aktuelles von IO::Socket::SSL

Aktuelles von IO::Socket::SSL
Steffen Ullrich, genua mbH
Deutscher Perl-Workshop 2013, Berlin

IO::Socket::SSL

Client Side SNI

Server Side SNI

NPN

    my $server = IO::Socket::SSL->new(
       Listen => ...,
       SSL_npn_protocols => ['foo','bar'],
       ...,
    );
    my $client = $server->accept;
    my $want = $client->next_proto_negotiated;
    -------
    my $sock = IO::Socket::SSL->new(
       PeerAddr => ...,
       SSL_npn_protocols => ['bar','foobar']
    );
    my $can = $sock->next_proto_negotiated;

Security

Security II

Security III

   *******************************************************************
    Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
    is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
    together with SSL_ca_file|SSL_ca_path for verification.
    If you really don't want to verify the certificate and keep the
    connection open to Man-In-The-Middle attacks please set
    SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
   *******************************************************************

Security IV

Next?