So can I safely assume that no one ever has tried to use secure sockets in LC?
On 15 Oct 2014, at 18:59, Björnke von Gierke <b...@mac.com> wrote: > Hi all > > I'm rather uneducated with encryption stuff, so I wanted to try out secure > sockets. However, most likely due to my incapability to understand what I'm > doing, I've been unable to get a simple example working. > > I've used my own "simplest socket client/server" stacks from rev online, ran > them in two different LC instances (because LC locks up if you do server and > client in the same executable), and then I modified them to use secure stuff. > > First I simply set the client to use "open secure socket to...". Funnily this > would show what I assumed where encrypted handshake messages on the server > side (gibberish). But of course I have no Idea about how to decrypt those, > plus, that's probably not how things should work. > > I then Added a "secure" to the server side by using "accept secure sockets > on..." which would actually result in a connection (note: "secure" is > undocumented for "accept" so I have made a bug report in regards to that, > because it seems to work just fine.) However, If I then try to send a message > from the client to the server, it fails with these errors on their respective > ends: > > client: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake failure > server: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > I assume that I am using the commands correctly, but that I guess I do need > to specify the server to use a certificate? > > Questions Galore! > > - Has anyone done secure sockets with both server and client implemented in > LC (or just the server)? > - Is it possible to do a secure connection as CLIENT, when the certificate > does not exist or remains unspecified on the client side? (I assume this is > when I need to specify "without verification")? > - Is it possible to do a secure SERVER and not specify a certificate or a key > on the server side? I guess not, but Is it possible to let LC do certificates > and keys for me behind the curtains? > - I'm testing on mac os x, so I can create a certificate using Keychain.app. > What settings would I need to do there? > - Is it insecure to issue a certificate for 127.0.0.1 (localhost)? > - If I got a certificate that is applicable, how do I tell LC to use it as my > server certificate? > - SSLv3 Is deemed insecure. In case I ever get anything working, how can I > disable SSL completely, and force my connections to always use TLS or even > only TLSv1.2? > - How about any of the other minuteas of cypher selection and key exchange, > how can I do that manually? should I do that manually? > > Thank you for any information, and feel free to answer any questions even if > only partially or guesswork. Also feel free to answer questions which I > neglected to ask. If I ever get this to work, and have some basic > comprehension, I'll make a lesson at lessons.runrev.com, so everyone can > benefit in the future. > > cheers > Björnke > > -- > > Use an alternative Dictionary viewer: > http://bjoernke.com/bvgdocu/ > > Chat with other RunRev developers: > http://bjoernke.com/chatrev/ > > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode