Client-Side SSL/TLS Support in CDK 7.0

Supported Algorithms and Protocols

 

SSL
 MD5, SHA-1, RC4, DES, TDES
TLS
SHA-1, RC4, DES, TDES, AES, client authentication


Code Snippit

To establish a TDES-encrypted TLS session with a remote host:

// instantiate an HTTPS object and initialize it with the desired protocol,
// algorithm suite, list of acceptable root certificates for server auth,
// client auth certificate, and client signature callback

ischttps h;
int nError = h.init(TDES, TLS, trustedRootCerts, clientAuthCert, &signTLS);
if (nError) return nError;

// POST data to server page

cdk::str sResult = h.postpage(hostname, page, data, port);

// GET webpage from server

sResult = h.getpage(hostname, page, port);

Notes

  • the https object falls back to TDES if the specified cipher (presumably AES) is not supported by the server
  • the server's SSL certificate is returned for path validation (optionally via a authentication callback)
  • the https object does not drop back to SSL v2 or v3, nor does it support resumed sessions or Server Gated Cryptography (SGC)