TLS/SSL

Updated October 2017

Encrypted sockets using TLS/SSL protocol can be enabled with the TCPXFLG_TLS flag, subject to the following notes and caveats:

   You must pass the TCPXFLG_TLS flag with every call to TCPX.SBR. This will probably necessitate that the flags parameter be mapped as B,4. Note that the flag is above the range normally used for the transfer size for TCPOP_READ and TCPOP_WRITE (where flags may be used to specify the number of bytes to transfer).

   The multitude of variations and parameters relating to secure connections (ciphers, protocols, certificate types, algorithms, etc.) are currently all defaulted to a "standard set". You can override the default by specifying a valid list of GnuTLS "priorities" in the buffer parameter. Search the Internet for "gnutls_priority_init" for the latest documentation on this rather cryptic string.

   Passing the TCPXFLG_TLS option to TCPX.SBR will cause the LIBASHTLS library modules to be dynamically loaded. For Windows, this consists of the libashtls.dll module along with several other DLLs from GnuTLS package. As a convenience we may package the GnuTLS-related DLLs in a zip, available from our download site in the other/gnutls directory. For Linux, the library consists of libashtls.so.x.x.x which must be linked to libashtls.so.1, plus any libraries required by GnuTLS, which must be installed separated; see gnutls.org for details.)

   See the sample program SOAP1.BP for an example of using the TLS feature to submit a SOAP request to a secure web server.

   See the sample programs SOAP1.BP and GNUGET.BP in EXLIB:[908,025], as well as the function FNHTTPGET.BSI in SOSLIB:[907,10] for examples.

   As of A-Shell 6.5.1618, only client mode is supported.