You are here: Client-Server > Using SSL For Client-Server Communication

Using SSL For Client-Server Communication

With the default settings db4o client-server communication is not encrypted and thus can potentially be a dangerous security hole. db4o supports SSL for client server communication. The implementation uses the pluggable socket to provide secure sockets.

The SSL communication uses the .NET security libraries to implement the secure communication. Currently only one way authentication is supported, where the server needs to have a valid certificate. Clients-certificates are currently not supported.

On the server you need to add a the server SSL support. Additionally you need to specif the server certificate. This way you can choose from where you want to get the server-certificate. Take a look at the .NET documentation for a more details.

IServerConfiguration configuration = Db4oClientServer.NewServerConfiguration();
// For the server you need a certificate. For example using a certificate from a file
X509Certificate2 certificate = new X509Certificate2("cert.cer");
configuration.AddConfigurationItem(new ServerSslSupport(certificate));
SSLExample.cs: Add SSL-support to the server
Dim configuration As IServerConfiguration = Db4oClientServer.NewServerConfiguration()
' For the server you need a certificate. For example using a certificate from a file
Dim certificate As New X509Certificate2("cert.cer")
configuration.AddConfigurationItem(New ServerSslSupport(certificate))
SSLExample.vb: Add SSL-support to the server

On the client you need to use the client SSL support. Add a callback for additional certificate verification.

IClientConfiguration configuration = Db4oClientServer.NewClientConfiguration();
configuration.AddConfigurationItem(new ClientSslSupport(CheckCertificate));
SSLExample.cs: Add SSL-support to the client
Dim configuration As IClientConfiguration = Db4oClientServer.NewClientConfiguration()
configuration.AddConfigurationItem(New ClientSslSupport(AddressOf CheckCertificate))
SSLExample.vb: Add SSL-support to the client
private static bool CheckCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors)
{
    // here you can check the certificates of the server and accept it if it's ok.)
    return true;
}
SSLExample.cs: callback for validating the certificate
Private Shared Function CheckCertificate(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, ByVal sslpolicyerrors As SslPolicyErrors) As Boolean
    ' here you can check the certificates of the server and accept it if it's ok.
    Return True
End Function
SSLExample.vb: callback for validating the certificate