-
Notifications
You must be signed in to change notification settings - Fork 137
Home
brunoos edited this page Jul 9, 2013
·
18 revisions
LuaSec is a binding for OpenSSL library to provide TLS/SSL communication. It takes an already established TCP connection and creates a secure session between the peers.
This is a simple example of a client and server communication using LuaSec:
Client code
require("socket")
require("ssl")
-- TLS/SSL client parameters (omitted)
local params
local conn = socket.tcp()
conn:connect("127.0.0.1", 8888)
-- TLS/SSL initialization
conn = ssl.wrap(conn, params)
conn:dohandshake()
--
print(conn:receive("*l"))
conn:close()
Server code
require("socket")
require("ssl")
-- TLS/SSL server parameters (omitted)
local params
local server = socket.tcp()
server:bind("127.0.0.1", 8888)
server:listen()
local conn = server:accept()
-- TLS/SSL initialization
conn = ssl.wrap(conn, params)
conn:dohandshake()
--
conn:send("one line\n")
conn:close()
LuaSec needs a set of information (such as protocol, key, certificate, etc.) to wrap the TCP connection. For instance, we can use the following parameters in the example above:
Client parameters
local params = {
mode = "client",
protocol = "tlsv1",
key = "/etc/certs/clientkey.pem",
certificate = "/etc/certs/client.pem",
cafile = "/etc/certs/CA.pem",
verify = "peer",
options = "all",
}
Server parameters
local params = {
mode = "server",
protocol = "tlsv1",
key = "/etc/certs/serverkey.pem",
certificate = "/etc/certs/server.pem",
cafile = "/etc/certs/CA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
ciphers = "ALL:!ADH:@STRENGTH",
}
All tests were performed on Linux, Mac OS X, Windows XP, and BSD, using Lua 5.1, LuaSocket 2.0.2, and OpenSSL 0.9.8/1.0.0.
LuaSec is available under the same terms and conditions as the Lua language — the MIT license.
- brunoos . silvestre at gmail . com
- brunoos at inf . ufg . br