SSL Server Terminal

SSL Server Terminal

The SSL Server plugin is the server-side counterpart of SSL Connection. It is used to accept incoming SSL connections, thus turning IO Ninja into a highly configurable raw SSL server-side terminal.

In the modern world, secure connections are everywhere. Browsing the web, watching video streams, shopping online, logging into remote accounts, controlling smart homes and IoT devices — all this and more is done over connections secured with the SSL protocol (SSL stands for Secure Sockets Layer).

In reality, when we say SSL, we actually assume TLS (Transport Layer Security) — a more recent variation of the original SSL protocol; still, it's common to refer to all types of connections secured with the SSL/TLS protocol suite simply as SSL connections.

Unfortunately, there are not so many tools available for debugging raw SSL connections, and even less so support working as an SSL server. Probably, the most common way is to use the openssl command-line utility in the s_server mode to listen for incoming connections, and then communicate to the connected client by inspecting client requests being shown on the terminal console and typing characters to reply:

$ openssl s_server -port 8443 -cert tmp-cert.pem -key -tmp-cert-key.pem

However, that's not too convenient and it imposes quite a few functional restrictions (e.g., it's impossible to configure ephemeral ECDH parameters, you can't prepare a packet and send it all at once, it's hard to send and receive non-textual characters, etc.)

The SSL Server plugin fills the existing gap. Now, IO Ninja can be used for convenient GUI-based debugging of raw SSL connections. You can:

  • Use the whole range of IO Ninja logging and transmitting capabilities;
  • Specify server-side SSL certificates...
  • ...or use ephemeral DH or ECDH and run an SSL server without a certificate;
  • Choose whether to request and verify client-side SSL certificates...
  • ...and specify a set of CAs for verification;
  • Specify the local adapter to listen on;
  • Control low-level TCP options (Nagle, TCP RST, keep-alives).

The SSL Server plugin allows you to accept and maintain multiple incoming connections at the same time. You can select which client to talk to, and if the log gets too messy — apply a filter and leave only the conversation with a particular client while hiding everything else.