Sample Asynchronous SslStream Client/Server Implementation

Servidor y cliente TCP SSL as??ncrono. « vtortola.Net

Servidor y cliente TCP SSL as??ncrono. « vtortola.Net — Fri, 22 Jun 2007 08:58:44 GMT

PingBack from http://vtortola.wordpress.com/2007/06/22/servidor-y-cliente-tcp-ssl-asincrono/

re: Sample Asynchronous SslStream Client/Server Implementation

Chris Mullins — Thu, 26 Jul 2007 21:22:46 GMT

Our XMPP SDK makes extensive (!) use of the SSLStream class and does so using the Async infrastructure.

We ran into trouble with the threading requirements around the stream - the inability of the stream to queue Async writes was a bit frustrating, and we ended up having to wrap it in a BufferedStream that did properly queue aync writes and did all the appropiate blocking to insure the SSLStream didn't have threading issues.

Encrypting Passwords

Ken J. — Sat, 27 Oct 2007 21:24:13 GMT

None of the data in my program needs to be encrypted except the username and password when the client connects. I don't know anything about certificates and I'm finding all these examples to be complex. I spent 2 weeks writing some network classes using System.Net.Sockets.Socket. Is there a way I can send the username and password over a secure connection, and then once the client is validated, move back to an unsecure connection? My server is a game server and if I encrypted everything on my game server with sslStream it would be an extrem load on my server.

re: Sample Asynchronous SslStream Client/Server Implementation

joncole — Wed, 16 Jan 2008 23:37:55 GMT

Yes, you can switch back to an unsecure connection once you have finished transfering the username and password. You will need to do the following:

1) When you create the SslStream, make sure to pass in true for the leaveInnerStreamOpen paramenter to the constructor.

2) Make sure to hold onto a reference to the inner stream (the NetworkStream object).

3) Close the SslStream object and start using the NetworkStream object again.

As for certificates, you can contact one of the many certificate venders (like Verisign) to buy a server certificate.

re: Sample Asynchronous SslStream Client/Server Implementation

Tom L — Thu, 20 Mar 2008 17:56:40 GMT

What should I use for the parameter targetHost in StartConnecting? It doesn't seem to matter what value I have for it, just as long as I have *something*. How/why is that targetHost used?

TYIA

re: Sample Asynchronous SslStream Client/Server Implementation

joncole — Sat, 19 Apr 2008 01:18:36 GMT

The remoteHostName (aka targetHost) is the name of the server to which you are connecting. It should match the name on the server's certificate.

As a test to make sure that I remembered this correctly (I haven't used SslStream for a while), I created a test cert with the subject on the cert something other than "localhost" like "myMachineName". If I passed in anything other than "myMachineName" for the remoteHostName parameter, then I started getting the "RemoteCertificateNameMismatch" certificate error.

It probably works with any value for you because in my sample code above I am using the IgnoreCertificateErrorsCallback method as my certificate error validation routine. This sample validation routine ignores certificate errors - I use this in testing, but in real life you should implement your own routine based on your security needs/policies.

Also, having been away from this for a while, I realized that I couldn't remember the exact command line I used to create my test certificate. After fiddling with it a while to get it right, I ended up using makecert -r -pe -n "CN=localhost" -m 12 -sky exchange -ss my serverCert.cer. This command created a self-signed certificate with "localhost" for the certificate subject and it makes the certificate valid for 12 months.

Hope that helps.

re: Sample Asynchronous SslStream Client/Server Implementation

Alan McF — Thu, 02 Apr 2009 18:36:49 GMT

Many thanks for the makecert command-line. I've been trying to create an acceptable certificate (with PrivateKey!!) for hours!

Alan

re: Sample Asynchronous SslStream Client/Server Implementation

Kiotaya Rotan — Sat, 22 Aug 2009 23:23:49 GMT

Hi,

I am new to C# and sockets. I found this tutorial easy to follow and full of great information. I was able to get it working rather quickly. I have had some problems with sending more data (another string) through the secured stream.

After the connection to the server is made and authenticated, a hello from the client is sent and a hello is sent from the server and received at the client. After this exchange, how do I send more data (another string) through the secure stream?

Thanks in advance for your response.

Kio

kiotaya@yahoo.com

re: Sample Asynchronous SslStream Client/Server Implementation

joncole — Tue, 22 Sep 2009 01:13:53 GMT

I can only guess with the limited information I have, but are you calling "WriteLine" or "Write" on the StreamWriter instance? The sample code I have provided uses StreamReader and StreamWriter in conjunction with WriteLine/ReadLine. If you accidentally use "Write" instead of WriteLine, then the other side of the connection will block, waiting for the end of the line in the string. You may want to read my post on "Simple Message Framing Sample for TCP Socket" (or the asynchronous counterpart that follows).