Re: Using OpenSSL over a high level peer-to-peer middleware

Wed, 19 Oct 2005 06:32:20 -0700


> How feasible is it to use OpenSSL's SSL library to generate the raw data
> that is to be sent through the transport layer independent of the
> latter's implementation ? And read this data on the other end...
openSSL library uses the BIO abstraction for IO operations. You could use a memory BIO and manipulate that buffer any way you want.

> Is there any known similar project, in which OpenSSL has been used to
> implement SSL over non-TCP connexions ?

openSSL 0.9.8 comes with support for DTLS, which is TLS over UDP. I am not aware of anyone using it, though. The EAP-TLS protocol that has been around for a while uses TLS over PPP (v.s. TCP). Be careful when you create you own protocol because TLS assumes reliable transport, breaking this assumption presents serious security implications.



Alain Damiral <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]

10/19/2005 08:32 AM

Please respond to
openssl-users@openssl.org
To
openssl-users@openssl.org
cc
Subject
Using OpenSSL over a high level peer-to-peer middleware





Greetings to everyone,

This is my first mail to this list so first of all I hope to avoid
making too much of a fool of myself.

I am a student in computer science and I have been charged with the task
of implementing a secure communication mechanism for a high level
peer-to-peer middleware designed for use in the Oz language
(www.mosart-oz.org). This peer-to-peer network is a structured network
in which there should not necessarily be a direct TCP connexion between
two communicating peers. So far it seems like a fine idea to use SSL
over this network rather than directly over TCP as is usually done.
Before damaging my health too much on this work I'd appreciate some
advice from fine people such as many of you certainly are about the
following questions:

How feasible is it to use OpenSSL's SSL library to generate the raw data
that is to be sent through the transport layer independent of the
latter's implementation ? And read this data on the other end...

Would it be a better idea to use OpenSSL's crypto library to handle
cryptographic operations and certificates and reimplement the rest of
SSL's behaviour according to it's specification ? (At least to the
extent required for my piece of work)

Is there any known similar project, in which OpenSSL has been used to
implement SSL over non-TCP connexions ?


Well that's it for now and I thank you all for your time,

Alain Damiral,

Université Catholique de Louvain - student,
alain.damiral'at'student.uclouvian.be
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to