We'll be right back, after this word...

| 15 Comments

Surprisingly enough the Bluetooth server "technology preview" has generated quite a bit of interest from potential clients, which is nice. In a similar spirit, I'm making the compiled version of our server that uses the OpenSSL Toolkit available for download. This code uses our freely available IOCP server framework and adds SSL support using OpenSSL. We have an SChannel version in the pipeline for those of you who don't want to have anything to do with OpenAnything...

From a server developer's point of view you needn't know or care that SSL is enabled on the data stream. Your code doesn't need to change unless you're interested in validating certificates or dynamically enabling or disabling the SSL. Porting a non SSL server to the SSL enabled version of the IOCP framework simply requires that you derive from a different version of the server base class; the new base class provides exactly the same callbacks as the non SSL version so all other code is unchanged.

The zip file contains a compiled server which listens on ports 5001 and 5002. The server on port 5001 doesn't require client certificates, the server on port 5001 does. The zip includes a simple client that's based on the code that was featured in the article I had published in Windows Developer Magazine. The zip also includes a stress test which connects to the server on localhost:5001 with 1000 connections and sends 100 x 1024 byte packets to the server and checks that they come back correctly. The stress test uses the newly refactored IOCP framework for client connections using the same IOCP system that the server uses. The debug version of the server spews lots of information out as it does its work, so it runs a lot slower.

The server is based on our packet echo server example and expects a packet format which consists of an int sent in network byte order which contains the number of bytes in the packet (excluding the size of the int). The server will only process packets of up to 1020 bytes. The server uses a dynamically adjusting thread pool of between 5 and 20 threads to 'process' (echo) the packets. The server design is not in any way optimised, in fact, it's designed to be complicated to thrash test the IOCP framework to OpenSSL shims; for example, it echoes each packet in three equal sized cleartext writes to socket layer, hence all the buffer allocations that can be seen in debug mode...

If you don't have a packet sniffer and you want to prove to yourself that the bytes really are protected by SSL ;) then you can connect to the server with a web browser by running the server using the following url; https://localhost:5001 which will give the message "Too much data! Go away!" in the browser...

The OpenSSL libraries are linked statically to this server. You can get the source to OpenSSL from here. The apache-like license that OpenSSL is released under is available here, and in the zip.

Oh, and by the way, a word from our lawyers;

This software package uses strong cryptography, so even if it is created, maintained and distributed from liberal countries in Europe (where it is legal to do this), it falls under certain export/import and/or use restrictions in some other parts of the world.

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, BEFORE DOWNLOADING THE SAMPLE OR EVEN JUST EMAILING TECHNICAL QUESTIONS TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL AND THIS SAMPLE SERVER ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.

The zip file is here.

The shims that allow us to connect our IOCP framework to the OpenSSL Toolkit are NOT publicly available at this time. We DO offer consulting relating to SSL server developments using this code and our freely available IOCP framework and we DO offer these shims and the latest version of The Server Framework for sale for use with the OpenSSL Toolkit in your systems. If you're interested, contact me for details, or take a look here for pricing.

I can't help thinking that any future blog entry that announces an SChannel version of this code will not need to be quite so wordy...

15 Comments

i am interesting iocp & openssl,how can i get your OpenSSLServer source code?
thanks.

I had used iocp to my server, i want add openssl functionto my server. Can i control socket when i use openssl? how can i control?
I had understand jetbyte code.
Can you give me advise?
Thanks!

At present we code for the OpenSSL based server is not publically available but if you drop me an email I'm sure we can sort something out.

email: vicstart@gmail.com
thanks

when iocp ssl server read data, in CSocketServer::WorkThread::Read function,can i use SSL_read function ? if can not, how can i do?
thanks.

Did you take a look at the code for the OpenSSL article that's here?

The IOCP version is a variation on that CAsyncSocket version. They're both async, so the system is very similar. The trick is to use "memory BIO's" so that you decouple the calls to SSL_Read and SSL_Write from the actual data arriving (or going).

Hi,
Im working on a web server under windows that uses SSL, and it would be of great help if i could have the source code for you SSL server.
Thanks.

I'm sure it would. Email me and we can talk about the licensing costs.

How can i get your OpenSSLServer source code?
thanks.

Email me, we can discuss your requirements and I'll quote you a price for the code required.

Hello !

I am developing a server uses OpenSSL, client is already running smooth with msdn.one.microsoft.com, but my server does not. Please, How could you get me a code sample on how to setup OpenSSL server (so i used your example for the client and aware of a concept you introduced) ? You could do me a big favor providing this information. Thank you in advance.

Dmitry, Diamedx Inc.

Hello !

I am developing a server uses OpenSSL, client is already running smooth with msdn.one.microsoft.com, but my server does not. Please, How could you get me a code sample on how to setup OpenSSL server (so i used your example for the client and aware of a concept you introduced) ? You could do me a big favor providing this information. Thank you in advance.

dmitryartox@gmail.com

Dmitry, Diamedx Inc.

Dimitry

We license the code that we use to do async OpenSSL with the license for our server framework. Drop me an email if you're interested in pricing and the terms and conditions of use.

Len

I am interested in pricing and the terms and conditions of use.

peta.song@gmail.com

Peter, I'll email you about this now.

Leave a comment