ssl

Top  Previous  Next

The SSL namespace is an extension to the socket namespace which provides SSL ( sslv3, tlsv1 or sslv23 ) to the socket library.

 

Client example:

require("socket")

require("ssl")

 

local params = {

  mode = "client",

  protocol = "tlsv1",

  key = "/etc/certs/clientkey.pem",

  certificate = "/etc/certs/client.pem",

  cafile = "/etc/certs/CA.pem",

  verify = "peer",

  options = "all",

}

 

local conn = socket.tcp()

conn:connect("127.0.0.1", 8888)

 

-- TLS/SSL initialization

conn = ssl.wrap(conn, params)

conn:dohandshake()

--

print(conn:receive("*l"))

conn:close()

 

The key, certificate, cafile fields of params are optional for clients. After dohandshake you can use the socket as per lua sockets documentation.

 

Server example

require("socket")

require("ssl")

 

local params = {

  mode = "server",

  protocol = "tlsv1",

  key = "/etc/certs/serverkey.pem",

  certificate = "/etc/certs/server.pem",

  cafile = "/etc/certs/CA.pem",

  verify = {"peer", "fail_if_no_peer_cert"},

  options = {"all", "no_sslv2"},

  ciphers = "ALL:!ADH:@STRENGTH",

}

 

local server = socket.tcp()

server:bind("127.0.0.1", 8888)

server:listen()

local conn = server:accept()

 

-- TLS/SSL initialization

conn = ssl.wrap(conn, params)

conn:dohandshake()

--

conn:send("one line\n")

conn:close()