× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. August 2006

Re: Book to implement SSL

Hi Pugazh;
If you are doing it the programmatic way you have (at least) two choices - GSK or plain SSL. I have used the last (ssl.h) and it has all I require:
Besides you only have to initialize the SSL with a certificate from the certificate store on your system i - you can find that by referring to your system i in a browser and the port 2001 like 

http://MySystemI:2001
and create a certificate. Place it under /QIBM/USERDATA/ICSS/CERT/CERTAUTH/DEFAULT.KDB - and then you are good to go.
You have at least five algorithms to provide when you are doing SSL - I use the RSA version RC4/128 bit which has enough strength and is fast at the same time ..... 

In IceBreak the underlying code looks like:

if (svr00r.SVPROT != PROTOCOL_HTTPS) {
   http.pSsl = SSL_Create(Socket , SSL_DONT_ENCRYPT);
} else {
  SSLInit sslinit;
  USHORT cipher = SSL_RSA_WITH_RC4_128_SHA;
  svr00r.SVCEPF.data[svr00r.SVCEPF.len] =0;
  if (BeginsWith(svr00r.SVCEPF.data , "*DFT")) {
sslinit.keyringFileName = "/QIBM/USERDATA/ICSS/CERT/CERTAUTH/DEFAULT.KDB"; 
  } else {
     sslinit.keyringFileName    = svr00r.SVCEPF.data;
  }
  svr00r.SVCEPW.data[svr00r.SVCEPW.len] =0;
  sslinit.keyringPassword    = svr00r.SVCEPW.data;
  sslinit.cipherSuiteList    = &cipher;
  sslinit.cipherSuiteListLen = 1;
  rc = SSL_Init(&sslinit);
  if (rc < 0) {
trace ( "SSL initialization failed reason %d error: %s", rc, strerror(errno)) ; 
  }
  http.pSsl = SSL_Create(Socket , SSL_ENCRYPT);
/* set up parameters for handshake */
  http.pSsl->protocol = 0;
  http.pSsl->timeout = 0;
  http.pSsl->cipherSuiteList = &cipher;
  http.pSsl->cipherSuiteListLen = 1;
  rc = SSL_Handshake(http.pSsl, SSL_HANDSHAKE_AS_SERVER);
  if (rc < 0) {
trace ("SLL Handshake failed reason %d Error: %s", rc, strerror(errno)); 
  }
}



Finaly you have to terminate the SSL with SLL_Destroy ....
----- Original Message ----- From: "Pugazh" <sapugazh@xxxxxxxxx> 
To: <web400@xxxxxxxxxxxx>
Sent: Thursday, August 03, 2006 4:12 AM
Subject: [WEB400] Book to implement SSL



Guys,

Can any of you recommend any easy to follow books that
will help me implement SSL for my website, I need to
start completely from scratch?

Thnx


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.