<div dir="ltr">Is there a way for a single program to act as both a TLS client and a TLS server after a TCP/IP accept() call?<div><div><br></div><div>Today, I simply have the TCP connecting process issue a 1 or 0 to indicate how it is acting. This is then used to determine who does SSL_accept and SSL_connect and everything works out. My original idea was that I could then configure any number of supporting services on the same port going forward.</div><div><br></div><div>I'd like to remove this 1 time TCP write/read operation. For example, I cannot see how this will work with Apple's network framework going forward.</div><div><br></div><div><div>I currently have 3 authentication use cases</div><div><br></div><div> Server side cert (currently only works in one direction without my workaround)</div><div> Server side cert with GSSAPI (currently only works in one direction without my workaround)</div><div> Client/Server certs (so this one should work either way)</div></div><div><br></div><div>Will PSK allow my service to say, always act as a TLS server without a server certificate?</div><div>Could I then proceed with additional certificate functions (e.g. for GSSAPI)?</div><div><br></div><div><div>Or should I go back and grovel for another port and use this information to</div><div>explain why I need one?</div><div><br></div><div>Many thanks in advance for any insights!</div><div><br></div><div>Kris</div><div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr">This message is NOT encrypted
<br>--------------------------------
<br>Mr. Kristen J. Webb
<br>Chief Technology Officer
<br>Teradactyl LLC.
<br>2450 Baylor Dr. S.E.
<br>Albuquerque, New Mexico 87106
<br>Phone: 1-<span style="display:inline;font-size:inherit;padding:0pt;color:rgb(80,80,80)">505-338-6000</span>
<br>Email: <a href="mailto:kwebb@teradactyl.com" target="_blank">kwebb@teradactyl.com</a>
<br>Web: <a href="http://www.teradactyl.com" target="_blank">http://www.teradactyl.com</a>
<br>
<br><img src="https://drive.google.com/a/teradactyl.com/uc?id=1AtTRUbNsHoJJEO8vs4zd6D2oON5Evwq4&export=download"><br><br>Providers of Scalable Backup Solutions
<br> for Unique Data Environments
<br>
<br>--------------------------------
<br>NOTICE TO RECIPIENTS: Any information contained in or attached to this
<br>message is intended solely for the use of the intended recipient(s). If
<br>you are not the intended recipient of this transmittal, you are hereby
<br>notified that you received this transmittal in error, and we request
<br>that you please delete and destroy all copies and attachments in your
<br>possession, notify the sender that you have received this communication
<br>in error, and note that any review or dissemination of, or the taking of
<br>any action in reliance on, this communication is expressly prohibited.
<br>
<br>
<br>Regular internet e-mail transmission cannot be guaranteed to be secure
<br>or error-free. Therefore, we do not represent that this information is
<br>complete or accurate, and it should not be relied upon as such. If you
<br>prefer to communicate with Teradactyl LLC. using secure (i.e., encrypted
<br>and/or digitally signed) e-mail transmission, please notify the sender.
<br>Otherwise, you will be deemed to have consented to communicate with
<br>Teradactyl via regular internet e-mail transmission. Please note that
<br>Teradactyl reserves the right to intercept, monitor, and retain all
<br>e-mail messages (including secure e-mail messages) sent to or from its
<br>systems as permitted by applicable law
</div></div></div></div></div></div></div></div>