LuaSec -- TLS/SSL Support for Lua

LuaSec – TLS/SSL Support for Lua

LuaSec is a binding for OpenSSL library to provide TLS/SSL communication. It takes an already established TCP connection and creates a secure session between the peers.

This is a simple example of a client and server communication using LuaSec:

Client	Server
require("socket") require("ssl") -- TLS/SSL client parameters (omitted) local params local conn = socket.tcp() conn:connect("127.0.0.1", 8888) -- TLS/SSL initialization conn = ssl.wrap(conn, params) conn:dohandshake() -- print(conn:receive("*l")) conn:close()	require("socket") require("ssl") -- TLS/SSL server parameters (omitted) local params local server = socket.tcp() server:bind("127.0.0.1", 8888) server:listen() local conn = server:accept() -- TLS/SSL initialization conn = ssl.wrap(conn, params) conn:dohandshake() -- conn:send("one line\n") conn:close()

Client

Server

 require("socket")
 require("ssl")

 -- TLS/SSL client parameters (omitted)
 local params

 local conn = socket.tcp()
 conn:connect("127.0.0.1", 8888)

 -- TLS/SSL initialization
 conn = ssl.wrap(conn, params)
 conn:dohandshake()
 --
 print(conn:receive("*l"))
 conn:close()

 require("socket")
 require("ssl")

 -- TLS/SSL server parameters (omitted)
 local params 

 local server = socket.tcp()
 server:bind("127.0.0.1", 8888)
 server:listen()
 local conn = server:accept()

 -- TLS/SSL initialization
 conn = ssl.wrap(conn, params)
 conn:dohandshake()
 --
 conn:send("one line\n")
 conn:close()

LuaSec needs a set of information (such as protocol, key, certificate, etc.) to wrap the TCP connection. For instance, we can use the following parameters in the example above:

Client	Server
-- TLS/SSL client parameters local params = { mode = "client", protocol = "tlsv1", key = "/etc/certs/clientkey.pem", certificate = "/etc/certs/client.pem", cafile = "/etc/certs/CA.pem", verify = "peer", options = "all", }	-- TLS/SSL server parameters local params = { mode = "server", protocol = "tlsv1", key = "/etc/certs/serverkey.pem", certificate = "/etc/certs/server.pem", cafile = "/etc/certs/CA.pem", verify = {"peer", "fail_if_no_peer_cert"}, options = {"all", "no_sslv2"}, ciphers = "ALL:!ADH:@STRENGTH", }

Client

Server

 -- TLS/SSL client parameters
 local params = {
 mode = "client",
 protocol = "tlsv1",
 key = "/etc/certs/clientkey.pem",
 certificate = "/etc/certs/client.pem",
 cafile = "/etc/certs/CA.pem",
 verify = "peer",
 options = "all",
 }

 -- TLS/SSL server parameters
 local params = {
 mode = "server",
 protocol = "tlsv1",
 key = "/etc/certs/serverkey.pem",
 certificate = "/etc/certs/server.pem",
 cafile = "/etc/certs/CA.pem",
 verify = {"peer", "fail_if_no_peer_cert"},
 options = {"all", "no_sslv2"},
 ciphers = "ALL:!ADH:@STRENGTH",
 }

Download

LuaSec depends on LuaSocket package. On Windows, LuaSec and LuaSocket must be compiled with the same C++ Run-Time.

All tests were performed on Linux, Mac OS X, Windows XP, and BSD, using Lua 5.1.4, LuaSocket 2.0.2, and OpenSSL 0.9.8.

Windows Binaries Packages

The modules were built using Visual C++ 2008 (version 9), Multi-threaded DLL (/MD), and OpenSSL 0.9.8 on Windows XP — see "dll9" in Lua Binaries for more information.

You can download the OpenSSL and Visual C++ 2008 Redistributables here. If you are not a developer, you can install the light version of OpenSSL.

License

LuaSec is available under the same terms and conditions as the Lua language — the MIT license.

Contact

Bruno Silvestre – brunoos at inf . puc-rio . br | bruno . silvestre at gmail . com

Last update: 14-Oct-2009 21:25

SSL Lua SSL Lua OpenSSL Lua OpenSSL