate? - SSLv3 Is deemed insecure. In case I ever get anything working, how can I disable SSL completely, and force my connections to always use TLS or even only TLSv1.2? - How about any of the other minuteas of cypher selection and key exchange, how can I do that manually? should I do that manually? Thank you for any information, and feel free to answer any questions even if only partially or guesswork. Also feel free to answer questions which I neglected to ask. If I ever get this to work, and have some basic comprehension, I'll make a lesson at lessons.runrev.com, so everyone can benefit in the future. cheers Björnke -- Use an alternative Dictionary viewer: http://bjoernke.com/bvgdocu/ Chat with other RunRev developers: http://bjoernke.com/chatrev/ _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
