SSL Server

Go To Product Page

SSL Server is the server-side counterpart of SSL Connection. It is used to accept incoming SSL connections, turning IO Ninja into a highly configurable raw SSL server-side terminal.

Basic Setup

In IO Ninja, click the “New Session” dropdown and select “SSL Server”.

Select your network adapter from the dropdown and enter a port.

Press the “Listen” button to the right of the port input box.

In the “Active client(s)” section, and the log pane, monitor connections and communications.

Using the “Transmit” pane, send packets to the selected client in the “Active client(s)” pane.

Adjust settings as needed via the “Settings” button (see “Settings” section below for details).

Settings

Setting	Description	Default
Adapter	Local network adapter to bind to. Pick one from the list of installed network adapters (or bind to all installed `IP4` or all `IP6` adapters at once).	Auto
Local port	Local port to bind to. Setting this to `0` auto-selects an available port.	8080
Reuse address	Allow multiple sockets to share the same local address. Maps to the `SO_REUSEADDR` socket option. Please note, the support and details of implementation for this option are highly platform-specific.	False
TCP Nagle algorithm	Delay transmission to reduce the number of small TCP packets. Maps to the `TCP_NODELAY` socket option.	False
TCP reset	Drop TCP connections abruptly with a TCP RST packet. Maps to the `SO_LINGER` socket option.	False
TCP keep-alives	Detect connection loss with TCP keep-alive probes. Maps to the `TCP_KEEPALIVE` socket option.	False
Cipher suite	Select an OpenSSL cipher mode. OpenSSL ciphers refer to the cryptographic algorithms supported by the OpenSSL library for securing data in transit, typically over SSL/TLS connections. Read more about OpenSSL ciphers here. See avaialble options.	ALL
Use certificate	Whether or not to use a certificate for the SSL connection.	False
Certificate	Specify the file path of the certificate.
Private key	Specify the private key for the certificate.
Verify certificates	Whether or not to verify the certificate of the target SSL server.	False
CA certificate	Specify the file path of the CA certificate to be used for verification.
CA directory	Specify a directory of CA certificates to be used for verification.
Verify depth	Specify the maximum certificate certificate chain length. A certificate chain is a sequence of certificates—starting with the SSL/TLS certificate and followed by one or more Certificate Authority (CA) certificates—that allows the recipient to verify the authenticity and trustworthiness of both the sender and the issuing CAs.	10
Use ephemeral DH	Use an ephemeral DH in the absence of a certificate. Learn more about DH here.	True
Ephemeral DH	Paramters to use for the ephemeral DH key exchange. Learn more about DH here.	DH 1024-bit MODP (160-bit prime)
Use ephemeral ECDH	Use an ephemeral ECDH in the absence of a certificate. Learn more about ECDH here.	True
Ephemeral ECDH	Paramters to use for the ephemeral ECDH key exchange. Learn more about ECDH here.	prime256v1
Read block size (B)	The size of each individual read block submitted to the underlying transport.	4KB
RX buffer size (B)	The full size of the incoming data (RX) buffer. Affects read throughput.	16KB
TX buffer size (B)	The full size of the outbound data (TX) buffer. Affects write throughput.	16KB
Keep read block size	Don’t merge read blocks in RX buffer. Incoming data blocks coming in quick succession can be merged together so that IO Ninja writes them to log as a whole. When this option is set to `True`, blocks are written to the log without merging, i.e., exactly as they are received from the underlying transport.	False
Keep write block size	Don’t merge write blocks in TX buffer. Outbound data blocks sent in quick succession can be merged together before submission to the underlying transport. When this option is set to `True`, blocks are submitted to the transport without merging, i.e., exactly as they are sent by the Transmit or Script panes.	False
RX buffer full notifications	Toggle warnings in log about the incoming data (RX) buffer getting full.	False

Cipher Suite Options

Cipher Suite	Cipher Strings	Description
Encrypted	`ALL`	All cipher suites are included except for the `eNULL` ciphers, which must be explicitly enabled if required. Since OpenSSL 1.0.0, the `ALL` cipher suites are ordered in a reasonable default sequence.
Encrypted & authenticated	`ALL` `!aNULL`	Refers to all cipher suites supported by OpenSSL that provide both encryption and authentication. This is achieved by including `ALL`, which covers all cipher suites except those offering no encryption (`eNULL`), and excluding `aNULL`, which represents cipher suites with no authentication. This combination ensures that only secure ciphers that encrypt data and verify the identity of the communicating parties are used.
OpenSSL default	`ALL` `!EXPORT` `!LOW` `!aNULL` `!eNULL` `!SSLv2`	Includes all the ciphers from the `ALL` category while further excluding specific categories considered insecure or outdated: `EXPORT` (export-grade weak ciphers), `LOW` (low-strength ciphers like 64-bit or 56-bit encryption), `aNULL` (unauthenticated ciphers), `eNULL` (unencrypted ciphers), and `SSLv2` (obsolete and insecure SSL version 2). This selection aims to maintain a high level of compatibility while avoiding known insecure or deprecated cipher suites.
All (including unencrypted)	`ALL` `eNULL`	Uses the `ALL` cipher suite list and explicitly includes `eNULL`, thereby enabling cipher suites that offer no encryption at all. This setting allows every possible cipher supported by OpenSSL, including those that provide no data confidentiality, which is highly insecure and generally only used for testing or debugging purposes.