Scribd
Upload
22 views

Lab 3 - Secue Comunication Using TLS

Uploaded by

Phạm Trọng Khanh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
22 views

Lab 3 - Secue Comunication Using TLS

Uploaded by

Phạm Trọng Khanh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

CNBU203-Network Security

Lab 3: Secure Communication using TLS

Ngoc-Tu Nguyen, PhD


[email protected]

09-2024 CNBU203-Network security Lab 2: 1


Outline
Secure communication using TLS
 Application Protocols: These are the protocols your
applications use to communicate, like HTTP/HTTPS,
SMTP, IMAP, FTP, or any custom protocol that uses TCP
for communication.
 TLS 1.3: The latest version of the Transport Layer
Security protocol that provides strong encryption, forward
secrecy, and faster handshakes.
 OpenSSL: The widely-used cryptographic library that
implements TLS/SSL protocols. You will use it to handle
the encryption and decryption process in TLS 1.3.

09-2024 CNBU203-Network security Lab 2: 2


OpenSSL
• Task1: Compile and install OpenSSL

09-2024 CNBU203-Network security Lab 2: 3


HTTPS
• Task 2: http + TLS  https

09-2024 CNBU203-Network security Lab 2: 4


Application protocols + TLS
• Server-Side TLS 1.3 Configuration with OpenSSL

 Initialize OpenSSL

SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();

 Create an SSL context and configure it for TLS 1.3

09-2024 CNBU203-Network security Lab 2: 5


Application protocols + TLS
• Server-Side TLS 1.3 Configuration with OpenSSL

 Create an SSL context and configure it for TLS 1.3


const SSL_METHOD *method;
SSL_CTX *ctx;

method = TLS_server_method();
ctx = SSL_CTX_new(method);

if (!ctx) {
perror("Unable to create SSL context");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

// Configure to use only TLS 1.3


SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);

09-2024 CNBU203-Network security Lab 2: 6


Application protocols + TLS
• Server-Side TLS 1.3 Configuration with OpenSSL
• Set the certificate and private key

SSL_CTX_use_certificate_file(ctx, "/path/to/cert.pem",
SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(ctx, "/path/to/key.pem",
SSL_FILETYPE_PEM);

• Handle incoming connections using TLS 1.3

09-2024 CNBU203-Network security Lab 2: 7


Application protocols + TLS
• Handle incoming connections using TLS 1.3
int server;
SSL *ssl;

server = accept(...); // accept a client connection

ssl = SSL_new(ctx);
SSL_set_fd(ssl, server);

if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
} else {
printf("Connection using TLS 1.3\n");
// Handle communication here
}

09-2024 CNBU203-Network security Lab 2: 8


Application protocols + TLS
• Handle incoming connections using TLS 1.3
• Encrypt data using TLS

SSL_write(ssl, "Hello, world!", strlen("Hello, world!"));


char buffer[1024] = {0};
SSL_read(ssl, buffer, sizeof(buffer));

09-2024 CNBU203-Network security Lab 2: 9


Application protocols + TLS
• Handle incoming connections using TLS 1.3
• Encrypt data using TLS
• Cleanup

SSL_shutdown(ssl);
SSL_free(ssl);
close(server);
SSL_CTX_free(ctx);
EVP_cleanup();

09-2024 CNBU203-Network security Lab 2: 10


Web Servers (Nginx, Apache) or Other Services
server {
listen 443 ssl;
ssl_protocols TLSv1.3;
ssl_ciphers
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
...
}

09-2024 CNBU203-Network security Lab 2: 11


Web Servers (Nginx, Apache) or Other Services
• Apache Configuration

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /path/to/cert.pem
SSLCertificateKeyFile /path/to/key.pem
SSLProtocol -all +TLSv1.3
SSLCipherSuite
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
</VirtualHost>

09-2024 CNBU203-Network security Lab 2: 12


Client-Side TLS 1.3 Configuration with OpenSSL
1. Create a TLS client context

const SSL_METHOD *method = TLS_client_method();


SSL_CTX *ctx = SSL_CTX_new(method);

SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);

09-2024 CNBU203-Network security Lab 2: 13


Client-Side TLS 1.3 Configuration with OpenSSL
2. Perform the handshake with the server:

int server;
SSL *ssl;

ssl = SSL_new(ctx);
SSL_set_fd(ssl, server);

if (SSL_connect(ssl) <= 0) {
ERR_print_errors_fp(stderr);
} else {
printf("Connected with TLS 1.3\n");
}

09-2024 CNBU203-Network security Lab 2: 14


Client-Side TLS 1.3 Configuration with OpenSSL
3. Send and receive encrypted data using

SSL_write and SSL_read

09-2024 CNBU203-Network security Lab 2: 15


Client-Side TLS 1.3 Configuration with OpenSSL
Testing and Validation

openssl s_client -connect yourserver.com:443 -tls1_3

09-2024 CNBU203-Network security Lab 2: 16

You might also like