Ssl Server

learnthetruth

Hi all,

I have been working on an SSL Server for a few weeks now. I am at a roadblock and am unsure of how to move forward. I can tamper with the order of things to try to get things to work (without knowing why one way works and another doesn't) but I would rather have a clear understanding of how the order needs to go to each function call and why.

The way I want this program ran is to just be a client listener program (i.e. the client can send messages and the listener receives and can call a certain function based on what has been received). I have been using openssl and ncat for the client -- though come to find out that QSslSocket doesn't support SSLv2 and SSLv3 (???) according to what I read in the docs - which makes me even more confused. Am I only allowed to use TLS?

Here is what I have so far:

SslServer::SslServer(quint16 port, QObject *parent) : QTcpServer(parent) {
    listen(QHostAddress::LocalHost, port);
}

SslServer::~SslServer() {
    QTextStream(stdout) << "Connection closed.\n";
}


void SslServer::incomingConnection(qintptr socketDescriptor) {
    QList<QSslCertificate> certificates = QSslCertificate::fromPath(QLatin1String("/home/fac/HuiHooSslServer/cert.pem"));
    QSslConfiguration configuration = QSslConfiguration::defaultConfiguration();
    configuration.setCaCertificates(certificates);
    QSslConfiguration::setDefaultConfiguration(configuration);

    _sslSocket = new QSslSocket;
    if(_sslSocket->setSocketDescriptor(socketDescriptor)) {
        addPendingConnection(_sslSocket);
        connect(_sslSocket, &QSslSocket::encrypted, this, &SslServer::ready);
        connect(_sslSocket, &QSslSocket::readyRead, this, &SslServer::newReadData);
        connect(_sslSocket, SIGNAL(error(QAbstractSocket::SocketError)), SLOT(error(QAbstractSocket::SocketError)));
        connect(_sslSocket, SIGNAL(sslErrors(QList<QSslError>)), SLOT(handleSslErrors(QList<QSslError>)));
        _sslSocket->setPeerVerifyMode(QSslSocket::VerifyNone);

        QSslConfiguration *sslConfig = new QSslConfiguration();
        QList<QSslCipher> cipherList = sslConfig->supportedCiphers();
        _sslSocket->setCiphers(cipherList);

        _sslSocket->setProtocol(QSsl::TlsV1_0);

        if((_sslSocket->mode() == QSslSocket::UnencryptedMode) && (_sslSocket->state() == QAbstractSocket::ConnectedState)) {
            _sslSocket->startServerEncryption();
            _sslSocket->setSslConfiguration(QSslConfiguration::defaultConfiguration());
            if(_sslSocket->waitForEncrypted(30000)) {
                QTextStream(stdout) << " \n IS ENCRYPTED \n";
            }
            QSslCipher cipher = _sslSocket->sessionCipher();
            if(cipher.isNull()) {
                QTextStream(stdout) << "cipher is null";
            }
            _sslSocket->write("2. Hello!\n");
        }
    } else {
        delete _sslSocket;
    }
}

I'm not including the definitions of the slots as they're trivial and I haven't gotten any of those to be called either (other than the error functions).

I have tried running this program with the certification and key - running it without as well. When running the program with openssl as a client, I kept getting the 'no shared cipher' so hence the cipher setting up above and setting the protocol to TLSv1_0.

So far, the client connects to the listener and the handshake begins but fails. Working with SSL is fairly new to me and have spent the last few weeks (obviously) learning about it. If someone could please please please point me in the right direction, that would be great.

Thank you.