Bouncy Castle TLS API usage

7
votes
c# - Bouncy Castle TLS API usage - Stack Overflow
Asked
Active 8 years ago
Viewed 6k times
7

I want to communicate between Server and Client using sockets using bouncy castle TLS library. I went through many documentation(which was insufficient for me) but I did not get any idea how to do this,

I am using BouncyCastle v1.7.48(runtime version=v2.0.50727) binary, and I have found these info,

I have to use, Org.BouncyCastle.Crypto.Tls namespace and TlsProtocolHandler class.

To achieve TLS communication,

  1. what API I should use in server side?

  2. what API I should use in client side?

        System.IO.Stream inputStream, outputStream;
    TlsProtocolHandler tls = new TlsProtocolHandler(inputStream, outputStream);

  3. What are the parameters inputStream and outputStream?

public virtual void Connect(TlsClient tlsClient);

where, TlsClient is an interface, and that contains many interfaces inside.

4. How to use the above API? I have to declare new classes and implement methods inside that to all?

Please help me with this Bouncy Castle.

EDIT 1: I created one class which inherits from an abstract class called DefaultTlsClient. Then I could create an instance of my class and pass it for interface reference. So I could send the parameter like this. tls.Connect(tlsClient);

I am not initializing any parameters except I mentioned above. (Sockets are connected before these operation on 2055) But I am not sure handshake is complete or not. My program will go to reading state.

2
  • I could not find any testcase which will use the above API.
    – SHRI
    May 24 2013 at 12:42
  • Then you can use our SecureBlackbox - it comes with documentation, support and samples.
    – Eugene Mayevski 'Callback
    Jun 23 2013 at 13:56
12
+50

There is no server-side TLS API in bouncy castle. You can read on main page that they support only client-side.

For client-side you have found right classes already. TlsProtocolHandler does the job, but it won't work without custom classes. Here is example code:

    // Need class with TlsClient in inheritance chain
    class MyTlsClient : DefaultTlsClient
    {
        public override TlsAuthentication GetAuthentication()
        {
            return new MyTlsAuthentication();
        }
    }

    // Need class to handle certificate auth
    class MyTlsAuthentication : TlsAuthentication
    {
        public TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
        {
            // return client certificate
            return null;
        }

        public void NotifyServerCertificate(Certificate serverCertificate)
        {
            // validate server certificate
        }
    }

    class Program
    {
        static void Main(string[] args)
        {
            TcpClient client = new TcpClient();

            client.Connect(IPAddress.Loopback, 6000);

            // input/output streams are deprecated, just pass client stream
            TlsProtocolHandler handler = new TlsProtocolHandler(client.GetStream());

            handler.Connect(new MyTlsClient());

            // handshake completed
            // use handler.Stream.Write/Read for sending app data

            Console.ReadLine();
        }
    }

I have tested this with my tcp server and received client hello.

Keep in mind it is TLS in version 1.0 so if u need other version or server api then I recommend using other library (.NET framework supports TLS).

3
  • 1
    please validate this: 1. I want TLS v1.2, I cannot use Bouncy castle 2. there is no server side api available for TLS means, Client side I can use Bouncy castle. But server side, I have to implement TLS on TCP by myslelf or using some libraries.(may be .net framework or some other)
    – SHRI
    May 30 2013 at 6:33
  • 1
    You can see in source code TlsProtocolHandler.cs "An implementation of all high level protocols in TLS 1.0" also that they send in header 0x0301 = version 1.0. I would use .NET SslStream in both client and server.
    – nefarel
    May 30 2013 at 8:01
  • In latest Bouncy Castle TlsProtocolHandler is deprecated, so use TlsServerProtocol or TlsClientProtocol with stream and new SecureRandom() as arguments.
    – Possible
    Jul 26 2021 at 19:38

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.

Your privacy

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.

 
1
c#sslbouncycastle
I could not find any testcase which will use the above API.SHRI
Then you can use our SecureBlackbox - it comes with documentation, support and samples.Eugene Mayevski 'Callback

1 Answers

12
votes

There is no server-side TLS API in bouncy castle. You can read on main page that they support only client-side.

For client-side you have found right classes already. TlsProtocolHandler does the job, but it won't work without custom classes. Here is example code:

    // Need class with TlsClient in inheritance chain
    class MyTlsClient : DefaultTlsClient
    {
        public override TlsAuthentication GetAuthentication()
        {
            return new MyTlsAuthentication();
        }
    }

    // Need class to handle certificate auth
    class MyTlsAuthentication : TlsAuthentication
    {
        public TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
        {
            // return client certificate
            return null;
        }

        public void NotifyServerCertificate(Certificate serverCertificate)
        {
            // validate server certificate
        }
    }

    class Program
    {
        static void Main(string[] args)
        {
            TcpClient client = new TcpClient();

            client.Connect(IPAddress.Loopback, 6000);

            // input/output streams are deprecated, just pass client stream
            TlsProtocolHandler handler = new TlsProtocolHandler(client.GetStream());

            handler.Connect(new MyTlsClient());

            // handshake completed
            // use handler.Stream.Write/Read for sending app data

            Console.ReadLine();
        }
    }

I have tested this with my tcp server and received client hello.

Keep in mind it is TLS in version 1.0 so if u need other version or server api then I recommend using other library (.NET framework supports TLS).