Re: Book to implement SSL

--
Regards

Niels Liisberg

To: <web400@xxxxxxxxxxxx>
Sent: Thursday, August 03, 2006 2:45 PM
Subject: Re: [WEB400] Book to implement SSL

This isn't what he's trying to do. All he's trying to do is setup SSL
for his web server. There's no need to write a program to do this.

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Niels Liisberg
Sent: Wednesday, August 02, 2006 11:33 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Book to implement SSL

Hi Pugazh;

If you are doing it the programmatic way you have (at least) two choices
-
GSK or plain SSL. I have used the last (ssl.h) and it has all I require:

Besides you only have to initialize the SSL with a certificate from the
certificate store on your system i - you can find that by referring to
your
system i in a browser and the port 2001 like

http://MySystemI:2001

and create a certificate. Place it under
/QIBM/USERDATA/ICSS/CERT/CERTAUTH/DEFAULT.KDB  - and then you are good
to
go.

You have at least five algorithms to provide when you are doing SSL - I
use
the RSA version RC4/128 bit which has enough strength and is fast at the

same time .....

In IceBreak the underlying code looks like:

if (svr00r.SVPROT != PROTOCOL_HTTPS) {
   http.pSsl = SSL_Create(Socket , SSL_DONT_ENCRYPT);
} else {
  SSLInit sslinit;
  USHORT cipher = SSL_RSA_WITH_RC4_128_SHA;
  svr00r.SVCEPF.data[svr00r.SVCEPF.len] =0;
  if (BeginsWith(svr00r.SVCEPF.data , "*DFT")) {
     sslinit.keyringFileName    =
"/QIBM/USERDATA/ICSS/CERT/CERTAUTH/DEFAULT.KDB";
  } else {
     sslinit.keyringFileName    = svr00r.SVCEPF.data;
  }
  svr00r.SVCEPW.data[svr00r.SVCEPW.len] =0;
  sslinit.keyringPassword    = svr00r.SVCEPW.data;
  sslinit.cipherSuiteList    = &cipher;
  sslinit.cipherSuiteListLen = 1;
  rc = SSL_Init(&sslinit);
  if (rc < 0) {
     trace ( "SSL initialization failed reason %d error: %s", rc,
strerror(errno)) ;
  }
  http.pSsl = SSL_Create(Socket , SSL_ENCRYPT);
/* set up parameters for handshake */
  http.pSsl->protocol = 0;
  http.pSsl->timeout = 0;
  http.pSsl->cipherSuiteList = &cipher;
  http.pSsl->cipherSuiteListLen = 1;
  rc = SSL_Handshake(http.pSsl, SSL_HANDSHAKE_AS_SERVER);
  if (rc < 0) {
      trace ("SLL Handshake failed reason %d Error: %s", rc,
strerror(errno));
  }
}



Finaly you have to terminate the SSL with SLL_Destroy ....

----- Original Message ----- From: "Pugazh" <sapugazh@xxxxxxxxx>

To: <web400@xxxxxxxxxxxx>
Sent: Thursday, August 03, 2006 4:12 AM
Subject: [WEB400] Book to implement SSL

Guys,

Can any of you recommend any easy to follow books that
will help me implement SSL for my website, I need to
start completely from scratch?

Thnx


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.

--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.


--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.