[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1607
  • Last Modified:

C++ Winsock with SSL

I am trying to design and implement a very efficient secure winsock server.  I have the design almost finish except for the fact that it is not secure.  I need to add SSL to my server and I have no clue how to do this.  

My guess is that I would use OpenSSL.  Can anyone help me do this?  How hard will implemented SSL be?  Is there any documentation out there showing examples how to use OpenSSL?

I need a lot of help with this.  Please help me.

Thanks
0
leobaz2
Asked:
leobaz2
3 Solutions
 
Karl Heinz KremerCommented:
Look at the OpenSSL documentation page at http://www.openssl.org/docs/
You will find documents about how to use both the command line tools, but also the library.
0
 
grg99Commented:
First, ponder a few things:

(1) "Really efficient" and "SSL" are mostly contradictory.  Encryption with DES is quite slow; setting up a SSL connection takes a fair amount of time; checking for valid certificates can take quite a while.    Think really hard, do you need speed more than you need absolute security?  Would a lower level of security be good enough?

(2)  Looking at the OpenSSL exploits list is very disconcerting.  Can you really trust a system that has had so many holes over time?  Back when I was using SSL a lot I'd have to check for security updates every week, as there often was a patch a week for a while.


 
0
 
leobaz2Author Commented:
Well, I am trying to implement an online poker room similar to party poker and ultimate bet.  The server needs to be very efficient since I might be dealing with 35,000 people sending requests at the same time.

However, I also need security from client to server.  It looks like Party Poker and Paradise Poker are both secured by thawte (www.thawte.com) which I think uses OpenSSL.  I know that on Party Poker is says it uses SSLv3/TLSv1 encryption algorithm for message between client and server.  It also has an OpenSSL icon right next to the thawte icon. http://www.paradisepoker.com/security.html

Setting up an online poker room must have its server's outside the USA.  Therefore, from what I read, there are certain algorithms that I cannot use for my security.

What are the other SSL implementations out there that I can you?
0
 
bookiCommented:
leobaz2,

An article with source:
http://www.jetbyte.com/portfolio-showarticle.asp?articleId=48&catId=1&subcatId=2

Another tutorial/example:
http://www.rtfm.com/openssl-examples/

A SSL/TLS protocol analyzer:
http://www.rtfm.com/ssldump/

A book w/"Extremely detailed coverage of SSL/TLS":
SSL and TLS: Designing and Building Secure Systems, Addison-Wesley, 2001 ISBN 0-201-61598-3

b.

0
 
DanRollinsCommented:
One note:  On your Poker server, be careful with how you choose your random number seed (inside joke:)
-- Dan
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now