Page Personnelle de Vincent Kerhoas
Vincent Kerhoas
Enseignant du Supérieur
Professeur Agrégé
Page Personnelle de Vincent Kerhoas
VHDL
Microcontrôleurs    Prise en Main de Linux    langage_C / Compilation    Electronique Numérique Combinatoire    Codage des Nombres    Codage des Nombres : Résumé    Codage des Nombres : Exercices    Electronique Numérique Séquentielle    Eléments de base d'un microcontrôleur    Processeur Elementaire ARM    Processeur ARM-Cortex - 1    Processeur ARM-Cortex - 2    Les peripheriques    GPIO    Timers    Génération d'un signal PWM avec un Timer    Interruptions    Liaisons Séries    Liaison UART    Exercice de Synthèse    Bus I2C    Bus SPI    Bus CAN
Memo Exemples de Scripts Shell Scripts Shell : Exercices Raspberry Pi at home System Programming Embedded Linux with Buildroot
IHM avec Qt IHM avec Tcl-Tk IHM avec Python-TK IHM avec Python-Qt android studio
IDE Eclipse Installations Linux Install Raspberry PI Cross Development Environment
Projet Objets Connectés Réseau de Capteurs (bus CAN) RFID Bluetooth LE et IOT LoRaWAN Linux Server Programming    System Programming    Network UDP TCP Sockets    Static HTTP Server    Dynamic HTTP Server    Websocket Server    Securing Connections with SSL/TLS    RPI C ServerSensor app    RPI Flask Server Sensor app    RPI NodeJS Server Sensor app    RPI Apache php Sensor app    MQTT Sensor app
Traitement du Signal    Signaux sinusoïdaux    Equations Différentielles    Diagramme de Bode    Produit de Convolution    Séries de Fourier    Transformée de Fourier    Transformée de Laplace    Laplace : Placement des Pôles    Echantillonnage Filtres Numériques    Transformée de Fourier et Signal Echantillonné    Filtres FIR    Filtres IIR Synthétiseur Numérique Traitement d'Images avec OpenCV
convertisseurs_statiques Machines à Courant Continu Problèmes de Motorisation Variateurs de Vitesse Boucle de Courant Réglage d'un Correcteur PI Asservissement d'une MCC Robot Mobile RPI ROS2 Commande Vectorielle d'une Machine Synchrone Servomoteurs Robotis Dynamixel Conception Robotique Initiation à la Robotique
CV Computer Music MIDI Page Web Schémas avec Inkscape Improvisation Jazz/Blues/Funk STÖHT

Securing Connections with SSL/TLS

Back                  << Index >>

For complete explanations, please have a look at : https://www.enib.fr/~harrouet

SSL/TLS encryption

For the moment we exchange messages without any security. Any bad people sniffing the connection can know exchanged messages between the client and the server.

ssl_tls

The solution is encrypting messages. To encrypt and decrypt a dialog, we need a key.
If the key is the same for both sides, it’s a symetric encryption .
The encryption is represented by a locked box.
If both guys own the key already, the problem is over, they can exchange messages in a safe way.

ssl_tls

Now we consider we have to transmit the key.
The client asked for connection to the server.
We consider a locked box with 2 locks : one to open, one to close.
As a result we need 2 different keys to encrypt and decrypt the message.

  1. The Server puts his message in the box
  2. The Server closes the box with his private key ( encryption )
  3. The Server sends the message with a public key

The private key belongs to the server, nobody else can get it.
The client receives a public key with the message.

ssl_tls

  1. The Client opens the box with the public key
  2. The response is encrypted with the same public key
  3. The Client sends the message
  4. The Server is the only one who can open the box since he’s got the private key ( related to the public key ).

ssl_tls

There is still a problem.
If a bad guy relays those messages, he will decode everything. This is the man in the middle attack.
The Client needs to know the server identity .

ssl_tls

The identity card is a certificate given by a trusted certification authority.
1. The Server sends a certification request and his public key to the certfication authority.
2. A signed certificate is produced
3. and encrypted by the certification authority private key.

ssl_tls

  1. Now the server joins this encrypted certificate to his message
  2. encrypts the message
    3 sends the message

ssl_tls

  1. At reception,
  2. the client decrypts the certificate with a certification authority public key ( this key is present alread in updated web browsers ).
    the client verifies this certificate is update and related to the public key.
  3. then the client and the server can exchange messages to construct a new key.

ssl_tls

This new key permits exchanging messages with symetric encryption, which is quicker than asymetric one.
Once done, both guys can exchange in a safe way.

ssl_tls

Static / Dynamic Server ( with websocket support) with SSL/TLS support



SOURCE CODE

Producing Keys and Certificate

We consider we are the certification authority. We will produce a self-signed certificate, which will trigger a web browser warning.

Static Server

ssl_tls

Dynamic Server

ssl_tls

httpDynServerWs.c
Back                  << Index >>