Security

Overview

The ability to add protocol security to Push Framework is a major and important addition brought by the design of the version 3.0.This design makes it possible to layer protocols on top of each others. Therefore you have been provided with a TLS protocol layer that you can easily wire to your existing protocol so you easily secure your communication with zero development.

Usage:

Let’s suppose you are servicing Websocket clients at port 10010:

int main()
{
        PushFramework::Server theServer;
 
	Protocol* pWebsocketProtocol = new WebsocketProtocol();
	ListenerOptions lOptions;
	lOptions.pProtocol = pWebsocketProtocol;
 
	theServer.createListener(10010, &lOptions);
}

You can now add TLS security the following way, where SSLProtocol is the protocol class implementing TLS layer:

int main()
{
        PushFramework::Server theServer;
 
	Protocol* pSSLProtocol = new SSLProtocol();
	pWebsocketProtocol->addLowerProtocolLayer(pSSLProtocol);
 
        ListenerOptions lOptions;
	lOptions.pProtocol = pWebsocketProtocol;
 
	theServer.createListener(10010, &lOptions);
}

Of course, you could keep the same protocol for your existing protocol, then service secure clients using another port. (With version 3.0, Push Framework has restored the ability to use multiple ports/protocols).

Using certificates:

You should provide a server certificate for TLS to work. Additionally you can provide another public certificate so that your server forces client authentication. These two modes (Server authentication only, or server-client authentication) can be selecte using the approprite SSLProtocol::initialize method.

License and Download information

SSLProtcol is dynamic library that implements TLS-protocol layer. It depends on ProtocolFramework along with OpenSSL and is available for both Windows and Linux.

SSLProtocol is not free. Write to me to get it. If you are a developer and need SSLProtocol within a risky project, I can still give it to you without the need to pay anything.

Some businesses would require getting complete source code: that is possible. It is also possible to get the library do the tests, then only pay when evrything is fine for you.

 

Share