<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns:fn="http://www.w3.org/2005/02/xpath-functions"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <link rel="stylesheet" href="../../../../doc/otp_doc.css" type="text/css"> <title>Erlang -- Using the SSL API</title> </head> <body bgcolor="white" text="#000000" link="#0000ff" vlink="#ff00ff" alink="#ff0000"><div id="container"> <script id="js" type="text/javascript" language="JavaScript" src="../../../../doc/js/flipmenu/flipmenu.js"></script><script id="js2" type="text/javascript" src="../../../../doc/js/erlresolvelinks.js"></script><script language="JavaScript" type="text/javascript"> <!-- function getWinHeight() { var myHeight = 0; if( typeof( window.innerHeight ) == 'number' ) { //Non-IE myHeight = window.innerHeight; } else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) { //IE 6+ in 'standards compliant mode' myHeight = document.documentElement.clientHeight; } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) { //IE 4 compatible myHeight = document.body.clientHeight; } return myHeight; } function setscrollpos() { var objf=document.getElementById('loadscrollpos'); document.getElementById("leftnav").scrollTop = objf.offsetTop - getWinHeight()/2; } function addEvent(obj, evType, fn){ if (obj.addEventListener){ obj.addEventListener(evType, fn, true); return true; } else if (obj.attachEvent){ var r = obj.attachEvent("on"+evType, fn); return r; } else { return false; } } addEvent(window, 'load', setscrollpos); //--></script><div id="leftnav"><div class="innertube"> <img alt="Erlang logo" src="../../../../doc/erlang-logo.png"><br><small><a href="users_guide.html">User's Guide</a><br><a href="index.html">Reference Manual</a><br><a href="release_notes.html">Release Notes</a><br><a href="../pdf/ssl-4.1.6.pdf">PDF</a><br><a href="../../../../doc/index.html">Top</a></small><p><strong>Secure Socket Layer </strong><br><strong>User's Guide</strong><br><small>Version 4.1.6</small></p> <br><a href="javascript:openAllFlips()">Expand All</a><br><a href="javascript:closeAllFlips()">Contract All</a><p><small><strong>Chapters</strong></small></p> <ul class="flipMenu" imagepath="../../../../doc/js/flipmenu"> <li id="no" title="Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL)" expanded="false">Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL)<ul> <li><a href="ssl_protocol.html"> Top of chapter </a></li> <li title="Security overview"><a href="ssl_protocol.html#id237147">Security overview</a></li> <li title="Data Privacy and Integrity"><a href="ssl_protocol.html#id238053">Data Privacy and Integrity</a></li> <li title="Digital Certificates"><a href="ssl_protocol.html#id238022">Digital Certificates</a></li> <li title="Authentication of Sender"><a href="ssl_protocol.html#id237162">Authentication of Sender</a></li> <li title="TLS Sessions"><a href="ssl_protocol.html#id237143">TLS Sessions</a></li> </ul> </li> <li id="loadscrollpos" title="Using the SSL API" expanded="true">Using the SSL API<ul> <li><a href="using_ssl.html"> Top of chapter </a></li> <li title="General information"><a href="using_ssl.html#id237078">General information</a></li> <li title="Setting up connections"><a href="using_ssl.html#id237066">Setting up connections</a></li> </ul> </li> <li id="no" title="Using SSL for Erlang Distribution" expanded="false">Using SSL for Erlang Distribution<ul> <li><a href="ssl_distribution.html"> Top of chapter </a></li> <li title="Introduction"><a href="ssl_distribution.html#id232459">Introduction</a></li> <li title="Building boot scripts including the SSL application"><a href="ssl_distribution.html#id234476">Building boot scripts including the SSL application</a></li> <li title="Specifying distribution module for net_kernel"><a href="ssl_distribution.html#id238822">Specifying distribution module for net_kernel</a></li> <li title="Specifying security options and other SSL options"><a href="ssl_distribution.html#id238810">Specifying security options and other SSL options</a></li> <li title="Setting up environment to always use SSL"><a href="ssl_distribution.html#id234292">Setting up environment to always use SSL</a></li> </ul> </li> </ul> </div></div> <div id="content"> <div class="innertube"> <h1>2 Using the SSL API</h1> <h3><a name="id237078">2.1 General information</a></h3> <p>To see relevant version information for ssl you can call ssl:versions/0</p> <p>To see all supported cipher suites call ssl:cipher_suites/0. Note that available cipher suites for a connection will depend on your certificate. It is also possible to specify a specific cipher suite(s) that you want your connection to use. Default is to use the strongest available.</p> <h3><a name="id237066">2.2 Setting up connections</a></h3> <p>Here follows some small example of how to set up client/server connections using the erlang shell. The returned value of the sslsocket has been abbreviated with <span class="code">[...]</span> as it can be fairly large and is opaque.</p> <h4>Minmal example</h4> <div class="note"> <div class="label">Note</div> <div class="content"><p><p> The minimal setup is not the most secure setup of ssl.</p> </p></div> </div> <p> Start server side</p> <div class="example"><pre>1 server> ssl:start(). ok</pre></div> <p>Create an ssl listen socket</p> <div class="example"><pre>2 server> {ok, ListenSocket} = ssl:listen(9999, [{certfile, "cert.pem"}, {keyfile, "key.pem"},{reuseaddr, true}]). {ok,{sslsocket, [...]}}</pre></div> <p>Do a transport accept on the ssl listen socket</p> <div class="example"><pre>3 server> {ok, Socket} = ssl:transport_accept(ListenSocket). {ok,{sslsocket, [...]}}</pre></div> <p>Start client side</p> <div class="example"><pre>1 client> ssl:start(). ok</pre></div> <div class="example"><pre>2 client> {ok, Socket} = ssl:connect("localhost", 9999, [], infinity). {ok,{sslsocket, [...]}}</pre></div> <p>Do the ssl handshake</p> <div class="example"><pre>4 server> ok = ssl:ssl_accept(Socket). ok</pre></div> <p>Send a messag over ssl</p> <div class="example"><pre>5 server> ssl:send(Socket, "foo"). ok</pre></div> <p>Flush the shell message queue to see that we got the message sent on the server side</p> <div class="example"><pre>3 client> flush(). Shell got {ssl,{sslsocket,[...]},"foo"} ok</pre></div> <h4>Upgrade example</h4> <div class="note"> <div class="label">Note</div> <div class="content"><p><p> To upgrade a TCP/IP connection to an ssl connection the client and server have to aggre to do so. Agreement may be accompliced by using a protocol such the one used by HTTP specified in RFC 2817.</p> </p></div> </div> <p>Start server side</p> <div class="example"><pre>1 server> ssl:start(). ok</pre></div> <p>Create a normal tcp listen socket</p> <div class="example"><pre>2 server> {ok, ListenSocket} = gen_tcp:listen(9999, [{reuseaddr, true}]). {ok, #Port<0.475>}</pre></div> <p>Accept client connection</p> <div class="example"><pre>3 server> {ok, Socket} = gen_tcp:accept(ListenSocket). {ok, #Port<0.476>}</pre></div> <p>Start client side</p> <div class="example"><pre>1 client> ssl:start(). ok</pre></div> <div class="example"><pre>2 client> {ok, Socket} = gen_tcp:connect("localhost", 9999, [], infinity).</pre></div> <p>Make sure active is set to false before trying to upgrade a connection to an ssl connection, otherwhise ssl handshake messages may be deliverd to the wrong process.</p> <div class="example"><pre>4 server> inet:setopts(Socket, [{active, false}]). ok</pre></div> <p>Do the ssl handshake.</p> <div class="example"><pre>5 server> {ok, SSLSocket} = ssl:ssl_accept(Socket, [{cacertfile, "cacerts.pem"}, {certfile, "cert.pem"}, {keyfile, "key.pem"}]). {ok,{sslsocket,[...]}}</pre></div> <p> Upgrade to an ssl connection. Note that the client and server must agree upon the upgrade and the server must call ssl:accept/2 before the client calls ssl:connect/3.</p> <div class="example"><pre>3 client>{ok, SSLSocket} = ssl:connect(Socket, [{cacertfile, "cacerts.pem"}, {certfile, "cert.pem"}, {keyfile, "key.pem"}], infinity). {ok,{sslsocket,[...]}}</pre></div> <p>Send a messag over ssl</p> <div class="example"><pre>4 client> ssl:send(SSLSocket, "foo"). ok</pre></div> <p>Set active true on the ssl socket</p> <div class="example"><pre>4 server> ssl:setopts(SSLSocket, [{active, true}]). ok</pre></div> <p>Flush the shell message queue to see that we got the message sent on the client side</p> <div class="example"><pre>5 server> flush(). Shell got {ssl,{sslsocket,[...]},"foo"} ok</pre></div> </div> <div class="footer"> <hr> <p>Copyright © 1999-2011 Ericsson AB. All Rights Reserved.</p> </div> </div> </div></body> </html>