Piggybacking on the SSL handshake

Peter H|gfeldt peter@REDACTED
Wed Dec 14 15:31:33 CET 2005


No, you cannot do that. It would require access not only to the SSL
level, but also to the TCP level, which is not provided in the current
implementation.

/Peter
 

On Mon, 12 Dec 2005, Joel Reymont wrote:

> Folks,
> 
> I'm dealing with a strange protocol implementation where the customer  
> piggybacks on the SSL handshake and proceeds to selectively use SSL  
> when needed.
> 
> The way they do this is by plugging "in" and "out" memory BIOs into  
> OpenSSL and using them when needed. To kick things off they  
> initialize OpenSSL with certificate, etc. and then wait for data to  
> become available in the "out" BIO. They take the data, wrap it up and  
> ship it over to the client that proceeds to unwrap the data, feed it  
> to OpenSSL through the "in" BIO, wait for output, etc. Then they ask  
> OpenSSL if the handshake was completed. Once the handshake is  
> completed SSL is not used until needed.
> 
> My question is this... Can I implement this protocol using Erlang's  
> SSL module?
> 
> It seems to use a proxy so if I can take the output form the proxy  
> and wrap it up then I would be good. Of course I would also need to  
> detect the end of the SSL handshake.
> 
> 	Thanks, Joel
> 
> --
> http://wagerlabs.com/
> 
> 
> 
> 
> 




More information about the erlang-questions mailing list