I'm using plain-C WebSocket library called libwebsockets to make a connection between client and server. When starting server I specify the server's cert and private key to be able to use SSL connection. It works OK.
When making a client's connection to the server I specify an SSL option to be able to create an SSL connection (using self-signed cert). All those things work as expected.
Now, I need somehow to get server's certificate on the client side during the connection establishment (or during handshake). Is there a way to do this? I can't find anything in the official documentation.
Thanks in advance.
Related
The old SSL certificate has expired and I want to renew the SSL certificate. However, the server already has established multiple links with other clients. So, can I just bind the old sockets to the new ssl, which means I don't need to disconnect the old base tcp links?
Existing TLS connections don't need to get updated with a new certificate - the server certificate is only checked at the beginning of the TLS connection. If your specific server supports updating the server certificate without a restart and thus without closing established connections is unknown - some do and some don't.
I am trying to connect AWS Glue to an Azure SQL Server via JDBC. I have tried different settings for the jdbc url without success. The URL's look as follows:
jdbc:sqlserver://domain.windows.net:1433/database
jdbc:sqlserver://domain.windows.net:1433;databaseName=database
In the documentation of AWS the SQL Server syntax is jdbc:sqlserver://host:port;databaseName=db_name
For test purposes I have used Squirrel SQL and made a succesful connection to my Azure SQL Server with it.
When I try to make a test connection within AWS Glue AWS CloudWatch gives me following log:
Attempting to connect with SSL: jdbc:sqlserver://domain.windows.net:1433;database={database}
SSL connection to data store failed. Retrying without SSL.
Check that your connection definition references your JDBC database with correct URL syntax, username, and password. The TCP/IP connection to the host domain.windows.net, port 1433 has failed. Error: "Connection timed out: no further information. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.".
What seems strange for me are the '{' brackets in the connection. Azure's Connection String tells me, that the connection itself should look like:
jdbc:sqlserver://domain.windows.net:1433;database=database
Maybe this is the issue but I am not sure how to solve it.
As you could connect successfully to Azure SQL from squirrel; things are good on Azure end.
One issue can be SSL; But most probably it is not because it is retrying without SSL also which also failed.
On Glue end; please see if you have outbound connections allowed on that port.
you have to set outbound and inbound rule of security group which you have defined during JDBC connection. set outbound rule to all trafic allowed. also allowed tcp traffic in your azure database.
I know that during normal SSL handshake, the client receives the server's certificate and verifies it, then uses the server's public key to encrypt the session key.
I want to write a SSL client in C language on Linux. During SSL handshake, it doesn't have to wait for the server's certificate and it sends the session key encrypted with the server's public key that have already been downloaded previously.
I am learning how to use OpenSSL, I only need the do-handshake part here.
Thanks for attention. Why to do this? The ISP or gateway can censor the certificate and block the connection according to names in the certificate.
Unfortunately, this is impossible. As part of the SSL (or TLS) protocol, the server will always send its certificate.
If you would like to bypass ISP censorship, I recommend using a VPN or Tor.
I'm trying use an SSL client/server example from:Client and Server communication using ssl c/c++ - SSL protocol don't works to create a secure connection using TLSV1 --
I Want to know how to create certificates for this code so that there will communication between client & server.
It need server certificate, server key & client cacertificate and cakey
i try to create it with the help of this link:https://help.ubuntu.com/community/OpenSSL
but it client unable to get connected to server shows unable to verify
Using information from some consultants about 2 years ago we set up a SQL Server 2012 box to always have an encrypted connection (at least we thought so). A week ago the SSL certificate expired and everything continues to work fine which is puzzling.
We forced encryption by doing the following:
Obtain an SSL certificate and install it on the SQL Server via MMC. Explicit instructions for this step are here.
Open SQL Server Configuration Manger and expand the SQL Server Network Configuration node in the left pane.
Right click Protocols for MSSQLServer and choose properties.
Go to Certificate tab and choose the installed SSL cert from the drop down.
Go to the Flags tab and set force encryption to Yes.
Now, since the SSL cert expired, there is no longer any cert selected in the drop down when I visit step 3 above. However, I put WireShark on the DB server and use SSMS to request some data. The TDS (Tabular Data Stream) packets are still encrypted? When I put WireShark on a different DB Server I set ForceEncryption to NO, those TDS packets are not encrypted as expected.
So my questions are:
How are the TDS packets still encrypted if the cert is expired?
Even when the cert was valid, why didn't I have to select Options > Encrypt Connection to connect to my encrypted DB server? I thought setting ForceEncryption=Yes required ALL client connections to specify Encrypt in their connection string (or the SSMS checkbox)?
If Web APIs are the only method of accessing my DB, and they do so over SSL, is it even necessary to encrypt the SQL Protocol?
1)How are the TDS packets still encrypted if the cert is expired?
you don't need a valid certificate in order to encrypt, you can still encrypt using an expired certificate.
2)Even when the cert was valid, why didn't I have to select Options > Encrypt Connection to connect to my encrypted DB server? I thought setting ForceEncryption=Yes required ALL client connections to specify Encrypt in their connection string (or the SSMS checkbox)?
Do not enable the Force Protocol Encryption option on both the client and the server,
if you enabled force encryption on SQL server you don't need to do it on any client-side
3)If Web APIs are the only method of accessing my DB, and they do so over SSL, is it even necessary to encrypt the SQL Protocol?
To enable SSL you need the certificate to be installed on SQL server so in order to access the DBusing SSL you are doing the same job.
Thank you