catgen_serverencryption - handle server side encryption and authentication
#include <cat/gen.h>
int catgen_serverencryption(cat_session *sess);
When establishing an encrypted connection, this function handles the server
side of the negotiation.
The encryption protocol to be used is decided by configuration parameter .tcp.sport.protocol, which should be one of "ssl"
,
"dasp"
, or "plain"
. This results in one of the following protocols:
- SSL
-
The algorithm used depends on whether the library is a domestic or an
export version. For a domestic version, the algorithm will be RC4-128. For
an export version, the algorithm will be DES-56-CBC. However, other
algorithms can be used. See the NOTES section.
- DASP/ALLTAK
-
Both the export and the domestic versions use DES-56-CBC. However, the ND2
algorithm can be selected for backwards compatibility.
- NONE
-
Do not use an encryption protocol. The catgen_serverencryption
function takes no action.
If the negotiation was successful, an encryption filter will be pushed onto
the filter stack and all subsequent communication will be encrypted. If the
negotiation failed, an entry is sent to the event log.
If the function returns an error, the session should be closed, usually by
letting the calling function propagate the error.
This function also performs checks to verify the peer's certificate.
The function returns 0 if successful, and a negative code on error.
MT-level: Safe
The function will probably use one of the algorithms mentioned for the SSL
negotiation. For a full listing of the algorithms that can be used, see the
Keon Agent SDK documentation.
cat, catgen