使用带有或不带有BIO的OpenSSL TLS? [英] Using OpenSSL TLS with or without BIO?
问题描述
我已经阅读了很多有关OpenSSL的内容,特别是TLS和DTLS API.大多数都说得通,一旦您理解它就是一个非常直观的API.有一件事确实让我挠头了……
I've been reading a lot about OpenSSL, specifically the TLS and DTLS APIs. Most of it makes sense, it's a pretty intuitive API once you understand it. One thing has really got me scratching my head though...
何时/为什么要使用BIO?
When/why would I use BIOs?
例如,此Wiki页面演示了如何设置准系统TLS服务器.在示例中,甚至没有BIO的提法.
For example, this wiki page demonstrates setting up a barebones TLS server. There isn't even a mention of BIOs anywhere in the example.
Now this page Uses BIOs exclusively, not ever using the read and write functions of the SSL struct. Granted it's from 2013, but it's not the only one that uses BIOs.
要使其变得更加混乱,此手册页建议SSL结构具有一个底层BIO" ,而无需显式设置.
To make it even more confusing this man page suggests that the SSL struct has an "underlying BIO" without ever needing to set it explicitly.
那么,如果我可以脱离使用SSL_read()和SSL_write()的理由,那我为什么还要使用BIO?有什么优势?为什么有些示例使用BIO,而另一些却不使用BIO?空载燕子的空速是多少?
So why would I use BIOs if I can get away with using SSL_read() and SSL_write()? What are the advantages? Why do some examples use BIOs and others don't? What Is the Airspeed Velocity of an Unladen Swallow?
推荐答案
BIO始终存在,但是它们可能被更简单的界面隐藏.如果您需要更多控制-花费更多精力,则直接使用BIO界面非常有用.如果只想在TCP套接字上使用TLS,则简单的接口通常就足够了.相反,如果您想在自己的基础传输层上使用TLS,或者想要对它与传输层的交互方式进行更多控制,则需要BIO.
BIO's are always there, but they might be hidden by the simpler interface. Directly using the BIO interface is useful if you want more control - with more effort. If you just want to use TLS on a TCP socket then the simple interface is usually sufficient. If you instead want to use TLS on your own underlying transport layer or if you want have more control on how it interacts with the transport layer then you need BIO.
这种用例的一个例子是此提案 TLS在HTTPS中作为JSON隧道传输,即TLS帧以JSON编码,然后使用POST请求和响应进行传输.这可以通过使用内存BIO处理TLS来实现,然后将其编码为JSON或从JSON解码.
An example for such a use case is this proposal where TLS is tunneled as JSON inside HTTPS, i.e. the TLS frames are encoded in JSON and which is then transferred using POST requests and responses. This can be achieved by handling the TLS with memory BIO's which are then encoded to and decoded from JSON.
这篇关于使用带有或不带有BIO的OpenSSL TLS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
