search

helios-io / helios

reactive socket middleware for .NET
http://helios-io.github.io/
Apache License 2.0
452 stars 122 forks source link

TLS / SSL options for Helios over TCP #42

Open Aaronontheweb opened 9 years ago

Aaronontheweb commented 9 years ago

Reviewing some options for bringing TLS / SSL support to TCP sockets for Helios 2.0.

The implementations thus far look like:

  1. SslStream upon accept / connect for inbound / outbound sockets. Could be implemented as a IChannelHandler that operates at the stage closest to the socket, or could be an implementation detail of the ITransport itself. Looks like SslStream will still work with asynchronous socket operations.
  2. Use Bouncy Castle's third party libraries for implementing TLS; there's not a lot of documentation for the libraries in C# (it's the Java ones by the same project that are most popular) but it looks like they depend on OpenSSL for some of the keystore work underneath the hood. The downside of this option is that, well, it's a third-party library we have to depend on it and we can't really say how well it works. Upside is that it supports DTLS, which would give us a security option for UDP.
Aaronontheweb commented 9 years ago

Source for Bouncy Castle latest: https://github.com/bcgit/bc-csharp