Can SSL be used to encrypt non-HTTP data? [closed]
ssl 可以用於其它的應用層協議,並不只是應用在http協議上(變成https)
Can SSL be used to encrypt non-HTTP data? [closed]
If we have a proprietary binary protocol used by some application, can we use SSL/TLS to encrypt the protocol's payload without tunneling it through HTTP?
It's a while back since we looked at this, but the SSLeay/OpenSSL demo files came with sample files (serv.cpp
cli.cpp
) from which you can layer SSL (and, presumably, TLS) over a normal socket connection. In essence: you first create a "context" at each end (using the certificate on the server end), then after opening the socket (but before sending any ofyourdata), you add calls toSSL_connect()
orSSL_accept()
send()
andrecv()
calls intoSSL_write()
andSSL_read()
.–TripeHoundMar 20 '17 at 10:12
- 14 I'm voting to close this question as off-topic because it lacks basic research–paj28Mar 20 '17 at 13:33
-
2
TLS = Transport Layer Security. HTTP is at the application layer, above the transport layer. So yes, of course you can use TLS without HTTP.–
- 1 @paj28 I agree it seems to lack basic research, but StackExchangeisa source of research for many professionals. Where is the line?–PedroMar 21 '17 at 0:41
- 1 @david25272 I'm not seeing what this question has to do with that, except that they both involve encryption
___________________________________________
Can we use SSL/TLS to encrypt the protocol's payload without tunneling it through HTTP?
Absolutely. TLS provides secure communication on top of the transport layer and you can easily employ it as a transparent wrapper around your own custom protocols.
One advantage of TLS is that it is application protocol independent. Higher-level protocols can layer on top of the TLS protocol transparently. The TLS standard, however, does not specify how protocols add security with TLS; the decisions on how to initiate TLS handshaking and how to interpret the authentication certificates exchanged are left to the judgment of the designers and implementors of protocols that run on top of TLS.
(fromRFC 5246for TLS 1.2)
HTTP just happens to be one possible application-layer protocol that is commonly transmitted over TLS. There are many other examples where TLS is added to secure a protocol that has no built-in encryption. E.g., if you use a desktop email client, the communication with the mail server (probably using IMAP/POP3/SMTP) will likely be wrapped in TLS, too. TLS can also be used as an encrypted tunnel for the entire network stack for VPN applications (although OpenVPN only uses TLS for authentication, not for for encrypting the actual data - thanks, @ysdx).
shareimprove this answer editedAug 29 '17 at 2:33 answeredMar 20 '17 at 7:36 Arminius 40.9k1313 gold badges131131 silver badges130130 bronze badges- Don't forget IRC!–NayukiMar 20 '17 at 18:57
- 1 AFAIU, OpenVPN doesnotuse TLS for encrypting the payload (packets). As explained, in the page you mention, TLS is only used for « for the authentication and key exchange mechanism » (the control channel). The tunneled packets themselves (the data channel) are not encapsulated in the TLS layer. Seeopenvpn.net/index.php/open-source/documentation/…, « P_CONTROL_V1 -- Control channel packet (usually TLS ciphertext) » vs « P_DATA_V1 -- Data channel packet containing actual tunnel data ciphertext ».–ysdxMar 21 '17 at 8:28
Yes, TLS can be used for general transport layer security (as the name suggests). A few common uses:
- HTTP (HTTPS)
- FTP (FTPS)
- SMTP (SMTPS)
- VPN
- 1 SMTP (SMTPS) ? smtp normally is unencrypted, right?–BradMar 20 '17 at 17:43
- 4 @Brad Yes, but like all the other things on the list, itcan besecured with TLS.–Xiong ChiamiovMar 20 '17 at 18:55
- Encryption of SMTP data is pretty common on mobile devices–david25272Mar 21 '17 at 0:38