Tuesday, June 26, 2007

Encrypted protocols

I haven't worked on encrypted protocols since my last job and had forgotten what a pain in the ass it is. You don't have the luxury of being able to sniff the wire with Ethereal to see why the traffic is malformed or which peer is not behaving as expected.

Spent the entire afternoon debugging my integration of OpenSSL and gSOAP. I have worked with gSOAP for about five years, and OpenSSL for even longer, but had never used the two together.

So I broke out Eric Rescorla's ssldump so I could decrypt the traffic, and discovered that it doesn't support AES based SSL cipher suites. gSOAP picks the strongest cipher available by default, and there apparently isn't any way to set the cipher suites in the gSOAP API. I had to recompile OpenSSL with AES disabled.

Looks like I'm going to have to extend gSOAP to have this support, since we are going to need to be able to define which ciphers to use. In particular, I need to be able to downgrade from AES to RC4 at least in order for ssldump to allow me to debug the traffic. There is also almost certainly a business requirement to be able to disable weak ciphers. I'm a bit surprised that there is no way to do this in the default build.

Had a salad tonight for dinner. Watching Grey's anatomy.

Still not sleeping, which is pretty annoying.