LuaSec -- TLS/SSL Support for Lua

LuaSec – TLS/SSL Support for Lua

LuaSec is a binding for OpenSSL library to provide TLS/SSL communication. This version delegates to LuaSocket the TCP connection establishment between the client and server. Then LuaSec uses this connection to start a secure TLS/SSL session.

For example, this is an implementation of a client and a server using LuaSec:

Client	Server
require("socket") require("ssl") -- TLS/SSL client parameters (omitted) local params local conn = socket.tcp() conn:connect("127.0.0.1", 8888) -- TLS/SSL initialization conn = ssl.wrap(conn, params) conn:dohandshake() -- print(conn:receive("*l")) conn:close()	require("socket") require("ssl") -- TLS/SSL server parameters (omitted) local params local server = socket.tcp() server:bind("127.0.0.1", 8888) server:listen() local conn = server:accept() -- TLS/SSL initialization conn = ssl.wrap(conn, params) conn:dohandshake() -- conn:send("one line\n") conn:close()

Client

Server

 require("socket")
 require("ssl")

 -- TLS/SSL client parameters (omitted)
 local params

 local conn = socket.tcp()
 conn:connect("127.0.0.1", 8888)

 -- TLS/SSL initialization
 conn = ssl.wrap(conn, params)
 conn:dohandshake()
 --

 print(conn:receive("*l"))
 conn:close()

 require("socket")
 require("ssl")

 -- TLS/SSL server parameters (omitted)
 local params 

 local server = socket.tcp()
 server:bind("127.0.0.1", 8888)
 server:listen()
 local conn = server:accept()

 -- TLS/SSL initialization
 conn = ssl.wrap(conn, params)
 conn:dohandshake()
 --

 conn:send("one line\n")
 conn:close()

To start the secure connection, LuaSec needs some parameters, such as the protocol to be used, key, certificate, etc. These parameters can be passed directly to ssl.wrap or they can be used to create a context, that is more appropriated for the server side.

The parameters are provided throught a Lua table. In the above implementation, for example, we can use these tables:

Client	Server
-- TLS/SSL client parameters local params = { mode = "client", protocol = "sslv3", key = "/etc/certs/clientkey.pem", certificate = "/etc/certs/client.pem", cafile = "/etc/certs/CA.pem", verify = "peer", options = "all", }	-- TLS/SSL server parameters local params = { mode = "server", protocol = "sslv3", key = "/etc/certs/serverkey.pem", certificate = "/etc/certs/server.pem", cafile = "/etc/certs/CA.pem", verify = {"peer", "fail_if_no_peer_cert"}, options = {"all", "no_sslv2"}, ciphers = "ALL:!ADH:@STRENGTH", }

Client

Server

 -- TLS/SSL client parameters
 local params = {
    mode = "client",
    protocol = "sslv3",
    key = "/etc/certs/clientkey.pem",
    certificate = "/etc/certs/client.pem",
    cafile = "/etc/certs/CA.pem",
    verify = "peer",
    options = "all",
 }

 -- TLS/SSL server parameters
 local params = {
    mode = "server",
    protocol = "sslv3",
    key = "/etc/certs/serverkey.pem",
    certificate = "/etc/certs/server.pem",
    cafile = "/etc/certs/CA.pem",
    verify = {"peer", "fail_if_no_peer_cert"},
    options = {"all", "no_sslv2"},
    ciphers = "ALL:!ADH:@STRENGTH",
 }

Download

LuaSec depends on LuaSocket package. On Windows, LuaSec and LuaSocket must be compiled with the same C++ Run-Time.
All tests were performed on Linux, Mac OS X, Windows XP, and BSD, using Lua 5.1.4, LuaSocket 2.0.2, and OpenSSL 0.9.7/0.9.8.

Windows Binaries Packages

The modules were built using Visual C++ 2008 (version 9), Multi-threaded DLL (/MD), and OpenSSL 0.9.8 on Windows XP — see "dll9" in Lua Binaries for more information.

You can download here the OpenSSL and Visual C++ 2008 Redistributables (the required DLL's). If you are not a developer, you can install the light version of OpenSSL.

License

LuaSec uses part of LuaSocket, and it is available under the same terms and conditions as the Lua language and LuaSocket — the MIT license.

Contact

Bruno Silvestre – brunoos at inf . puc-rio . br / bruno . silvestre at gmail . com

Last update: 08-October-2009 09:18

SSL Lua SSL Lua OpenSSL Lua OpenSSL