Boost Users :

Subject: Re: [Boost-users] Generate SSL certificate, chain file, dh and key for boost::asio::ssl::context
From: jupiter (jupiter.hce_at_[hidden])
Date: 2017-02-27 10:11:19

• Next message: Alain Miniussi: "Re: [Boost-users] serialization support for gcc ?"
• Previous message: jupiter: "Re: [Boost-users] Monitor lost client data connections"
• In reply to: Maarten de Vries: "Re: [Boost-users] Generate SSL certificate, chain file, dh and key for boost::asio::ssl::context"

Thanks Maarten, appreciate your kind explanations and links.

On Mon, Feb 27, 2017 at 3:49 AM, Maarten de Vries <maarten_at_[hidden]> wrote:

>
>
> On 26 February 2017 at 01:32, jupiter <jupiter.hce_at_[hidden]> wrote:
>
>>
>>
>> It is a server / client TCP communication, I'll use by port of SSL
>> although the TLS should also work. Our server should only accept
>> connections from our trusted client of devices, so I should use the client
>> certificates.
>>
>
> ​In that scenario it does indeed make sense to use both client and server
> certificates and have each side of the connection verify the certificate of
> the other endpoint.​
>
>
> ​SSL is a deprecated standard. TLS is the successor of SSL. Most
> programs/libraries nowadays support TLS even if the API or configuration
> uses the name SSL everywhere.​ Judging from the ASIO docs, it supports TLS
> (though not version 1.3):
> http://www.boost.org/doc/libs/1_63_0/doc/html/boost_asio/
> reference.html#boost_asio.reference.ssl__context
>
>
>
>> Could you elaborate in what circumstance that is possible "if the server
>> accepts anonymous connections"? The server does not know who requests a
>> connection from the SSL port, but the server will accept the connections if
>> the client certificate and key are valid. I thought as long as the SSL is
>> used, the server can only accept trusted connections, so I am not quite
>> understand if the server could accepts an untrusted anonymous connections.
>>
>
> ​By anonymous connection I mean an unauthenticated connection. If the
> server requires the client to present a valid certificate, you have a form
> of authentication so the connections are not anonymous.
>
> You may wish to read some TLS best practises written by others who know
> more about it then me:
> https://github.com/ssllabs/research/wiki/SSL-and-TLS-
> Deployment-Best-Practices
>
> ​
> --
> ​ Maarten​
>
>

• text/html attachment: attachment

• Next message: Alain Miniussi: "Re: [Boost-users] serialization support for gcc ?"
• Previous message: jupiter: "Re: [Boost-users] Monitor lost client data connections"
• In reply to: Maarten de Vries: "Re: [Boost-users] Generate SSL certificate, chain file, dh and key for boost::asio::ssl::context"

Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net