Using MbedTLS to create an encrypted TCP server

ligert123 · May 11, 2021, 4:28am

Hello, any ideas on how to use MbedTLS to encrypt new incoming connections?
I have been having a lot of trouble finding anything on doing this

mbauman · May 12, 2021, 2:07pm

What are you having trouble with beyond Usage of MbedTLS with TCP sockets? I think you may have more success finding help if you can describe your goal and difficulties in a bit more detail.

ligert123 · May 13, 2021, 12:42am

I was mainly just looking for a tutorial on how to actually start a server and have it encrypted with MbedTLS, i managed to figure it out eventually though so i guess this thread is not required.

Here is a client and server example i made for other users who may be looking for the same thing.
The certificate can be made on linux using: openssl req -x509 -nodes -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.cert this will however not be able to run unless certificate verification is disabled.
client:

using Sockets
using MbedTLS
client=Sockets.connect(8080)
entropy = MbedTLS.Entropy()
rng = MbedTLS.CtrDrbg()
MbedTLS.seed!(rng, entropy)
ctx = MbedTLS.SSLContext()
conf = MbedTLS.SSLConfig()
MbedTLS.config_defaults!(conf)
MbedTLS.authmode!(conf, MbedTLS.MBEDTLS_SSL_VERIFY_NONE)
MbedTLS.rng!(conf, rng)

function show_debug(level, filename, number, msg)
    println((level, filename, number, msg))
    # println(msg)
end

MbedTLS.dbg!(conf, show_debug)
MbedTLS.set_dbg_level(MbedTLS.ERROR)
MbedTLS.ca_chain!(conf)
MbedTLS.setup!(ctx, conf)
MbedTLS.set_bio!(ctx, client)
MbedTLS.handshake(ctx)

while(true)
    write(ctx,UInt8[1,1,1,1,1,1,1,1,1,1,1,1])
    flush(ctx)
    data = []
    while(true)
        data = readavailable(ctx)
        if(length(data) > 0)
            break
        end
        sleep(0.1)
    end
    println(data)

end

server:

using Sockets
using MbedTLS
server = Sockets.listen(8080)

conn = accept(server)
entropy = MbedTLS.Entropy()
rng = MbedTLS.CtrDrbg()
MbedTLS.seed!(rng, entropy)
ctx = MbedTLS.SSLContext()
conf = MbedTLS.SSLConfig("selfsigned.cert", "selfsigned.key")

# MbedTLS.config_defaults!(conf)
MbedTLS.authmode!(conf, MbedTLS.MBEDTLS_SSL_VERIFY_NONE)
MbedTLS.rng!(conf, rng)
MbedTLS.ca_chain!(conf)
MbedTLS.setup!(ctx, conf)
MbedTLS.associate!(ctx, conn)
MbedTLS.handshake(ctx)   

while(true)
    data = readavailable(ctx)
    sleep(0.01)

    if(length(data) == 0)
        continue
    end
    println(data)
    write(ctx,data)
    flush(ctx)
end