TLSServer Class

Properties   Methods   Events   Config Settings   Errors  

The TLSServer class implements server-side functionality of the TLS protocol. In the TLS-disabled mode it works as a plain TCP server.

Syntax

secureblackbox.Tlsserver

Remarks

Use this component to accept TLS-encrypted or plain TCP connections in your application.

Follow the below steps to set up and run the server in your code:

• Create an instance of the server component and set up the license, if assumed by the edition you are using: var server = new Tlsserver(); server.RuntimeLicense = "5342..0000";
• Set up the listening port (make sure it is not in use): server.Port = 3456;
• Tell the component whether TLS connections should be enforced: server.UseTLS = false; // set to true to enable TLS
• (TLS-enabled servers only) Configure TLS parameters. The exact way of doing that may vary for different scenarios and security requirements. At the very least you need to set up the certificate chain that the server will use to authenticate itself to connecting clients. If you don"t, the component will generate a dummy certificate itself, however, that certificate is unlikely to pass any security requirements. It will let you accept test connections though.

  Below is an example of tuning up the TLS parameters of the server: // *** Switching TLS on and enabling the implicit mode *** server.UseTLS = true; server.TLSSettings.TLSMode = smImplicitTLS; // Loading the certificate chain var mgr = new Certificatemanager(); mgr.RuntimeLicense = "5342..0000"; // *** Setting up the host certificate *** // - it should be issued in the name that matches the hostname (such as domain.com) or its IP address (1.2.3.4), // - it must have an associated private key - so likely is provided in PFX or PEM format. mgr.ImportFromFile("CertTLSServer.pfx", "password"); server.ServerCertificates.Add(mgr.Certificate); // The CA certificate: this is to help connecting clients validate the chain. mgr.ImportFromFile("CertCA.cer", ""); server.ServerCertificates.Add(mgr.Certificate); // *** Adjusting finer-grained TLS settings *** // - session resumption (allows for faster handshakes for connections from the same origin) server.TLSSettings.UseSessionResumption = true; // - secure configuration server.TLSSettings.BaseConfiguration = stpcHighlySecure; // - disabling a cipher suite we dislike (just because we can): server.TLSSettings.Ciphersuites = "-DHE_RSA_AES128_SHA" // *** Configuring versions *** // The default version setting at the time of writing (May 2021) is TLS 1.2 and TLS 1.3, // but that may change in future versions. The following tune-up additionally activates TLS 1.1 and TLS 1.0, // which weakens security, but may be necessary to accept connections from older clients: server.TLSSettings.Versions = csbTLS1 | csbTLS11 | csbTLS12 | csbTLS13;

• Now that your server has been fully set up, activate it: server.Start();
• Once the Start call completes, your server can accept connections from clients. Each accepted connection runs in a separate thread, not interfering with each other or your own threads. The server communicates its ongoing activities to your application by throwing events:
  • Accept to notify you about a new incoming connection. This event lets you accept or reject it.
  • Connect to notify your code of an accepted connection. This event introduces a ConnectionID, a unique identifier that you can use to track the connection throughout its lifetime.
  • Disconnect to notify you that a connection has been closed.
  • TLSEstablished and TLSShutdown to let you know that a TLS layer has been activated/deactivated.
  • Data to notify you about a piece of data received from the remote side.
  • Error to report a protocol or other error.
  • CertificateValidate to communicate the client authentication event to your code. To access the certificate(s) provided by the authenticating client, pin the client and use the PinnedClientChain property to access its chain: server.PinClient(e.ConnectionID); e.Accept = CheckCert(server.PinnedClientChain);

  Note: every such event is thrown from the respective connection thread, so make sure you use some synchronization mechanism when dispatching the events to your UI thread - for example, by updating UI controls by sending a Window Message rather than accessing the controls directly.

  Use SendData and SendText to send data back to a client. When sending data, provide the ConnectionID that is associated with that client. Call DropClient to terminate a client connection.

• To stop the server, call Stop: server.Stop();

TLSServer and SSLLabs

Having said that, when assessing SecureBlackbox TLS-capable servers that are configured to use their default setup, you will often end up with a lower SSLLabs score than you could have. There is a simple reason for that. Being a vendor of a library used by thousands of customers, we have to find a delicate balance between security, compatibility, and keeping class contracts rolling from one product build to another. This makes the default configuration of the components not the strongest possible. To put it simple, we could easily make the default component setup bulletproof - but having done that, we would have likely ended up with hundreds of customers stuck with legacy environments (and there are a lot of them around) losing their connectivity.

If you are looking at achieving the best score at SSLLabs, please read on. The below guidance aims to help you tune up the server component in the way that should give you an A score.

First, switch your server to the highly secure base configuration: server.TLSSettings.BaseConfiguration = stpcHighlySecure; This should immediately give you an A, or a T if your server certificate does not chain up to a trusted anchor.

Some warnings will still be included in the report. One of those is related to the session resumption. It is normally shown in orange:

Session resumption (caching): No (IDs assigned but not accepted)

This literally means that the server is not configured to re-use older sessions, which may put extra computational burden on clients and itself. Use the following setting to enable session caching: server.TLSSettings.UseSessionResumption = true;

Besides, the report may show that there are some weak ciphersuites. All of those should be shown in orange (there should not be any reds; if there are - please let us know), which means they are only relatively weak. While switching them off may affect the interoperability level of the server, you may still want to do that. By using the below approach you can disable individual ciphersuites selectively. For example, if the report shows that TLS_DHE_RSA_WITH_AES128_CBC_SHA256 and TLS_DHE_RSA_WITH_AES256_CBC_SHA256 are weak (because of their CBC mode), you can disable them in the following way: server.TLSSettings.Ciphersuites = '-DHE_RSA_AES128_SHA256;-DHE_RSA_AES256_SHA256'; Note that SBB uses slightly different, simpler naming convention by dropping unnecessart WITH and CBC. Let us know if you have difficulties matching the cipher suite names.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

Active Property (TLSServer Class)

Indicates whether the server is active and is listening to new connections.

Syntax

public boolean isActive();

Default Value

False

Remarks

This read-only property returns True if the server is listening to incoming connections.

This property is read-only and not available at design time.

BoundPort Property (TLSServer Class)

Indicates the bound listening port.

Syntax

public int getBoundPort();

Default Value

0

Remarks

Check this property to find out the port that has been allocated to the server by the system. The bound port always equals Port if it is provided, or is allocated dynamically if configured to fall in the range between PortRangeFrom and PortRangeTo constraints.

This property is read-only and not available at design time.

ClientAuth Property (TLSServer Class)

Enables or disables certificate-based client authentication.

Syntax

public int getClientAuth();


public void setClientAuth(int clientAuth);


Enumerated values:
  public final static int ccatNoAuth = 0;
  public final static int ccatRequestCert = 1;
  public final static int ccatRequireCert = 2;

Default Value

0

Remarks

Set this property to true to tune up the client authentication type: ccatNoAuth = 0; ccatRequestCert = 1; ccatRequireCert = 2;

ErrorOrigin Property (TLSServer Class)

Indicates the endpoint where the error originates from.

Syntax

public int getErrorOrigin();


public void setErrorOrigin(int errorOrigin);


Enumerated values:
  public final static int eoLocal = 0;
  public final static int eoRemote = 1;

Default Value

0

Remarks

Use this property to establish whether the reported error originates from a local or remote endpoint.

This property is not available at design time.

ErrorSeverity Property (TLSServer Class)

The severity of the error that happened.

Syntax

public int getErrorSeverity();


public void setErrorSeverity(int errorSeverity);


Enumerated values:
  public final static int esInfo = 0;
  public final static int esWarning = 1;
  public final static int esFatal = 2;

Default Value

1

Remarks

Use this property to establish whether the error is fatal.

This property is not available at design time.

ExternalCrypto Property (TLSServer Class)

Provides access to external signing and DC parameters.

Syntax

public ExternalCrypto getExternalCrypto();

Remarks

Use this property to tune-up remote cryptography settings. SecureBlackbox supports two independent types of external cryptography: synchronous (based on OnExternalSign event) and asynchronous (based on DC protocol and DCAuth signing component).

This property is read-only.

FIPSMode Property (TLSServer Class)

Reserved.

Syntax

public boolean isFIPSMode();


public void setFIPSMode(boolean FIPSMode);

Default Value

False

Remarks

This property is reserved for future use.

HandshakeTimeout Property (TLSServer Class)

Specifies the handshake timeout in milliseconds.

Syntax

public int getHandshakeTimeout();


public void setHandshakeTimeout(int handshakeTimeout);

Default Value

20000

Remarks

Use this property to set the TLS handshake timeout.

Host Property (TLSServer Class)

The host to bind the listening port to.

Syntax

public String getHost();


public void setHost(String host);

Default Value

""

Remarks

Use this property to specify the IP address on which to listen to incoming connections.

PinnedClient Property (TLSServer Class)

Populates the pinned client details.

Syntax

public TLSClientEntry getPinnedClient();

Remarks

Use this property to access the details of the client connection previously pinned with PinClient method.

This property is read-only and not available at design time.

PinnedClientChain Property (TLSServer Class)

Contains the certificate chain of the pinned client.

Syntax

public CertificateList getPinnedClientChain();

Remarks

Use this property to access the certificate chain of the client connection pinned previously with a PinClient call.

This property is read-only and not available at design time.

Port Property (TLSServer Class)

Specifies the port number to listen for connections on.

Syntax

public int getPort();


public void setPort(int port);

Default Value

80

Remarks

Use this property to specify the port number to listen to connections on. Standard port numbers are 80 for an HTTP server, and 443 for an HTTPS server.

Alternatively, you may specify the acceptable range of listening ports via PortRangeFrom and PortRangeTo properties. In this case the port will be allocated within the requested range by the operating system, and reported in BoundPort.

PortRangeFrom Property (TLSServer Class)

Specifies the lower limit of the listening port range for incoming connections.

Syntax

public int getPortRangeFrom();


public void setPortRangeFrom(int portRangeFrom);

Default Value

0

Remarks

Use this property to specify the lower limit of the port range to listen to connections on. When a port range is used to specify the listening port (as opposed to a fixed value provided via Port), the port will be allocated within the requested range by the operating system, and reported in BoundPort.

Note that this property is ignored if the Port property is set to a non-zero value, in which case the server always aims to listen on that fixed port.

PortRangeTo Property (TLSServer Class)

Specifies the upper limit of the listening port range for incoming connections.

Syntax

public int getPortRangeTo();


public void setPortRangeTo(int portRangeTo);

Default Value

0

Remarks

Use this property to specify the upper limit of the port range to listen to connections on. When a port range is used to specify the listening port (as opposed to a fixed value provided via Port), the port will be allocated within the requested range by the operating system, and reported in BoundPort.

Note that this property is ignored if the Port property is set to a non-zero value, in which case the server always aims to listen on that fixed port.

ServerCertificates Property (TLSServer Class)

The server's TLS certificates.

Syntax

public CertificateList getServerCertificates();


public void setServerCertificates(CertificateList serverCertificates);

Remarks

Use this property to provide a list of TLS certificates for the server endpoint.

A TLS endpoint needs a certificate to be able to accept TLS connections. At least one of the certificates in the collection - the endpoint certificate - must have a private key associated with it.

The collection may include more than one endpoint certificate, and more than one chain. A typical usage scenario is to include two chains (ECDSA and RSA), to cater for clients with different cipher suite preferences.

This property is not available at design time.

SessionTimeout Property (TLSServer Class)

Specifies the default session timeout value in milliseconds.

Syntax

public int getSessionTimeout();


public void setSessionTimeout(int sessionTimeout);

Default Value

360000

Remarks

Specifies the period of inactivity (in milliseconds) after which the connection will be terminated by the server.

SocketSettings Property (TLSServer Class)

Manages network connection settings.

Syntax

public SocketSettings getSocketSettings();

Remarks

Use this property to tune up network connection parameters.

This property is read-only.

TLSSettings Property (TLSServer Class)

Manages TLS layer settings.

Syntax

public TLSSettings getTLSSettings();

Remarks

Use this property to tune up the TLS layer parameters.

This property is read-only.

WebsiteName Property (TLSServer Class)

Specifies the web site name to use in the certificate.

Syntax

public String getWebsiteName();


public void setWebsiteName(String websiteName);

Default Value

"SecureBlackbox"

Remarks

If using an internally-generated certificate, use this property to specify the web site name to be included as a common name. A typical common name consists of the host name, such as '192.168.10.10' or 'domain.com'.

BroadcastData Method (Tlsserver Class)

Broadcasts data to all connections.

Syntax

public void broadcastData(long connectionID, byte[] data);

Remarks

Call this method to send Data to all active client connections except for ConnectionID. Set ConnectionID to -1 to broadcast to all connections without exceptions.

BroadcastText Method (Tlsserver Class)

Broadcasts a text string to all connections.

Syntax

public void broadcastText(long connectionId, String text);

Remarks

Call this method to send Text to all active client connections except for ConnectionID. Set ConnectionID to -1 to broadcast to all connections without exceptions.

Config Method (Tlsserver Class)

Sets or retrieves a configuration setting.

Syntax

public String config(String configurationString);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

DoAction Method (Tlsserver Class)

Performs an additional action.

Syntax

public String doAction(String actionID, String actionParams);

Remarks

DoAction is a generic method available in every class. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insencitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

DropClient Method (Tlsserver Class)

Terminates a client connection.

Syntax

public void dropClient(long connectionId, boolean forced);

Remarks

Call this method to shut down a connected client. Forced indicates whether the connection should be closed in a graceful manner.

ExportKeyMaterial Method (Tlsserver Class)

Derives key material from the session's master key using the TLS exporters scheme.

Syntax

public void exportKeyMaterial(long connectionID, String lbl, byte[] context, int len);

Remarks

Some protocols - for example, SRTP - use the TLS exporters scheme to derive their own session keys from the TLS master key. This method lets you employ exporters to obtain such keys, or to generate secure keys for your own needs from an active TLS session.

The exported keys depend on the master key, and are different for every TLS session. However, a client and server sharing a session will always end up with the same key material, as long as they use the same values of Lbl, Context, and Len.

Use the ConnectionID parameter to specify the session that you would like to derive key material from.

ListClients Method (Tlsserver Class)

Enumerates the connected clients.

Syntax

public String listClients();

Remarks

This method enumerates the connected clients. It returns a list of strings, with each string being of 'ConnectionID|Address|Port' format, and representing a single connection.

PinClient Method (Tlsserver Class)

Takes a snapshot of the connection's properties.

Syntax

public void pinClient(long connectionId);

Remarks

Use this method to take a snapshot of a connected client. The captured properties are populated in PinnedClient and PinnedClientChain properties.

SendData Method (Tlsserver Class)

Sends a data buffer to a connection client.

Syntax

public void sendData(long connectionID, byte[] buffer);

Remarks

Use this method to send a data buffer to a connected client. Use ConnectionID to specify the client.

SendKeepAlive Method (Tlsserver Class)

Sends a keep-alive packet.

Syntax

public boolean sendKeepAlive(long connectionId);

Remarks

Use this method to send a keep-alive packet to a client. Keep alive is an empty packet; keep-alive signals sent occasionally can be used to keep connection up.

SendText Method (Tlsserver Class)

Sends a text string to a client.

Syntax

public void sendText(long connectionId, String text);

Remarks

Use this method to send a text string to a connected client.

Start Method (Tlsserver Class)

Starts the TLS server.

Syntax

public void start();

Remarks

Use this method to start listening for incoming connections.

Stop Method (Tlsserver Class)

Stops the TLS server.

Syntax

public void stop();

Remarks

Call this method to stop listening for incoming connections.

Accept Event (Tlsserver Class)

Reports an incoming connection.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void accept(TlsserverAcceptEvent e) {}
  ...
}

public class TlsserverAcceptEvent {
  public String remoteAddress;
  public int remotePort;
  public boolean accept;
}

Remarks

This event is fired when a new connection from RemoteAddress:RemotePort is ready to be accepted. Use the Accept parameter to accept or decline it.

Subscribe to Connect event to be notified of every connection that has been set up.

Connect Event (Tlsserver Class)

Reports an accepted connection.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void connect(TlsserverConnectEvent e) {}
  ...
}

public class TlsserverConnectEvent {
  public long connectionID;
  public String remoteAddress;
  public int remotePort;
}

Remarks

The class fires this event to report that a new connection has been established. ConnectionId indicates the unique ID assigned to this connection. The same ID will be supplied to any other events related to this connection, such as GetRequest or AuthAttempt.

Data Event (Tlsserver Class)

Supplies a data chunk received from a client.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void data(TlsserverDataEvent e) {}
  ...
}

public class TlsserverDataEvent {
  public long connectionID;
  public byte[] buffer;
}

Remarks

This event is fired to supply another piece of data received from a client. This event may fire multiple times.

Disconnect Event (Tlsserver Class)

Fires to report a disconnected client.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void disconnect(TlsserverDisconnectEvent e) {}
  ...
}

public class TlsserverDisconnectEvent {
  public long connectionID;
}

Remarks

The class fires this event when a connected client disconnects.

Error Event (Tlsserver Class)

Information about errors during data delivery.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void error(TlsserverErrorEvent e) {}
  ...
}

public class TlsserverErrorEvent {
  public long connectionID;
  public int errorCode;
  public String description;
}

Remarks

The event is fired in case of exceptional conditions during message processing.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the HTTPS section.

ExternalSign Event (Tlsserver Class)

Handles remote or external signing initiated by the server protocol.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void externalSign(TlsserverExternalSignEvent e) {}
  ...
}

public class TlsserverExternalSignEvent {
  public long connectionID;
  public String operationId;
  public String hashAlgorithm;
  public String pars;
  public String data;
  public String signedData;
}

Remarks

Assign a handler to this event if you need to delegate a low-level signing operation to an external, remote, or custom signing engine. Depending on the settings, the handler will receive a hashed or unhashed value to be signed.

The event handler must pass the value of Data to the signer, obtain the signature, and pass it back to the component via SignedData parameter.

OperationId provides a comment about the operation and its origin. It depends on the exact component being used, and may be empty. HashAlgorithm specifies the hash algorithm being used for the operation, and Pars contain algorithm-dependent parameters.

The component uses base16 (hex) encoding for Data, SignedData, and Pars parameters. If your signing engine uses a different input and output encoding, you may need to decode and/or encode the data before and/or after the signing.

A sample MD5 hash encoded in base16: a0dee2a0382afbb09120ffa7ccd8a152 - lower case base16 A0DEE2A0382AFBB09120FFA7CCD8A152 - upper case base16

A sample event handler that uses a .NET RSACryptoServiceProvider class may look like the following: signer.OnExternalSign += (s, e) => { var cert = new X509Certificate2("cert.pfx", "", X509KeyStorageFlags.Exportable); var key = (RSACryptoServiceProvider)cert.PrivateKey; var dataToSign = e.Data.FromBase16String(); var signedData = key.SignHash(dataToSign, "2.16.840.1.101.3.4.2.1"); e.SignedData = signedData.ToBase16String(); };

Notification Event (Tlsserver Class)

This event notifies the application about an underlying control flow event.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void notification(TlsserverNotificationEvent e) {}
  ...
}

public class TlsserverNotificationEvent {
  public String eventID;
  public String eventParam;
}

Remarks

The class fires this event to let the application know about some event, occurrence, or milestone in the component. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the component, the exact action it is performing, or the document being processed, one or both may be omitted.

TLSCertValidate Event (Tlsserver Class)

Fires when a client certificate needs to be validated.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void TLSCertValidate(TlsserverTLSCertValidateEvent e) {}
  ...
}

public class TlsserverTLSCertValidateEvent {
  public long connectionID;
  public boolean accept;
}

Remarks

The class fires this event to notify the application of an authenticating client. Use the event handler to validate the certificate and pass your decision back to the server component via the Accept parameter.

TLSEstablished Event (Tlsserver Class)

Reports the setup of a TLS session.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void TLSEstablished(TlsserverTLSEstablishedEvent e) {}
  ...
}

public class TlsserverTLSEstablishedEvent {
  public long connectionID;
}

Remarks

Subscribe to this event to be notified about the setup of a TLS connection by a connected client.

TLSHandshake Event (Tlsserver Class)

Fires when a newly established client connection initiates a TLS handshake.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void TLSHandshake(TlsserverTLSHandshakeEvent e) {}
  ...
}

public class TlsserverTLSHandshakeEvent {
  public long connectionID;
  public String serverName;
  public boolean abort;
}

Remarks

Use this event to get notified about the initiation of the TLS handshake by the remote client. The ServerName parameter specifies the requested host from the client hello message.

TLSPSK Event (Tlsserver Class)

Requests a pre-shared key for TLS-PSK.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void TLSPSK(TlsserverTLSPSKEvent e) {}
  ...
}

public class TlsserverTLSPSKEvent {
  public long connectionID;
  public String identity;
  public String PSK;
  public String ciphersuite;
}

Remarks

The class fires this event to report that a client has requested a TLS-PSK negotiation. ConnectionId indicates the unique connection ID that requested the PSK handshake.

Use Identity to look up for the corresponding pre-shared key in the server's database, then assign the key to the PSK parameter. If TLS 1.3 PSK is used, you will also need to assign the Ciphersuite parameter with the cipher suite associated with that identity and their key.

TLSShutdown Event (Tlsserver Class)

Reports closure of a TLS session.

Syntax

public class DefaultTlsserverEventListener implements TlsserverEventListener {
  ...
  public void TLSShutdown(TlsserverTLSShutdownEvent e) {}
  ...
}

public class TlsserverTLSShutdownEvent {
  public long connectionID;
}

Remarks

The class fires this event when a connected client closes their TLS session gracefully. This event is typically followed by a Disconnect, which marks the closure of the underlying TCP session.

Certificate Type

Provides details of an individual X.509 certificate.

Remarks

This type provides access to X.509 certificate details.

Fields

public Certificate( bytes,  startIndex,  count,  password);

Loads the X.509 certificate from a memory buffer. Bytes is a buffer containing the raw certificate data. StartIndex and Count specify the starting position and number of bytes to be read from the buffer, respectively. Password is a password encrypting the certificate.

public Certificate( certBytes,  certStartIndex,  certCount,  keyBytes,  keyStartIndex,  keyCount,  password);

Loads the X.509 certificate from a memory buffer. CertBytes is a buffer containing the raw certificate data. CertStartIndex and CertCount specify the number of bytes to be read from the buffer, respectively. KeyBytes is a buffer containing the private key data. KeyStartIndex and KeyCount specify the starting position and number of bytes to be read from the buffer, respectively. Password is a password encrypting the certificate.

public Certificate( bytes,  startIndex,  count);

Loads the X.509 certificate from a memory buffer. Bytes is a buffer containing the raw certificate data. StartIndex and Count specify the starting position and number of bytes to be read from the buffer, respectively.

public Certificate( path,  password);

Loads the X.509 certificate from a file. Path specifies the full path to the file containing the certificate data. Password is a password encrypting the certificate.

public Certificate( certPath,  keyPath,  password);

Loads the X.509 certificate from a file. CertPath specifies the full path to the file containing the certificate data. KeyPath specifies the full path to the file containing the private key. Password is a password encrypting the certificate.

public Certificate( path);

Loads the X.509 certificate from a file. Path specifies the full path to the file containing the certificate data.

public Certificate( stream);

Loads the X.509 certificate from a stream. Stream is a stream containing the certificate data.

public Certificate( stream,  password);

Loads the X.509 certificate from a stream. Stream is a stream containing the certificate data. Password is a password encrypting the certificate.

public Certificate( certStream,  keyStream,  password);

Loads the X.509 certificate from a stream. CertStream is a stream containing the certificate data. KeyStream is a stream containing the private key. Password is a password encrypting the certificate.

public Certificate();

Creates a new object with default field values.

ExternalCrypto Type

Specifies the parameters of external cryptographic calls.

Remarks

External cryptocalls are used in a Distributed Cryptography (DC) subsystem, which allows the delegation of security operations to the remote agent. For instance, it can be used to compute the signature value on the server, while retaining the client's private key locally.

Fields

public ExternalCrypto();

public SocketSettings();

public TLSClientEntry();

public TLSSettings();

Config Settings (Tlsserver Class)

TLSServer Config Settings

Base Config Settings

Trappable Errors (Tlsserver Class)

TLSServer Errors