[erlang-questions] Upgrading tcp connection to ssl (tls)

Jakob Cederlund <>
Thu Aug 16 17:36:42 CEST 2007


It's not in the current implementation of ssl, due to a lot of reasons. 
There is a newer implementation in the works that will make it possible 
to do ssl-encryption on an already established socket connection, but 
it's one or two otp-releases in the future.
/Jakob

Christian S wrote:
> No, I guess I am being vague.
>
> I have an established gen_tcp connection, after negotiation the client
> says it want to proceed talking in an encrypted tls channel over this
> tcp connection.
>
> I would need something like {ok, SSLSock} = ssl:initiate_tls(TCPSocket, Opts).
>
> 2007/8/16, Toby Thain <>:
>   
>> On 16-Aug-07, at 11:09 AM, Christian S wrote:
>>
>>     
>>> It seems like the ssl module doesnt support taking over a tcp
>>> connection and bootstrapping ssl/tls on it?
>>>
>>> I recall having seen this issue on the list once, but i cant find
>>> anything when searching for it.
>>>
>>> Is there any work on the ssl module, or undocumented features for
>>> this?
>>>
>>> ejabberd use their own tls driver to communicate with openssl which
>>> seem to have support for promoting tcp to tls.  i guess this is time
>>> tested code that works well,
>>>
>>> another idea i had was to just connect back to a ssl port on the same
>>> machine and  relay the tcp traffic there? or doesnt this work? i have
>>> very little knowledge about the protocol in ssl/tls
>>>       
>> Does this help at all?
>> http://telegraphics.com.au/svn/essltest/trunk/essltest.erl
>>
>> --Toby
>>
>>     
>>> _______________________________________________
>>> erlang-questions mailing list
>>> 
>>> http://www.erlang.org/mailman/listinfo/erlang-questions
>>>       
>>     
> _______________________________________________
> erlang-questions mailing list
> 
> http://www.erlang.org/mailman/listinfo/erlang-questions
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20070816/496b2a93/attachment.html>


More information about the erlang-questions mailing list