NetBurner 3.5.6
PDF Version
SSL/TLS Server

NetBurner SSL/TLS Server Example

Overview

This application demonstrates a simple SSL/TLS server implementation using the NetBurner RTOS platform. The server uses Elliptic Curve Cryptographic (ECC) keys to establish secure connections and serves as an example of how to implement SSL/TLS communication in embedded systems.

Features

  • SSL/TLS server listening on port 8883 (MQTT secure port)
  • Elliptic Curve Cryptography (ECC) support
  • Client connection handling with secure data transmission
  • Large data buffer transmission demonstration
  • Real-time connection status reporting

Application Architecture

Main Components

  1. TcpServerTask: The main server task that handles incoming SSL/TLS connections
  2. Certificate and Key Files: Pre-generated ECC certificate and private key
  3. Network Interface Management: Automatic network configuration and IP address handling

Key Files

  • main.cpp - Main application logic and server implementation
  • ServerCert.cpp - Auto-generated SSL certificate data (672 bytes)
  • ServerKey.cpp - Auto-generated ECC private key data (310 bytes)

How It Works

  1. Initialization: The application initializes the NetBurner system and waits for network connectivity
  2. Server Setup: Creates a listening socket on port 8883 using SSL/TLS
  3. Client Handling: Accepts incoming connections and establishes secure sessions
  4. Data Exchange:
    • Sends a welcome message to connected clients
    • Transmits a large buffer containing pi digits (demonstration data)
    • Displays client IP address and port information
    • Echoes back any data received from clients
  5. Connection Management: Properly closes connections and cleans up resources

Testing the Application

Using OpenSSL Command Line

You can test the SSL/TLS server using OpenSSL from a command line:

For ECC Cipher Suite

openssl s_client -cipher ECDHE-ECDSA-AES256-GCM-SHA384 -connect <ip_address>:8883
connect
int connect(const IPADDR &ipAddress, uint16_t remotePort, uint32_t timeout)
Establish a TCP connection to a remote host.
Definition tcp.h:1547

Example:

openssl s_client -cipher ECDHE-ECDSA-AES256-GCM-SHA384 -connect 10.1.1.191:8883

For RSA (if using RSA keys)

openssl s_client -connect <ip_address>:8883

Example:

openssl s_client -connect 10.1.1.191:8883

Expected Behavior

When a client connects successfully, you should see:

  1. Welcome message: "Welcome to the NetBurner SSL/TLS Server Example"
  2. A large buffer of pi digits (demonstration data)
  3. Server IP address and port information
  4. Echo of any data you send to the server

Configuration

Network Settings

  • Listen Port: 8883 (MQTT secure port)
  • Buffer Size: 4096 bytes for receiving data
  • Network Wait: 5 seconds timeout for DHCP address acquisition

Task Configuration

  • Stack Size: USER_TASK_STK_SIZE
  • Priority: MAIN_PRIO - 1 (higher priority than main task)
  • Task Name: "TcpServerTask"

Customization Options

Using RSA Keys Instead of ECC

If your application requires RSA keys instead of ECC:

  1. Navigate to \nburn\CreateCerts\RSA directory
  2. Run the key generation scripts
  3. Replace ServerKey.cpp and ServerCert.cpp with the newly generated files
  4. Rebuild the application

The RSA version can be tested with the standard OpenSSL command without specifying cipher suites.

Technical Details

SSL/TLS Implementation

  • Uses NetBurner's built-in SSL/TLS stack
  • Supports modern cipher suites including ECDHE-ECDSA-AES256-GCM-SHA384
  • Automatic certificate and key loading from embedded data

Memory Usage

  • RX Buffer: 4KB for incoming data
  • Task Stack: Configurable via USER_TASK_STK_SIZE
  • Certificate: 672 bytes
  • Private Key: 310 bytes

Error Handling

  • Connection timeout handling
  • Graceful client disconnection
  • Resource cleanup on connection termination

Security Considerations

  • Uses strong ECC encryption by default
  • Certificates are embedded in the application binary
  • For production use, consider:
    • Using production certificates from a trusted CA
    • Implementing certificate validation
    • Adding additional security measures as required

Dependencies

  • NetBurner RTOS
  • NetBurner SSL/TLS library
  • Standard NetBurner networking stack

Troubleshooting

Common Issues

  1. Connection Refused: Ensure the device has a valid IP address and port 8883 is not blocked
  2. SSL Handshake Failure: Verify that the client supports the cipher suites used by the server
  3. Network Issues: Check DHCP configuration and network connectivity