HTTP/HTTPS Support
We have released a new Rebex HTTPS component. It adds support for SHA-2 certificates , SNI extension, TLS 1.0, 1.1 and TLS 1.2 protocols under .NET Compact Framework, but it also works on other platforms including .NET, Mono, Xamarin.iOS, Android and Xamarin.Mac). Check the HTTPS component at http://www.rebex.net/https/default.aspx
-
Adminmartin.vobr (Admin, Rebex) commented
We created a HTTPS component which supports:
- TLS 1.2
- TLS 1.1
- SNI (https://en.wikipedia.org/wiki/Server_Name_Indication)
- SHA-2 certificates
- transport layer replacement for Web Services call (aka "make my SOAP webservices works again on .NET CF")It primary targets .NET Compact Framework, because HttpWebRequest on .NET CF is both quite limited and widely used. Current beta however works on many other platforms.
Check the beta at http://labs.rebex.net/HTTPS
-
AdminLukas Pokorny (Admin, Rebex) commented
Thanks for your suggestions, oki!
We already support some of the security stuff, although parts of it are not well-documented yet. For example:
- creating private/public keys (check out http://forum.rebex.net/questions/4284/using-pkcs10-certificate-request-any-example-code-provided-bouncy-castle-working-code/4285).
- converting keys (again, PrivateKeyInfo class can do this).
- issue, sign and verify certificates (check out Certificate.Validate method and CertificateIssuer object).
- unified wrapper for certificate stores (CertificateStore object) works on Windows, Windows CE and Linux/Mono (see http://www.rebex.net/ftp-ssl.net/features/x509-certificates.aspx).Fortunately, documenting these features and adding sample code for them is actually on our near-term roadmap!
We also have a custom TLS/SSL library that doesn’t use any native code and works in .NET, .NET CF, Xamarin.iOS, Xamarin.Android (and an experimental version for Windows Store Apps is available). It makes it possible to configure cipher suites and hash algorithms (see http://www.rebex.net/ftp-ssl.net/features/tls-ssl.aspx). TLS 1.2 is in the works and will be added in one of the next releases – please let us know at support@rebex.net if you would like to try a beta when it’s ready.
However, at the moment, this security stuff mostly servers as a basic infrastructure for Rebex FTP/SSL, Rebex SFTP, Rebex Terminal Emulation and Rebex Secure Mail. I like Nancy, Owin and Katana (although vNext supersedes that to a large degree, AFAIK), but I’m afraid that repurposing our libraries to fit nicely into these frameworks would be a lot of work, and our resources are – sadly – limited.
The same applies to WebSocket support – although I would really love to have a platform-independent implementation, none of our current components need it (at least until we add SFTP over WebSockets support - http://sftp.ws/ ), which means it ends up in the “nice-to-have, but low priority” list.
By the way, I have been using Nowin (https://github.com/Bobris/Nowin) for hosting Nancy (and parts of Katana, although making it work was not exactly easy) in Mono and I worked around the lack of TLS 1.1/1.2 support by adding an Nginx server in front of it (the same approach is often used for hosting Node.js apps).
Kind regards,
Lukas Pokorny
Rebex.NET -
oki commented
I'd like to see a selfhosted http(s) Implementation for Client & Server which runs without .NET standard implementation (HttpListener).
The SSL implementation on mono supports only TLS1.0 and the old SSLv3. It lacks on support of TLS 1.1 and TLS 1.2 with native .NET code.
Maybe https://github.com/juhovh/AaltoTLS (License MIT/X11) is worth for a look.I'd like to see a component for the whole security stuff:
- create private/public keys
- convert keys and keystores
- issue, sign and verify certificates
- unified Wrapper for certificatestores ( root certificates, usercerts, machinecerts,...)
- for windows from within managed code.
- on Linux: (http://www.mono-project.com/docs/faq/security/)
- ship around native workarounds like http://openssl-net.sourceforge.net/
- configure cipher suites and hash algorithms
- bind this security configuration to the Protocol-ListenerThese "security stuff" should be stable enougth to combine with other serversided http(s) projects (Nancy, owin, katana or the old ones: XSP, Cassini) than reimplement them again.
Maybe the higher leveled things (Authentication, sessioncontrol, caching) , numbered in this feature request, are already implemented in other products like "Servicestack" Framework (https://servicestack.net/features) in environments without Windows & IIS.Platform independent support of Websocket, based on http(s), would be great:
(http://www.codeproject.com/Articles/733297/WebSocket-libraries-comparison) -
Linda Kohl commented
what a great idea...only problem is for the people are not computer experts.
How do they learn to use these ideas, In the english language. Any help would be greatly appreciated... -
Anonymous commented
Client-side JavaScript execution support would be nice.
Example: connection to a web site that requires sign-on via SAML. A .NET HTTP component follows redirects but is unable to execute form post from JavaScript (onLoad=form.submit()) required to complete the authentication. -
codputer commented
I would add support for file transfer directly to azure blob storage, or amazon.
-
Savas OZER commented
Standard .net classes don't support Socks4/5 proxy and storing/restoring cookies. Is this enough ?
-
AdminLukas Pokorny (Admin, Rebex) commented
Adding an HTTP/HTTPS component to our portfolio would definitely be a nice addition. However, before we start implementing this, we would like to have a list of a must-have features that are not possible (or easily possible) with .NET standard HTTP classes HttpWebRequest/HttpWebResponse.
Suggestions we received so far:
- Easily download a file or an URL and store it into file on local system
- Simple cookies support - ability to allow or deny cookies
- More control over session and authentication
- Post/put file or data to an URL
- No caching entire requests in memory before posting (large files use a large amount of memory)
- Bandwidth throttling (useful for large files)Please add more!