Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Home

brunoos edited this page · 11 revisions
Clone this wiki locally

LuaSec is a binding for OpenSSL library to provide TLS/SSL communication. It takes an already established TCP connection and creates a secure session between the peers.

This is a simple example of a client and server communication using LuaSec:

Client code

require("socket")
require("ssl")

-- TLS/SSL client parameters (omitted)
local params

local conn = socket.tcp()
conn:connect("127.0.0.1", 8888)

-- TLS/SSL initialization
conn = ssl.wrap(conn, params)
conn:dohandshake()
--
print(conn:receive("*l"))
conn:close()

Server code

require("socket")
require("ssl")

-- TLS/SSL server parameters (omitted)
local params 

local server = socket.tcp()
server:bind("127.0.0.1", 8888)
server:listen()
local conn = server:accept()

-- TLS/SSL initialization
conn = ssl.wrap(conn, params)
conn:dohandshake()
--
conn:send("one line\n")
conn:close()

LuaSec needs a set of information (such as protocol, key, certificate, etc.) to wrap the TCP connection. For instance, we can use the following parameters in the example above:

Client parameters

local params = {
  mode = "client",
  protocol = "tlsv1",
  key = "/etc/certs/clientkey.pem",
  certificate = "/etc/certs/client.pem",
  cafile = "/etc/certs/CA.pem",
  verify = "peer",
  options = "all",
}

Server parameters

local params = {
  mode = "server",
  protocol = "tlsv1",
  key = "/etc/certs/serverkey.pem",
  certificate = "/etc/certs/server.pem",
  cafile = "/etc/certs/CA.pem",
  verify = {"peer", "fail_if_no_peer_cert"},
  options = {"all", "no_sslv2"},
  ciphers = "ALL:!ADH:@STRENGTH",
}

Download

API Reference

License

LuaSec is available under the same terms and conditions as the Lua language — the MIT license.

Contact

  • bruno . silvestre at gmail . com
  • brunoos at inf . ufg . br
Something went wrong with that request. Please try again.