Is HTTPS supported on N+2? It came up in another thread on the board, but I'm wondering if with the new hardware its possible to use HTTPS for restful or other services located across the network.
Thanks!
HTTPS support on N+2?
Started by pounce, Nov 20 2012 09:05 PM
5 replies to this topic
#2
Chris Walker
-
- Moderators
-
- 7767 posts
Secret Labs Staff
- LocationNew York, NY
Posted 21 November 2012 - 12:16 AM
Hi pounce,
One of our enterprising community members may find a way to make it work.
There are some smaller SSL stacks, albeit not open source ones, that could be integrated for commercial projects using Netduino Plus 2.
Chris
OpenSSL is pretty large, so I don't think it will fit. But I've learned to never say neverIs HTTPS supported on N+2? It came up in another thread on the board, but I'm wondering if with the new hardware its possible to use HTTPS for restful or other services located across the network.
One of our enterprising community members may find a way to make it work.There are some smaller SSL stacks, albeit not open source ones, that could be integrated for commercial projects using Netduino Plus 2.
Chris
Edited by Chris Walker, 21 November 2012 - 03:02 PM.
corrected typo -- thanks cuno!
#3
pounce
-
- Members
-
- 12 posts
Member
Posted 21 November 2012 - 01:22 AM
Thanks, Chris. If it becomes a critical need I can look at the GHI solutions that support SSL. Would definitely like to see it in your solutions someday
#4
Nobby
-
- Members
-
- 70 posts
Advanced Member
Posted 21 November 2012 - 06:41 AM
I was about to start prototyping code in my existing product to use SSL for client authentication. Haven't written I line of code yet but I've read through the framework API for supported functionality. http://msdn.microsof...y/hh401316.aspx is where most of what you need can be read. I'm not sure if this component of the .Net Microframework is part of the build for Netduinos.
The basic run-down is that your device can be a client or a server as far as SSL is concerned so technically you can pull off HTTPs. If you're using basic HTTPS then you only need to store one or two certificates. One to certify your netduino as a secure server and possibly another certificate/cert chain that points to a publicly trusted certification authority(CA). If you don't care about the certificate being trusted and you just want secure communications it's pretty simple.
The basic run-down is that your device can be a client or a server as far as SSL is concerned so technically you can pull off HTTPs. If you're using basic HTTPS then you only need to store one or two certificates. One to certify your netduino as a secure server and possibly another certificate/cert chain that points to a publicly trusted certification authority(CA). If you don't care about the certificate being trusted and you just want secure communications it's pretty simple.
- Generate and store the SSL certificate for your netduino into RAM at run-time via the CertificateStore class. Put the cert on an SD card and read it off each time you boot up
- Use the SSLStream class for reading and writing data instead of a NetworkStream with the client socket.
- Server authentication via the netduino certificate is mandatory but client authentication with a separate certificate is optional. Use the SSLStream.AuthenticateAsClient and AuthenticateAsServer functions.
- Once authenticated, you use the streams like normal HTTP
#5
Cuno
-
- Members
-
- 144 posts
Advanced Member
- LocationZürich / Switzerland
Posted 21 November 2012 - 11:28 AM
You mean SSL stacks? Polar SSL and Matrix SSL are small dual-licensed open source SSL stacks:There are some smaller TCP stacks, albeit not open source ones, that could be integrated for commercial projects using Netduino Plus 2.
http://www.matrixssl.org/
https://polarssl.org/
I don't really know either one, but they appear like good candidates for integration into NETMF (not Apache 2.0 licensed, though). If anyone has experience with that, I'd be very interested.
Cuno
PS
Open SSL indeed seems an order of magnitude too large for Netduino Plus 2 or similar boards.
PPS
It would be particularly interesting to learn about the speed of these generic stacks. SSL stacks not tuned for a particular microcontroller may be very slow (e.g., taking more than a minute for opening a connection).
#6
Chris Walker
-
- Moderators
-
- 7767 posts
Secret Labs Staff
- LocationNew York, NY
Posted 21 November 2012 - 03:03 PM
Doh! Yes, SSLYou mean SSL stacks? Polar SSL and Matrix SSL are small dual-licensed open source SSL stacks:
Fixed.BTW, thanks for the additional notes on SSL stacks. I really wish we could find an open source one to squeeze in... Would be awesome.
Chris
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
