SSLBlackbox

Connect to Remote or Build Your Own SSL/TLS-secured Servers

SSLBlackbox
  • Supported Platforms

  • .NET.NET

    Pure managed and integrated components, carefully optimized to achieve maximum performance comparable to native processor code. The .NET edition can be used on .NET and Mono Server and Desktop platforms, in ASP.NET applications, and on Mobile Devices.

  • .NETJava

    Highly integrated Java security library including numerous classes to enable support for a wide range of application-level protocols, security algorithms, and standards. You can use Java security libraries to develop software for desktop and server platforms, mobile devices, and Web applications.

  • .NETC++

    A shared library (.dll on Windows and .so on Linux / macOS) and set of C++ classes. Used in C++ applications for Windows, Linux, macOS, and iOS platforms. Supported compilers include Visual C++, MinGW, gcc, and Xcode.

  • .NETVCL

    Highly integrated and blazingly fast native Delphi (Pascal) components for building native Windows, Linux, and macOS applications. All components are native Delphi, have no third-party binaries or references, and no reliance on Windows CryptoAPI. Also includes Delphi components for building Android and iOS apps.

  • .NETPHP

    Integrated components for PHP scripts running on Linux and Windows servers.

Overview

Use SSLBlackbox to connect to remote SSL/TLS-secured servers or build your own SSL/TLS-secured servers.

Support for All Versions of TLS

Included SSL/TLS components support all versions of TLS (up to 1.2) with strong encryption using keys up to 16,384 bits.

Client-side and Server-side DTLS Support

One of the recent additions to SSL/TLS family of protocols is Datagram TLS (DTLS), which is very similar to TLS. DTLS is used to protect UDP-based or other message-based network communications such as streaming audio and video. SSLBlackbox is one of the few solutions to provide client-side and server-side DTLS support.

Client-side Components for Application-level Protocols

SSL/TLS is often used to secure application-level protocols, such as HTTP and FTP. SSLBlackbox includes components for client-side access to the remote servers using these protocols. In particular, SSLBlackbox includes a client-side component to upload and download files using FTP / FTPS protocols. Other operations defined by the FTP protocol specifications are supported as well.

SSL/TLS and PKI Provide Strong Security

Unlike symmetric encryption, securing communications with SSL/TLS doesn't require that the sides know the shared secret (password/encryption key). Also, Public Key Security (PKI) lets each side examine authenticity of the other side and prevent man-in-the-middle attacks.

Easy to Implement and Maintain Security

The PKI infrastructure is a widely-used technology, so implementation and maintenance of SSL/TLS-based solutions with SSLBlackbox are quite simple tasks.

No External Dependencies

SSLBlackbox includes its own implementation of the SSL/TLS/DTLS protocol family and doesn't include external code such as OpenSSL, OpenSSH, etc.

Full Feature List

SSL/TLS Protocol

  • Widest possible compatibility via support for modern TLS 1.2, TLS 1.1, TLS 1.0, SSL 3, and SSL 2
  • DTLS (Datagram TLS) protocol support secures your UDP-based communications
  • Flexible support for client and server-side SSL/TLS authentication during data exchange allows you to deploy the classes to a custom PKI infrastructure
  • User-controlled validation of certificates allows you to build a custom PKI infrastructure or better control authentication in SSL/TLS
  • Optional resuming of TLS sessions in both client and server components. Both SSL sessions and TLS stateless resumption are supported
  • Cryptocards and USB Crypto Tokens are supported for further protection of secret information (private and secret keys)
  • Authentication using OpenPGP keys and pre-shared keys (PSK) provides an alternative to PKI for in-house solutions
  • SRP (Secure Remote Password) cipher suites is another alternative to PKI for authentication
  • Standard and custom TLS extensions let you harness the power of the TLS specification and include additional information to the handshake, if necessary
  • With raw asymmetric keys for authentication (instead of X.509 certificates), you can avoid the necessity to deploy PKI infrastructure where it is not needed (in closed environments) and decrease handshake time
  • Ability to secure any data channel (not just TCP or UDP sockets) helps you secure any communication channel with TLS or DTLS
  • OCSP stapling support helps you reduce load on certificate authorities' OCSP servers during certificate validation
  • Certificates with key length from 512 to 16384 bits give you adequate security solutions for today and the future
  • Support for RSA, DSA, and DH public key algorithms and optional ECC-based cipher suites
  • Data encryption with Camellia, AES (128 to 256 bit), Triple DES (3DES), DES, ARCFOUR, and RC2 algorithms
  • Asynchronous operation mode helps you easily build synchronous and asynchronous applications

ElSimpleSSLClient

  • Connect to existing FTP/FTPS servers using client-side classes for FTP and FTP-over-SSL (FTPS) protocols
  • Support for explicit and implicit TLS for increased connectivity and compatibility with various servers
  • Compression (MODE Z) support to save bandwidth and speed-up transfer
  • MLSD command support for easy parsing of directory listings
  • Support for files over 4GB easily transfers huge files
  • Custom commands can be sent for better control of server behavior
  • Full scope of file and directory commands defined by the protocol specification (create and delete directories, rename files, etc.)
  • Batch operations - methods for uploading, downloading, and deleting one or several files and directories with one method call
  • Upload and download of any information represented as Streams - disk files, in-memory streams, database records, or any other custom streams
  • Overwrite, resume, append, and skip upload and download modes
  • Transfer resumption and partial transfers
  • Keep-alive during data transfer saves the command channel from being closed by NATs and firewalls during transfer of large files
  • Support for Unicode file names via UTF8
  • Virtual file system support allows you to create and provide access to your virtual file hierarchy in addition to existing file systems
  • Support for FTP proxies and SOCKS and HTTP CONNECT (web tunneling) proxies with various authentication mechanisms
  • Active and passive mode with optional adjustment of the server address in passive mode provide maximum connectivity when the client or server are located behind a firewall
  • Flexible support for client and server-side SSL/TLS authentication during data exchange allows you to deploy the classes to a custom PKI infrastructure
  • Bandwidth control to avoid overloading of slow networks
  • IPv6 and International Domain Names (IDN) support for maximum network connectivity
  • Support for custom DNS servers and DNSSEC for even more security and network stability
  • Port knocking support for advanced security