[6lbr-dev] Web Administration SSL/TLS Support?

Laurent Deru laurent.deru at cetic.be
Thu Nov 26 09:25:58 UTC 2015


Hi Ron,

Actually we don't plan to add SSL/TLS support on the webserver of 6LBR. 
The webserver itself is Contiki based and should work on small devices 
(like CC2538) as well as Linux box, and maintaining two different code 
is not feasible. So, your solution using NGINX as a https proxy is a 
good solution. We looked at apache which provides such a functionality 
out of the box using mod_proxy and mod_ssl (Using ProxyPass and 
SSLProxyEngine).
You then only need to block the 6LBR webserver port to completely secure 
it. In the next develop I should add a configuration parameter to change 
the webserver port so you don't have conflict between Apache/nginx.

Kind regards,
Laurent.

Le 16/11/15 20:37, Ron Segal a écrit :
> Hi Mátyás
> Actually I'm just after encryption between the border router and the 
> WSN, for which purpose AES would be the most efficient, particularly 
> given that a common key is being used in any case. So the key 
> requirement (forgive the pun) is to secure access to this key via 
> 6lbr's administrative web pages.  Actually I probably already have a 
> solution. My current border router setup terminates an SSL/TLS http 
> connection using NGINX, for the purpose of passing IPV4 REST requests 
> (with embedded CoAP) to an http-coap reverse proxy translator  (simple 
> one that I wrote in Python), then on to 6lbr as a standard IPV6 CoAP 
> request. NGINX and 6lbr are running on the same box (RPi).  So NGINX 
> (which is also a load balancer) could easily be used to terminate 
> http/s requests to the 6lbr web administration pages, forwarding them 
> as plain http directly to 6lbr.  Will have to test this, but can't see 
> any reason why it wouldn't work.
> Best wishes, Ron
>
>
>
> On 17/11/15 08:18, Mátyás Kiss wrote:
>> Hello Ron,
>>
>> Is there any crypto module for the 6LBR? Contiki has one DTLS, which 
>> doesn't compatible with the original OpenSSL. I am thinking about to 
>> (re)write a complete crypto module especially for the contiki. But 
>> this is a huge work.
>>
>>
>> M
>>
>> 2015-11-16 19:53 GMT+01:00 Ron Segal <ron at suretronic.com 
>> <mailto:ron at suretronic.com>>:
>>
>>     Hi Cetic Guys
>>     Are you planning to implement http SSL/TLS support for securing
>>     access to
>>     administration web pages?
>>     Particularly with the new AES administration functionality,
>>     access control would
>>     seem to be pretty essential.
>>     (Also, following the recent atrocities, just wanting to pledge
>>     support to you
>>     guys in Europe)
>>     Best wishes, Ron - Wellington, New Zealand
>>
>>     _______________________________________________
>>     6lbr-dev mailing list
>>     6lbr-dev at lists.cetic.be <mailto:6lbr-dev at lists.cetic.be>
>>     http://lists.cetic.be/cgi-bin/mailman/listinfo/6lbr-dev
>>
>>
>
>
> -- 
> suretronic_labs_sig.html
> R o n   S e g a l
> MSc, CEng, CITPNZ
> suretronic labs
> Wellington, New Zealand
> Tel: 64 4 5288806Cell: 64 21 678009
>
> This e-mail message and any attachments are confidential to the 
> addressee(s). If you are not the intended addressee, please notify me 
> as soon as possible and immediately delete the e-mail, including any 
> attachments.  Thank you.
>
>
> _______________________________________________
> 6lbr-dev mailing list
> 6lbr-dev at lists.cetic.be
> http://lists.cetic.be/cgi-bin/mailman/listinfo/6lbr-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cetic.be/archives/6lbr-dev/attachments/20151126/598a76c0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 4068 bytes
Desc: not available
URL: <http://lists.cetic.be/archives/6lbr-dev/attachments/20151126/598a76c0/attachment.png>


More information about the 6lbr-dev mailing list