NAME

catgen_serverencryption - handle server side encryption and authentication

SYNOPSIS

#include <cat/gen.h>

int catgen_serverencryption(cat_session *sess);

DESCRIPTION

When establishing an encrypted connection, this function handles the server side of the negotiation.

The encryption protocol to be used is decided by configuration parameter .tcp.sport.protocol, which should be one of "ssl", "dasp", or "plain". This results in one of the following protocols:

SSL
The algorithm used depends on whether the library is a domestic or an export version. For a domestic version, the algorithm will be RC4-128. For an export version, the algorithm will be DES-56-CBC. However, other algorithms can be used. See the NOTES section.

DASP/ALLTAK
Both the export and the domestic versions use DES-56-CBC. However, the ND2 algorithm can be selected for backwards compatibility.

NONE
Do not use an encryption protocol. The catgen_serverencryption function takes no action.

If the negotiation was successful, an encryption filter will be pushed onto the filter stack and all subsequent communication will be encrypted. If the negotiation failed, an entry is sent to the event log.

If the function returns an error, the session should be closed, usually by letting the calling function propagate the error.

This function also performs checks to verify the peer's certificate.

RETURN VALUES

The function returns 0 if successful, and a negative code on error.

NOTES

MT-level: Safe

The function will probably use one of the algorithms mentioned for the SSL negotiation. For a full listing of the algorithms that can be used, see the Keon Agent SDK documentation.

SEE ALSO

cat, catgen