Can SSL be used to encrypt non-HTTP data? [closed]
ssl 可以用于其它的应用层协议,并不只是应用在http协议上(变成https)
Can SSL be used to encrypt non-HTTP data? [closed]
If we have a proprietary binary protocol used by some application, can we use SSL/TLS to encrypt the protocol's payload without tunneling it through HTTP?
-
14I'm voting to close this question as off-topic because it lacks basic research – paj28 Mar 20 '17 at 13:33
-
2TLS = Transport Layer Security. HTTP is at the application layer, above the transport layer. So yes, of course you can use TLS without HTTP. – Ajedi32 Mar 20 '17 at 15:22
-
1@paj28 I agree it seems to lack basic research, but StackExchange is a source of research for many professionals. Where is the line? – Pedro Mar 21 '17 at 0:41
-
1@david25272 I'm not seeing what this question has to do with that, except that they both involve encryption
___________________________________________
Can we use SSL/TLS to encrypt the protocol's payload without tunneling it through HTTP?
Absolutely. TLS provides secure communication on top of the transport layer and you can easily employ it as a transparent wrapper around your own custom protocols.
One advantage of TLS is that it is application protocol independent. Higher-level protocols can layer on top of the TLS protocol transparently. The TLS standard, however, does not specify how protocols add security with TLS; the decisions on how to initiate TLS handshaking and how to interpret the authentication certificates exchanged are left to the judgment of the designers and implementors of protocols that run on top of TLS.
(from RFC 5246 for TLS 1.2)
HTTP just happens to be one possible application-layer protocol that is commonly transmitted over TLS. There are many other examples where TLS is added to secure a protocol that has no built-in encryption. E.g., if you use a desktop email client, the communication with the mail server (probably using IMAP/POP3/SMTP) will likely be wrapped in TLS, too. TLS can also be used as an encrypted tunnel for the entire network stack for VPN applications (although OpenVPN only uses TLS for authentication, not for for encrypting the actual data - thanks, @ysdx).
-
Don't forget IRC! – Nayuki Mar 20 '17 at 18:57
-
1AFAIU, OpenVPN does not use TLS for encrypting the payload (packets). As explained, in the page you mention, TLS is only used for « for the authentication and key exchange mechanism » (the control channel). The tunneled packets themselves (the data channel) are not encapsulated in the TLS layer. See openvpn.net/index.php/open-source/documentation/…, « P_CONTROL_V1 -- Control channel packet (usually TLS ciphertext) » vs « P_DATA_V1 -- Data channel packet containing actual tunnel data ciphertext ». – ysdx Mar 21 '17 at 8:28
Yes, TLS can be used for general transport layer security (as the name suggests). A few common uses:
- HTTP (HTTPS)
- FTP (FTPS)
- SMTP (SMTPS)
- VPN
-
1SMTP (SMTPS) ? smtp normally is unencrypted, right? – Brad Mar 20 '17 at 17:43
-
4@Brad Yes, but like all the other things on the list, it can be secured with TLS. – Xiong Chiamiov Mar 20 '17 at 18:55
-
Encryption of SMTP data is pretty common on mobile devices – david25272 Mar 21 '17 at 0:38
serv.cppandcli.cpp) from which you can layer SSL (and, presumably, TLS) over a normal socket connection. In essence: you first create a "context" at each end (using the certificate on the server end), then after opening the socket (but before sending any of your data), you add calls toSSL_connect()orSSL_accept(). It's then mostly a matter of mappingsend()andrecv()calls intoSSL_write()andSSL_read(). – TripeHound Mar 20 '17 at 10:12