I want to implement Tls/SSl in socket using (IP and Port) in objective c using node server .
How can I implement it .
Related
We came across a scenario where need to upgrade our servers in partial chunks to support TLS1.2 protocol.
We are not expected to run any network capture tool on our production servers like wireshark , etc because it is harmful, so could you please help me in understanding how exactly our protocol handshakes work in case of multi-tier system.
Suppose, our request response is as follows:
A(Client) <--> B(Web Server) <--> C (SOA Servers) <--> D (Third Party Server)
Let me elaborate each entity:
A (Client) : can have OS from Windows7 to windows 10
B (Web Server) : Windows Server 2012R2
C (SOA Servers) : Windows Server 2012R2 + "SchUseStrongCrypto" is enabled
D (Third Party Server) : Can have OS from Windows Server 2008R2 to Window Server 2012R
I am interested to know is there any dependency of protocol in-between multi-tier communication channel?
How actually will the protocol propagate in the above scenario?
Suppose if TLS1.1 is used in-between A to B then is it possible to use TLS1.2 in-between B to C OR C to D?
If one application listens to the same private port number previously used by another application on that computer, will the more recent app get the same public port number as the less recent app?
Application A and Application B both use non-multicast UDP. They both run on a computer that is behind a residential router that does not have port forwarding set up. If application A listens to the same private port number (behind NAT) that application B just finished listening to, will application A receive the same public port number that application B had when application B was using that port? Will application A get all the UDP packets meant for application B?
Another closely related question:
Imagine that computer A and computer B share a residential router. Computer A and computer B both run an application that sends a UDP packet/datagram to server C at public IP 123.456.789 and public port number 12345. Server C responds by sending a packet/datagram back to the senders. The application that computer A and computer B used, in addition to specifying that it wanted to send on port 12345, also listens on port 12345 for the reply. Computer A and computer B get the reply packet, but the public port number that the server, C, was sending its reply to might not match the number 12345 specified by the application that computer A and computer B are running (correct me if I am mistaken, please).
Now, for some reason, server C decides that it wants to kill the application that was sending and receiving udp packets to computers A and B and open up a completely different application that will send udp packets to the public IP's and public port numbers that the previous application used to communicate with computers A and B. Will the packets generated by this new server side application go through to computers A and B? Or will the death of the old application and the pause between killing the old application and running the new one cause the packets sent by the new server side application to be blocked or rejected by the clients? Will the packets make it through the router/NAT?
What if it was the other way around and computer B killed the application that it used to communicate with server C and then opened up a new, different application that internally also listens to udp port 12345. If server C sends another UDP response packet to computer B after computer B kills its old application, will this new, different application get the packets sent by server C that were meant to be a reply to the packets sent by the previous application run by computer B?
Does the answer differ depending on the type of NAT and the amount of time between one application finishing using the port and another application starting to use the same port that the other application used previously? If so, how?
The public port number belongs to the router, not to App A or App B, and, if it is mapped to a private port number, that mapping also persists beyond any specific application's lifetime.
I am writing a proxy application that runs on IIS 7.5 (could be a WCF web service or an MVC application) which forwards some data to another process on another server which doesn't run on IIS.
This following is the situation, where S1 is the server where the proxy must forward the data to and C1 is the client:
S1 --A-- [proxy] --B-- C1
The need for the proxy application is because we want to secure the connection A with 2-way SSL. And this can easily be configured in IIS.
Because of the 2-way SSL we want to use the keep alive option of HTTP 1.1.
If connection A is closed, the proxy needs to close connection B and vice versa. Connection A can also be closed after some time out after the last response has been sent.
My question is:
How can I close connection B after connection A is closed?
So in other words let the proxy send a TCP FIN to C1.
For the proxy application I can either use an asp.net MVC web site or a WCF web service.
The problem is that the response has already been sent to the client and there is no 'current http request' between C1 and the proxy, when connection A is closed after a timeout. So a call like this: HttpContext.Current.Response.Close() does not close connection B.
Thanks.
When you read EOS from the upstream socket, shutdown the downstream socket for output, and vice versa. When you do this, if you've already shutdown the socket that you read the EOS from, you've had EOS in both directions so you can close both sockets, and exit both threads if you're using threads. Let the actual decision as to when to close connections be taken by the downstream client and the upstream server.
I'm getting start WCF soap web service. Trying to implement a flexible, hot-plug featured, interoperable web service.
A device consumes server service (predefined IP address) which means registering to server, and then service asks device returning all configuration information of a device. Service remotely control those registered devices later.
Network Architecture
Please see the diagram below. A Server-side service is listening on 80 port. We had a router (Router B) which connects to the Server, and set NAT table 220.120.20.209:80 mapping to 192.168.0.3:80. 220.120.20.209 is a public IP.
Two Clients connect to a router (Router A) and have private IP addresses relatively(170.15.40.1/ 170.15.40.2) . Clients host a service (called DeviceService) listening on 80 port. And we didn't set NAT on Router A. 68.250.250.1 is a public IP.
Operation
(Request a Registration) Client sends (request) a message to a Service.
(Response) Service response a message.
(Get Config from Devices) Service consumes client through calling like http: //clientsIP:80/DeviceService.
Operation 1, 2 is working to me. To my understanding, incoming ip address of client#1 is 68.250.250.1 (I'm using RemoteEndpointMessageProperty to get the caller's address).
My question is "operation 3 is not working". Server can't access Client's private IP because of a Router/firewall.Only did Server get is 68.250.250.1. How can I solve this kind of problem? the problem have to do with Network Architecture?
I googled all day long found nothing to do with my problem. But I found websocket thing. Websocket is capable of full-duplex communication over Tcp. Does that mean once a client built a connection with a Server, Server can do operation 3 (Get Config from Devices) anytime even under my network architecture?
Updated 2014/4/24
Thanks a lot to #vtortola. After studying those references , I am still confused that if it's possible to allow call a self-host service from client during a callback session?
Try to elaborate what I thought
Clients will have a self-host service at first. e.g. Providing Configuration Service
Let the Client drive the interaction first, and built a bi-direction channel between Client and Server.
Client requests, and Server response. At the same time, Server triggers the callback procedure.
Server requests "Providing Configuration" message to client via channel during the period callback is fired.
It won't work that way if Router A is doing NAT. RouterA has only an TCP 80 port. Even if you forward it to Client#1, then Client#2 won't work. And I assume RouterA is doing NAT because the client IP addresses are private, so it is translating them to a public IP address.
I think you are messing two concepts. NAT (Network Address Translation) is about IP addresses, it has nothing to do with ports. With NAT you allow your client private IP addresses be translated to the public IP address and therefore get into the internet. Port Forwarding is a technique that allows to map a TCP or UDP port in the public interface of the router to a particular local IP address. Router B is doing NAT to allow the Server communicate with internet through the public interface, and port forwarding to allow hosts in internet to access Server's TCP 80 port, by accessing its TCP 80 port.
Let the Client drive the interaction. In operation #3, the client should send the device configuration after getting the server response in #2.
If you need the server to lead some of the interactions, you must then use a duplex WCF service. WebSocket is one of the duplex WCF bindings. But again, the channel must be established from client to server first.
A Beginner's Guide to Duplex WCF
Duplex Service in WCF
WCF and WebSockets
Is it not possible to specify the local client port used for server calls via NetTcpBinding?
NetPeerTcpBinding support this - I find it hard to believe there's no way to specify the local port (and IP Address for that matter) on clients.
I need to be able to use port sharing and I can't do this if I don't know what port the client is listening on. I won't be able to share the port (and IP) with another client so it can connect.
The only work-around I found is something like this:
Client A opens a connection to Server
Server logs the IP and Port of Client A
Server shares this info. with
Client B
Client B should be able to
connect to Client A on specified IP
and Port (in theory)
This is known as TCP/IP NAT hole punching I believe. Anyone with experience in this?
You probably don't understand the communication pattern with NetTcpBinding. It works this way:
The client opens connection to the server
Two-way communication: The client calls the server and gets the response over the same connection.
Duplex communication: The client calls the server. The server stores reference to the channel somewhere (you must implement this). Once the server wants to notify client about anything it takes stored channel and calls the client on the connection established by the client during its first call.
The server never opens connection to the client. The client doesn't expose any address with port for incomming communication. If you want to do that you must implement service on the client in the same way you did it on the server and you must manully send the address and port to the service exposed by the server.
The difference with NetPeerTcpBinding is that there is no real server and any client must be able to get incomming request. NetTcpBinding is for client-server scenarios where the server is the only peer able to process incomming requests. Because of that only the server needs to define an address and a port.