Solved

C++ Winsock with SSL

Posted on 2004-03-26
8
1,401 Views
Last Modified: 2010-08-05
I am trying to design and implement a very efficient secure winsock server.  I have the design almost finish except for the fact that it is not secure.  I need to add SSL to my server and I have no clue how to do this.  

My guess is that I would use OpenSSL.  Can anyone help me do this?  How hard will implemented SSL be?  Is there any documentation out there showing examples how to use OpenSSL?

I need a lot of help with this.  Please help me.

Thanks
0
Comment
Question by:leobaz2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 44

Accepted Solution

by:
Karl Heinz Kremer earned 84 total points
ID: 10694099
Look at the OpenSSL documentation page at http://www.openssl.org/docs/
You will find documents about how to use both the command line tools, but also the library.
0
 
LVL 22

Assisted Solution

by:grg99
grg99 earned 83 total points
ID: 10694706
First, ponder a few things:

(1) "Really efficient" and "SSL" are mostly contradictory.  Encryption with DES is quite slow; setting up a SSL connection takes a fair amount of time; checking for valid certificates can take quite a while.    Think really hard, do you need speed more than you need absolute security?  Would a lower level of security be good enough?

(2)  Looking at the OpenSSL exploits list is very disconcerting.  Can you really trust a system that has had so many holes over time?  Back when I was using SSL a lot I'd have to check for security updates every week, as there often was a patch a week for a while.


 
0
 

Author Comment

by:leobaz2
ID: 10694829
Well, I am trying to implement an online poker room similar to party poker and ultimate bet.  The server needs to be very efficient since I might be dealing with 35,000 people sending requests at the same time.

However, I also need security from client to server.  It looks like Party Poker and Paradise Poker are both secured by thawte (www.thawte.com) which I think uses OpenSSL.  I know that on Party Poker is says it uses SSLv3/TLSv1 encryption algorithm for message between client and server.  It also has an OpenSSL icon right next to the thawte icon. http://www.paradisepoker.com/security.html

Setting up an online poker room must have its server's outside the USA.  Therefore, from what I read, there are certain algorithms that I cannot use for my security.

What are the other SSL implementations out there that I can you?
0
 
LVL 4

Assisted Solution

by:booki
booki earned 83 total points
ID: 10695164
leobaz2,

An article with source:
http://www.jetbyte.com/portfolio-showarticle.asp?articleId=48&catId=1&subcatId=2

Another tutorial/example:
http://www.rtfm.com/openssl-examples/

A SSL/TLS protocol analyzer:
http://www.rtfm.com/ssldump/

A book w/"Extremely detailed coverage of SSL/TLS":
SSL and TLS: Designing and Building Secure Systems, Addison-Wesley, 2001 ISBN 0-201-61598-3

b.

0
 
LVL 49

Expert Comment

by:DanRollins
ID: 10711806
One note:  On your Poker server, be careful with how you choose your random number seed (inside joke:)
-- Dan
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Original post  on Monitis Blog. Web performance monitoring is broken into two camps: passive and active. Passive monitoring is defined as looking at real-world historical performance by monitoring actual log-ins, site hits, clicks, requests for …
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

731 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question