Best Practice of Creating TLS Client /Server in C?

Steffen Nurpmeso steffen at
Fri Feb 11 22:49:06 UTC 2022

Viktor Dukhovni wrote in
 <YgbYie7Gr3hdhweO at>:
 |On Fri, Feb 11, 2022 at 09:13:05PM +0000, Joseph Chen via openssl-users \
 |> Could someone point me to some good reads or C code examples for
 |> creating a TLS client/server with best practices?
 |In Postfix, you'll find clean, well commented code that handles
 |the SMTP use-case, and supports strict verification modes, but
 |defaults to unauthenticated TLS.  So you'd have to understand
 |which knobs to set to get the behaviour you want.
 |    ient.c
 |    rver.c

There is also Network Security with OpenSSL from O'Reilly from
2002, free PDF around.  I think it is a good read still,
especially for a beginner.  You surely have to adapt it regarding
TLS_(client|server)_method, algorithms etc.  It also misses the
new SSL_CONF_CTX and CONF_modules_load_file() that unfortunately
is not convincingly mediated.  But then again OpenSSL forks like
ressl do not support them anyway.

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the openssl-users mailing list