Modules/SSL

Other languages:
Constr.png The translation checking and actualizing
Module Name Version License Source Languages Platforms Type Author Description
SSL SSL 1.5 GPL2 tr_SSL.so en,uk,ru,de x86,x86_64,ARM Transport Roman Savochenko
Maxim Lysenko (2009) — the page translation
Provides transport based on the secure sockets' layer. OpenSSL is used and SSLv3, TLSv1, TLSv1.1, TLSv1.2, DTLSv1 are supported.

Contents

The module SSL of the transport provides the support of transport based on secure sockets layer (SSL) into the system. In the basis of the module there is the library OpenSSL. Input and output transports of protocols SSLv3 and TLSv1 are supported.

It is possible to add new input and output transports through the transport subsystem configuration in any configurator of OpenSCADA system.

1 Input transports

The configured and running input transport opens server SSL-socket for the expectation of connection of the clients. SSL-socket is a multi-stream, i.e. when the client connects, the client SSL-connection and a new stream in which the client is served are created. Server SSL-socket in this moment switches to the waiting for the request from the new client. Thus the parallel service of the clients is achieved.

Each input transport is necessarily associated with one of the available transport protocols, to which input messages are transmitted. In conjunction with the transport protocol is supported by a mechanism of the combining of pieces of requests, disparate while transferring.

Configuration dialog of the input SSL-transport is depicted in Figure 1.

Fig.1. Configuration dialog of the input SSL-transport.

Using this dialog you can set:

At.png We do not recommend disable the function by the TCP/IP network's properties does not guarantee notice the server about the connection disable, for example after power supply lost on the client. As result the opened client connections will left forever and after its number achieve to the limit server will drop new connections!

2 Output transports

Configured and running output transport opens the SSL connection to the specified server. In the case of destroying of the connection, output transport is disconnected. In order to resume the connection transport must be re-run.

Main tab of the configuration page of output SSL-transport is shown in Fig.2.

Fig.2. Main tab of the configuration page of the output SSL-transport.

Using this dialog you can set:

3 Certificates and keys

For a valid module work certificates and private keys are required. In the case of the input SSL-transport (the server) they are compulsory. In the case of output SSL-transport they can not be even installed though their using is desirable.

The simplest configuration of the certificate is self-subscription certificate and private key. The following describes how to create them using the tool openssl:

# Generation the secret key
$ openssl genrsa -out ./key.pem -des3 -rand /var/log/messages 2048
# Generation of self-subscription certificate
$ openssl req -x509 -new -key ./key.pem -out ./selfcert.pem -days 365

Next, the contents of the files "key.pem" and "selfcert.pem" is copied into the text field of the certificate and key. Password of the private key is installed in the appropriate field.