From 88dfc7cd2ce2f0128522699137f90df1ce26e99e Mon Sep 17 00:00:00 2001 From: Alecio Furanze Date: Sat, 9 Sep 2023 03:15:08 +0200 Subject: [PATCH] create ``ssl/tls`` doc --- docs/_sidebar.md | 2 +- docs/ssl-tls.md | 77 ++++++++++++++++++++++++++++++++++++++++++++++ docs/tcp-server.md | 5 +++ 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 docs/ssl-tls.md diff --git a/docs/_sidebar.md b/docs/_sidebar.md index 8a993117..ba0b856c 100644 --- a/docs/_sidebar.md +++ b/docs/_sidebar.md @@ -6,7 +6,7 @@ - TCP - [TcpClient](tcp-client.md "Netly tcp client") - [TcpServer](tcp-server.md "Netly tcp server") - - [SSL/TLS](/ "Netly ssl and tls") + - [SSL/TLS](ssl-tls.md "Netly ssl and tls") - [MessageFraming](/ "Netly tcp message framing") - UDP - [UdpClient](udp-client.md "Netly udp client") diff --git a/docs/ssl-tls.md b/docs/ssl-tls.md new file mode 100644 index 00000000..9ad508dc --- /dev/null +++ b/docs/ssl-tls.md @@ -0,0 +1,77 @@ +# explication SSL/TLS + +## Client +For use/enable ``SSL/TLS`` on ``Netly`` with ``TcpClient`` instance use code bellow. + +Warning When you enable ``SSL/TLS`` and your server not use ``SSL/TLS`` you connection will be closed. + +- Default config + ```cs + using Netly; + + TcpClient client = new TcpClient(framing: true); + + // Enable SSL/TLS connection. + client.UseEncryption(true); + ``` + +- Custom validatiion + ```cs + using Netly; + + TcpClient client = new TcpClient(framing: true); + + // Enable SSL/TLS connection. + client.UseEncryption(true, Validator); + + bool Validator(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) + { + + #if false + // Default behaviour + return true; + #endif + + // Custom validation + // Source: https://learn.microsoft.com/dotnet/api/system.net.security.sslstream + + if (sslPolicyErrors == SslPolicyErrors.None) { + // Valid server + return true; + } + + Console.WriteLine("Certificate error: {0}", sslPolicyErrors); + + // refuse connection + return false; + + } + ``` + +## Server +For use/enable ``SSL/TLS`` on ``Netly`` with ``TcpServer`` instance use code bellow. + +Warning When you enable ``SSL/TLS`` and your client not use ``SSL/TLS`` you client connection will be closed. + + +```cs + // Warning: See about generate pfx on SSL/TLS page now we will see about startup this! + // Warning: Convert pfx file for bytes only using UTF8 for prevent erros + + byte[] pfx = .(); + string pfxPassword = .(); + + // Enable SSL/TLS + TcpServer.UseEncryption(pfx, pfxPassword, SslProtocols.Tls12); // TLS v1.2 + + // If password or PFX buffer is invalid you will receive error message on callback)> +``` + +## Create PFX (PKCS #12) +* Requirement ``OpenSSL`` + - linux: Use package manager + - Ubuntu: ``sudo apt install openssl`` or ``sudo apt install libssl-dev`` + - Windows: + - Download windows: https://wiki.openssl.org/index.php/Binaries + - Add OpenSSL folder on ``path`` (``Environment Variables``) + - Generate ``PFX (PKCS #12)``: https://www.ibm.com/docs/en/api-connect/10.0.x?topic=overview-generating-self-signed-certificate-using-openssl \ No newline at end of file diff --git a/docs/tcp-server.md b/docs/tcp-server.md index 7d6d7bed..34a7add0 100644 --- a/docs/tcp-server.md +++ b/docs/tcp-server.md @@ -59,6 +59,11 @@ using Netly;
+- ##### void UseEncryption(byte[] pfxCertificate, string pfxPassword, SslProtocols encryptionProtocol) + Used for enable TLS/SSL from server side. + +
+ - ##### void ToData(byte[] buffer)
void ToData(string buffer) Broadcast raw buffer to all connected clients from Clients array, ``buffer`` is ``string`` or ``byte[]`` (bytes).