Re: Socket with ssl support
From: Alun Jones [MSFT] (alunj_at_online.microsoft.com)
Date: 01/25/05
- Previous message: Doug Barlow: "Re: How a custom CSP call MS default (base)CSP?"
- In reply to: Inting: "Re: Socket with ssl support"
- Next in thread: Inting: "Re: Socket with ssl support"
- Reply: Inting: "Re: Socket with ssl support"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Jan 2005 08:21:43 -0800
Perhaps the following pages will help you achieve FIPS-compliant TLS(*)
communications:
http://support.microsoft.com/?id=811833 - "The effects of enabling the
"System cryptography: Use FIPS compliant algorithms for encryption, hashing,
and signing" security setting in Windows XP and later versions"
http://support.microsoft.com/?id=811834 - "PRB: Cannot visit SSL sites after
you enable FIPS compliant cryptography"
The TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is FIPS compliant, and is
supported in Windows 2003 and Windows XP - the above setting will allow you
to require that this is the only allowed cipher suite.
Alun.
~~~~
-- Software Design Engineer, Internet Information Server (FTP) This posting is provided "AS IS" with no warranties, and confers no rights. "Inting" <tingardz@yahoo.com> wrote in message news:%239Ce2ynAFHA.2104@TK2MSFTNGP14.phx.gbl... > Hi Alun, > > Is there any way to use AES encryption? The connection will default to > RC4/MD5. I can only change MD5 to SHA1. > But i can never change RC4 to AES. > > RC4-MD5 ssl connection won't work in a secure domain with only FIPS > compliant encryption enabled. > RC4 and MD5 are not FIPS compliant, only AES and SHA1. > > thanks. > > Inting > > > "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message > news:u0fNMjk$EHA.3428@TK2MSFTNGP10.phx.gbl... >> "George" <george.news@NOSPAMgmx.net> wrote in message >> news:Xns95E36417DEC66newsgmxnet@213.0.184.81... >>> Is it possible to open a socket and establish an ssl connection for >>> encripting the communication? The socket is a normal TCP socket and I'm >>> sending customized data (not HTTP or any other protocol). >>> >>> I've read that there is something called SSPI for doing that kind of >>> stuff, >>> but I prefer to do it using ssl. >> >> SSL is the protocol for the Secure Sockets Layer- the specification for >> the format of bits on the wire that carry encrypted and authenticated >> traffic. >> >> SSPI is the programming interface - the Security Support Provider >> Interface - that is used to control a number of different SSPs - Security >> Support Providers. >> >> SChannel is the SSP that provides SSL operations - encryption and >> decryption, etc. >> >> You will need functions from the SSPI including >> InitializeSecurityContext, AcceptSecurityContext, EncryptMessage, >> DecryptMessage, etc - start reading at >> http://msdn.microsoft.com/library/en-us/secauthn/security/creating_a_secure_connection_using_schannel.asp, >> and look at the sample in the Platform SDK under "Microsoft >> SDK\Samples\security\SSPI\SSL" - WebClient and WebServer. >> >> Although they are, as they say, a very simple web client and web server, >> they show you exactly how to fetch a certificate, make or accept an SSL >> connection, authenticate, encrypt and decrypt, handle errors, and close. >> >> You could also, as another poster has suggested, use OpenSSL. I found >> the documentation of SChannel to be clearer, and the support to be >> better - and that was before I joined Microsoft. >> >> Alun. >> ~~~~ >> -- >> Software Design Engineer, Internet Information Server (FTP) >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> > >
- Previous message: Doug Barlow: "Re: How a custom CSP call MS default (base)CSP?"
- In reply to: Inting: "Re: Socket with ssl support"
- Next in thread: Inting: "Re: Socket with ssl support"
- Reply: Inting: "Re: Socket with ssl support"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
