HTTPS server challenges

This chapter should serve only as an introduction to TLS/SSL server programming. There is much more to learn about secure network programming. Before deploying a secure HTTPS server with OpenSSL, it is essential to review all the OpenSSL documentation carefully. Many OpenSSL functions have edge cases that were ignored in the illustrative code for this chapter.

Multiplexing can also be complicated with OpenSSL. In typical TCP servers, we have been using the select() function to indicate when data is available to be read. The select() function works directly on the TCP socket. Using select() on a server secured with TLS/SSL can be tricky. This is because select() indicates when data is available at the TCP level. This usually, but not always, indicates that data is available to be read with SSL_read(). It is important that you carefully consult the OpenSSL documentation for SSL_read() if you are going to use it with select(). The example program in this chapter ignores these possibilities for reasons of simplicity.

There are also alternatives to OpenSSL. Let's consider some of them now.