Encrypted connection

[Jens Thoms Toerring]

Hi,

I'm in the planning stage of writing a server-client
application for which I need good enryption of all data
exchanged between the server and client. While the client-
server part as such does't pose a major problem I don't
have much experience with encrypting a connection. I have
done quite a bit of reading and checking what's available
on CPAN, but I haven't yet a good idea about the best way
to do it. Some packages seem to only cover the client side,
others have rather mixed reviews etc. I guess several peo-
ple here have been doing this kind of stuff for years and
years and I would be really grateful for all pointers and
recommendations.
Thanks and best regards, Jens

 

[Tim Watts]

That's a good answer, but it's probably easier to use IO::Socket::SSL,
which is a layer over New::SSLeay that looks (almost) just like
IO::Socket::INET. Remember to be careful about verifying the server
certificate, and the client cert if you use one. You don't necessarily
need certs from a public CA: using a private self-signed CA is fine, but
you do need to check the certificate has been properly signed by the
right CA.

Sensible alternatives include ssh, Kerberos, and using HTTPS with a web
server to handle the server-side encryption.

Ben

And to the OP - don't discount the possibility of hooking IO through an
external tool, eg:

stunnel or socat or a real ssh client. A variation on this trick is to rig
stunnel/socat (and inetd) to deal with the SSL connection and present an
unencrypted net socket (or unix domain socket) on the loopback address to
which the local client or server will connect.

It's not as neat as having the client/server program deal with it - OTOH it
may be simpler and often, simpler lessens problems that lead to security
issues.

Cheers,

Tim

 

[Jens Thoms Toerring]

Hi,

thank you very much to all of you - I guess I have now
a better idea were to look first and how to get started!

Best regards, Jens