ADCH++

ADCS with Strict Certs

Asked by Michael Askin

According to the ADC specification here:

http://adc.sourceforge.net/versions/ADC-0.12.html

6.5ADCS - Secure ADC <work-in-progress>

6.5.1Introduction
Secure ADC connections can be established using a TLS tunnel, both for hub and for client connections. Certificates can be used to authenticate both hub and user, for example by making the hub the root CA, and only allow clients signed by the hub to connect. Ephemeral keys should be use to ensure forward secrecy when possible.

How do I do that with ADCH++ ????? Do I have to make the certificates differently then in the examples in the setup guide? I would really like to use this.

6.5.2Client-Hub encryption
TLS client-hub connections can be initiated either by negotiating the feature “ADCS” on connection or by using the protocol adcs:// when initiating the connection. Hubs can choose to request a certificate for the user on login, and use this certificate to replace password-based login.

Is it possible for ADCH++ to use passwords, and also verify the clients certs against signed certs in the servers /trusted directory like above? it would be nice to have both.

Thanks!

Question information

Language:
English Edit question
Status:
Answered
For:
ADCH++ Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Pirre (pierreparys) said : 		#1

As far i know this is not implented in ADCH , and would be a hard job to distribute to the clients (and could be used for 1 hub only)

There is maybe a better way , the clients send @ this moment a KEYP (a hashed string unique for a cert) in there INF string , if this would be added to the users registration table and verified by the hub against the clients public cert on login you would be able to allow users by the combination of CID , Nick , Passw , Cert.

If this looks like a solution for your question please confirm and we can add it to the wishlist

Revision history for this message
multra (altramarine) said : 		#2

Hi there,

I also have the same question as OP but did not quite understand the answer.
Would you please elaborate?

Also, in the adchpp.xml
  <Server Port="xxx" TLS="1" Certificate="certs/cacert.pem" PrivateKey="certs/privkey.pem"
                TrustedPath="certs/trusted/" DHParams="certs/dhparam.pem"//>
does not ensure the connections between hub and clients is encrypted?
Sorry, i am trying to make sense of all this.
I am trying to make sure the hub to client, client to client connections are secure, encrypted.

Revision history for this message
eMTee (realprogger) said : 		#3

The ADCS protocol ensures that connections between hub and clients is encrypted.
The hub has nothing to do with client to client connections other than help to estabilish them. The connection mode between the peers is up to them, since they direct connect to each other (DC).

More information : http://adchpp.sourceforge.net/user_guide/basic_guide.html#_setting_up_ports

Revision history for this message
multra (altramarine) said : 		#4

Thank you for the info, i did go through this entire guide but i guess i had to go over it again:)
Now i have to figure out whether there is a way to enforce encrypted connection between clients that are on this hub.

Can you help with this problem?

Provide an answer of your own, or ask Michael Askin for more information if necessary.

To post a message you must log in.