Does OpenSSL provide multiple SSL_CTXs per process, one SSL_CTX used for server sessions, and another SSL_CTX for client sessions?
I have a Linux process that needs to act as an SSL server (accept and serve connections from other clients), but also needs - in the same process - to initiate client sessions with other SSL servers.
I intend to create two separate SSL_CTX descriptors using two calls to the SSL_CTX_new () functions, one called using server methods and the other using client methods. Is this dual use of OpenSSL supported within the same process? I hope OpenSSL uses the SSL_CTX descriptor and does not rely on global or static local variables - for all the context information it might need to create and maintain new sessions. Is this a good guess?
source to share
From my experience: You are free to create multiple contexts as long as you initialized the OpenSSL library correctly. I have used two different contexts in the same application without any problem after setting up thread locks as described in the OpenSSL man page: http://www.openssl.org/docs/crypto/threads.html . If your application doesn't use threads, you don't need this setup at all.
source to share
Does OpenSSL provide multiple SSL_CTXs per process, one SSL_CTX is used for server sessions ...
Yes, and this is quite common. Its general meaning when using the server name. In the case of SNI, you have a default SSL_CTX
and then SSL_CTX
for each server. Then you return the default SSL_CTX
or custom SSL_CTX
SNI callback if the client has included the server name extension in their ClientHello
.
SSL_CTX
refer to the library, so they are not freed until the reference count drops to 0 in one of the calls SSL_CTX_free
.
Here are some related SNI questions if interested:
- Serving multiple domains in one field with SNI
- How to Implement Server Name Identification (SNI)
- Cannot call callback function SSL_CTX_set_tlsext_servername_callback
The former even provides you with a callback code. GetServerContext
returns a new (or existing) context based on the server name:
/* Need a new certificate for this domain */
SSL_CTX* ctx = GetServerContext(servername);
if(ctx == NULL) handleFailure();
...
/* Set new context */
SSL_CTX* v = SSL_set_SSL_CTX(ssl, ctx);
Does OpenSSL provide multiple SSL_CTXs per process, ... a different SSL_CTX for client sessions?
Yes, but you don't usually use it. The client usually does not change its own SSL_CTX
, as the server does.
In the case where a client connects to multiple servers, usually you set your channel parameters with SSL_CTX_set_options
and use that for each connection to each server (even different ones). The parameters would be things like protocols (TLS 1.1, TLS 1.2), cipher suites (removing anonymous cipher suites), and compression. See the discussion below SSL / TLS Client for details .
The client needs to set the hostname of the server, but this is done SSL*
using using SSL_set_tlsext_host_name
instead of SSL_CTX*
.
Or if you are using BIO
it would look like this. Note that BIO
effectively wraps SSL*
, so you don't change SSL_CTX*
:
BIO* web = BIO_new_ssl_connect(ctx);
if(web == NULL) handleFailure();
res = BIO_set_conn_hostname(web, HOST_NAME ":" HOST_PORT);
if(res != 1) handleFailure();
... one called with server methods and another with client methods
Not necessary. The only difference between them (for example, SSLv23_client_method
and a SSLv23_server_method
) - a pair of pointers to functions, such as connect
and accept
in the invisible structures. Clients call connect
and servers call accept
.
Instead, just use generic SSLv23_method
and you should be fine. You still have to set up the context with SSL_CTX_set_options
, as the default context provided SSL_CTX_new
includes weak / wounded / broken protocols and ciphers.
The OpenSSL SSL / TLS Client wiki page shows how to configure an object SSL_CTX
. It does the following and can be used by both clients and servers:
- Disable SSLv2
- Disable SSLv3
- Disable compression
- Disable anonymous protocols
- Use strong ciphers.
Using a custom cipher list, for example "HIGH: ... : !SRP:!PSK"
, removes a lot of weak / wounded ciphers and removes a bunch of cipher suites that are probably not supported on the server (so there is no reason for the client to advertise them). SRP is the exact Waw Secure Remote Password and PSK is the Preshared key. IANA reserves 87 cipher suites based on them, so it stores almost 180 bytes in ClientHello
.
Is this dual use of OpenSSL within the same process?
Yes.
I hope OpenSSL uses the SSL_CTX descriptor and does not rely on global or static local variables
Well, you're out of luck there. There are many globals, some of them are dynamically allocated and some of them are not released.
And if you are working in Java or C #, they leak every time the shared object is loaded / unloaded. So your Java or C # program accumulates more and more memory over time. The OpenSSL developers don't feel worthy of their time. See, for example, Small Memory Leak on a Multithreaded Server on the OpenSSL mailing list.
source to share