File: SSL

package info (click to toggle)
tinymux 2.10.1.14-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 6,212 kB
  • ctags: 8,535
  • sloc: cpp: 111,587; sh: 5,867; ansic: 141; makefile: 139
file content (59 lines) | stat: -rw-r--r-- 2,611 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
TinyMUX 2.10: SSL
Last Update: January 2010
~~~~~~~~~~~~~~~~~~~~~~~~~

1) To compile TinyMUX 2.10 with support for SSL and TLS, you will need to
   use the --enable-ssl option.  This option requires OpenSSL 0.9.6 or later,
   and 0.9.7 is highly recommended if possible.  It may be necessary to append
   -lcrypto to the SSL_LIBS line in the Makefile.

2) Once the game has been compiled you will need to create an SSL
   certificate.  You can create a self-signed certificate using the
   included muxssl.cnf file and the OpenSSL certificate generation commands,
   but it is important to note that not all MU* clients that support
   SSL and TLS encryption will accept self-signed certificates.

   For a production game, it is recommended to get a certificate from
   one of the acknowledged and accepted 'root' certificate authorities,
   such as Verisign.

3) Once you have your certificate, you need to add a few options to your
   game's .conf file:

        ssl_certificate_file <PEM file>
        ssl_certificate_key <PEM file>
        ssl_certificate_password <passphrase>

   The certificate and key can be included in the same PEM file, or in
   two separate ones.  If your passphrase is blank/empty, you can omit
   that configuration option.

4) If you only want to support TLS connections, for clients that support
   the Telnet STARTTLS extension (such as Trebuchet), you're now done.
   If you wish to support SSL-only connections on a separate port, for
   TinyFugue and other clients that support SSL, you will also need to
   add a directive with the SSL-specific ports.

        port_ssl <port> [<port> [<port> ...]]

   Just like the 'port' directive, 'port_ssl' builds a list of ports that
   the game should listen on.

5) When you start the game, you should see a line along the lines of:

        NET/SSL  : initialize_ssl: SSL engine initialized successfully.

   If you do not see this line, look for SSL error messages in the log.
   A likely cause is an improper certificate passphrase.

   If TinyMUX 2.10 cannot initialize the SSL engine, the game will still run
   but the SSL ports will not be opened and the TLS option will be disabled.

6) When users are connected via SSL ports or the TLS extension, their
   terminfo() output will reflect this by adding 'ssl' to the list of
   client features.

7) Unfortunately, all SSL and TLS connections will be dropped whenever
   the game is restarted with @restart, the SIGUSR1 signal, or by any
   other means.  Restarting the game creates a new process that doesn't
   have any of the OpenSSL state needed to continue encryption.