Bouncy Castle TLS API usage

Question

I want to communicate between Server and Client using sockets using bouncy castle TLS library. I went through many documentation(which was insufficient for me) but I did not get any idea how to do this,

I am using BouncyCastle v1.7.48(runtime version=v2.0.50727) binary, and I have found these info,

I have to use, Org.BouncyCastle.Crypto.Tls namespace and TlsProtocolHandler class.

To achieve TLS communication,

1. what API I should use in server side?

2. what API I should use in client side?

       System.IO.Stream inputStream, outputStream;
       TlsProtocolHandler tls = new TlsProtocolHandler(inputStream, outputStream);
   

3. What are the parameters inputStream and outputStream?

public virtual void Connect(TlsClient tlsClient);

where, TlsClient is an interface, and that contains many interfaces inside.

4. How to use the above API? I have to declare new classes and implement methods inside that to all?

Please help me with this Bouncy Castle.

EDIT 1: I created one class which inherits from an abstract class called DefaultTlsClient. Then I could create an instance of my class and pass it for interface reference. So I could send the parameter like this. tls.Connect(tlsClient);

I am not initializing any parameters except I mentioned above. (Sockets are connected before these operation on 2055) But I am not sure handshake is complete or not. My program will go to reading state.

Answer 1

There is no server-side TLS API in bouncy castle. You can read on main page that they support only client-side.

For client-side you have found right classes already. TlsProtocolHandler does the job, but it won't work without custom classes. Here is example code:

    // Need class with TlsClient in inheritance chain
    class MyTlsClient : DefaultTlsClient
    {
        public override TlsAuthentication GetAuthentication()
        {
            return new MyTlsAuthentication();
        }
    }

    // Need class to handle certificate auth
    class MyTlsAuthentication : TlsAuthentication
    {
        public TlsCredentials GetClientCredentials(CertificateRequest certificateRequest)
        {
            // return client certificate
            return null;
        }

        public void NotifyServerCertificate(Certificate serverCertificate)
        {
            // validate server certificate
        }
    }

    class Program
    {
        static void Main(string[] args)
        {
            TcpClient client = new TcpClient();

            client.Connect(IPAddress.Loopback, 6000);

            // input/output streams are deprecated, just pass client stream
            TlsProtocolHandler handler = new TlsProtocolHandler(client.GetStream());

            handler.Connect(new MyTlsClient());

            // handshake completed
            // use handler.Stream.Write/Read for sending app data

            Console.ReadLine();
        }
    }

I have tested this with my tcp server and received client hello.

Keep in mind it is TLS in version 1.0 so if u need other version or server api then I recommend using other library (.NET framework supports TLS).