I. Experiment content
- Install openSSL
- Write a server program, the function of the server is to establish SSL network services, accept the SSL connection of the client, send and receive SSL messages
- Write a client program, client function is through SSL protocol to connect to the server, send and receive SSL messages
- Generating an SSL Certificate
- Write the test report, including the screenshots of the running results of the server and client, as well as the SSL certificates generated
2. Experimental framework
The program is divided into two parts, the client side and the server side, our purpose is to use SSL/TLS features to ensure that the communication parties can verify each other’s identity (authenticity), and ensure the integrity of data, privacy.
Server Authentication Phase
- The client sends a start message “Hello” to the server to initiate a new session connection
- The server determines whether to generate a new master key based on the customer information. If yes, the server responds to the Hello message from the customer with the information required for generating the master key
- The customer generates a master key based on the received server response information, encrypts it with the public key of the server, and sends it to the server
- The server recovers the master key and returns a master key authentication message to the client, allowing the client to authenticate the server
User Authentication Phase
The server has been authenticated by the customer. In this phase, the customer is authenticated. The authenticated server sends a question to the customer, who provides authentication to the server by returning the (digital) signed question and its public key.
The flow chart is as follows:
The client and server frameworks are as follows:
3. Experimental steps
3.1 installation openSSL
Download the openSSL exe file at slproweb.com/products/Wi… Download the appropriate installation package from the website.
After downloading, open the installation and select the installation location. Do not install 64-bit and 32-bit files in the same directory.
Select copy the DLL to the OpenSSL directory.
After the installation is complete, if you want to donate, you can do so. If you don’t want to donate, uncheck and click “Finish”.
3.2 Setting up an OpenSSL Environment with VS2017
Create a new empty project and configure the project properties (include directories added to openSSL’s include folder; Library directory Add openSSL’s lib folder.
Copy libeay32.dll and ssleay32.dll in the bin folder of the OpenSSL installation directory to the project directory.
3.3 Generating a Certificate
Start by generating the server-side private key (key file)
Copy the code
openssl genrsa -des3 -out server.key 1024
This will prompt you for a password that will be used to encrypt the key file (des3 is the encryption algorithm, of course, you can choose any other algorithm that you think is secure). You will need to enter the password whenever you need to read this file (through the command or API provided by OpenSSL). You can remove this password if it’s inconvenient, but be sure to use other protection measures!
Command to remove the key file password:
Copy the code
openssl rsa -in server.key -out server.key
Copy the code
openssl req -new -key server.key -out server.csr
The Certificate Signing Request (CSR) is generated, and the GENERATED CSR file is submitted to the CA to form the server’s own Certificate. There will be a prompt on the screen, follow its instructions step by step to enter the desired personal information.
Do the same for the client to generate the key and CSR files.
Copy the code
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr
The CA key file is generated to generate a CA self-signed certificate.
First generate the CA key file:
Copy the code
openssl genrsa-des3 -out ca.key 1024
Regenerating a CA self-signed certificate:
Copy the code
openssl req -new -x509 -key ca.key -out ca.crt
Sign the server. CSR and client. CSR files you just generated with the generated CA certificate.
Openssl also ships with a file called ca.pl that you can use to generate files.
3.4 Programming of server and client
3.4.1 Client programming framework
Copy the code
/* Generate an SSL structure */
meth = SSLv23_client_method();
ctx = SSL_CTX_new (meth);
ssl = SSL_new(ctx);
/* The following is the normal socket process */
fd = socket();
connect();
/* Connect the socket to the SSL structure */
SSL_set_fd(ssl,fd);
/*SSL handshake process */
SSL_connect(ssl);
/ * the SSL_write (), SSL_read () instead of the original the write (), read () * /
SSL_write(SSL," I am the client ",strlen(" I am the client "));
3.4.2 Server writing framework
Copy the code
/* Generate an SSL structure */
meth = SSLv23_server_method();
ctx = SSL_CTX_new (meth);
ssl = SSL_new(ctx);
/* The following is the normal socket process */
fd = socket();
bind();
listen();
accept();
/* Connect the socket to the SSL structure */
SSL_set_fd(ssl,fd);
/*SSL handshake process */
SSL_connect(ssl);
/ * the SSL_write (), SSL_read () instead of the original the write (), read () * /
SSL_read (ssl, buf, sizeof(buf));
4. Screenshots of experimental results
The server and client run screenshots, and certificate information is also shown in the screenshots.
After three handshakes and data interaction, the server receives the “I am the client message” from the client, and the client receives the “server received” data from the server.