ssl server client programming using openssl in c

ssl client server example in c

The Internet is like a sea, it’s open a lot of opportunity for the new world. There are a lot of company, which depends on the internet. The Internet reduces the workload and time of the people.

Now day’s people do not use the conventional way to send the information from one place to another place but using the internet they are sending the information.Previously people used the cash money for purchasing but nowadays they are using the internet for the purchasing.

So to making all the thing secure which are transferring over the network, introduce a protocol SSL/TLS. It creates a secure connection between the client and server.

What is SSL?

An SSL (Secure Sockets Layer) is the standard security protocol used to establish an encrypted connection between a server and a client. After the establish the connection SSL/TLS ensures that the data transmitted between server and client are secured and intact.

SSL is used by many application and banking website to make the data private and secure. It provides the security in the transmission of sensitive data like credit/debit card number, user login name, and password.

Note: A Good book for SSL/TLS , Implementing SSL / TLS Using Cryptography and PKI

Working of SSL

SSL is designed to exchange the sensitive data over the network using some secure algorithms and prevent from another program that wants to access the private data from the network connection.

SSL uses asymmetric encryption algorithms to secure the transmission of data. These algorithms use the pair of keys (public and private). The public key is freely available and known for anybody. The private key is only known by the server or the client.In SSL data encrypted by the public key can only decrypt by the private key and the data encrypted by the private key can only decrypt by the public key.

In the SSL communication, the client starts the connection from the first hello (SSL) message.This hello message starts the negotiation and performs the handshaking between server and client. After the completing the handshaking if the everything is fine then generate a secured key for the current connection.Server and client have used this secret key in data exchanging.

SSL handshake flow

The SSL handshake is an authentication process. In which server and client authenticate to each other using a certificate.
This certificate is generated by the user own self with the help of OpenSSL commands or it is provided by a third party (certificate authority).

Below I am describing some steps which described the handshaking between the server and client.


  • In the beginning of the communication, SSL/TLS client sends a “client_hello” message to the server. This message contains all the cryptographic information which is supported by the client, like highest protocol version of SSL/TLS, encryption algorithm lists (in the client’s order of preference), data compression method, resume session identifier and randomly generated data (which will be used in symmetric key generation).
  • The SSL/TLS server responds with a “server_hello” message to give all the things which are required to establish a connection like protocol version used, data compression algorithms and encryption method selected, assigned session id and random data (which will be used in symmetric key generation).
  • The server sends a certificate to the client and also insert a request message for the client certificate because server required the client certificate for the mutual authentication.
  • The SSL or TLS client verifies the server’s digital certificate. For more information, see How SSL and TLS provide identification, authentication, confidentiality, and integrity.
  • If the SSL or TLS server sent a “client certificate request”, the client sends a random byte string encrypted with the client’s private key, together with the client’s digital certificate, or a “no digital certificate alert”. This alert is only a warning, but with some implementations, the handshake fails if client authentication is mandatory.
  • The SSL or TLS client sends the randomly generated data that enables both the client and the server to compute the secret key to be used for encrypting subsequent message data. The randomly generated data itself is encrypted with the server’s public key.
  • The SSL or TLS server verifies the client’s certificate.
  • The SSL or TLS client sends the server a “finished” message, which is encrypted with the secret key, indicating that the client part of the handshake is complete.
  • The SSL or TLS server sends the client a “finished” message, which is encrypted with the secret key, indicating that the server part of the handshake is complete.
  • For the duration of the SSL or TLS session, the server and client can now exchange messages that are symmetrically encrypted with the shared secret key.


If you want to learn more about the TCP/IP, here 10 Free days (up to 200 minutes) TCP/IP video course for you.

Example of secure server-client program using OpenSSL in C

In this example code, we will create a secure connection between client and server using the TLS1.2 protocol. In this communication, the client sends an XML request to the server which contains the username and password.

The server verifies the XML request, if it is valid then it sends a proper XML response to the client either give a message of Invalid Request.

Install the OpenSSL library, for the ubuntu use the below command.

sudo apt-get install libssldev

Before compiling the client and server program you will need a Certificate. You can generate your own certificate using the below command.

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

Note: Here certificate name is mycert.pem.

Example Client code for TLS1.2 communication

Compile the Client : gcc -Wall -o client  Client.c -L/usr/lib -lssl -lcrypto
Run :   ./client <host_name> <port_number>

Example Server code for TLS1.2 communication

Compile the Server : gcc -Wall -o server Server.c -L/usr/lib -lssl -lcrypto
Run : sudo ./server <portnum>

How to run client server program?

Server run first, using the below command we will run the server and wait for the client request.

sudo ./server  8081

Note: In above command 8081 is the port number.

After that, we will run client using the below command and send the XML request.

./client 8081

Note: In above command, is the local host IP and 8081 is the port number.

If the client sends a valid request as per the server then server give a proper response.

Client XML Request:

Server Response:

If the client sends an invalid request to the server then server give a response to an “Invalid message”.

Client XML Request:

Server Response:

“Invalid Message”



  1. The servers is displaying No certificates. SSL_get_peer_certificates only returns a certificate on the server side if the client has send a certificate. But the code does not request a client certificate which means that the client will not send one. How do we fix this?

  2. Just for clarification: you need to generate or obtain your own certificates if you want the server to succeed.

  3. OK, I went ahead and did this. There’s some very minor errors in the code, but they were all in the strings. I cleaned it up and checked it into github – if anybody would like it.

    Also, to the original author, if you want me to remove this from github, let me know, and I will. That’s just a site for me to access code I’ve been repeatedly rewriting over time – well, some of it.

  4. Proxy is an entirely different thing to deal with. If you’re just trying to grab a webpage with a command line tool, use wget. I believe that will handle it.

  5. Hi Amlendra…, nice article…, but mutual certification not done here…, can you give client certification code. code does not request a client certificate which means that the client will not send one. How do we fix this?

  6. sir please help me ssl mongoose websocket. I have tried with cesnta example its not working for me. wss is not handshake done. do you have any worked code with mongoose pls send to me.

  7. Request/verify of a client cert is controlled by mode settings in the SSL_CTX.
    (ref – ). Probably inInitServerCTX() you want to add something like:

    int mode = SSL_VERIFY_PEER |

    SSL_CTX_set_verify( ctx, mode, NULL);
    return ctx;

    (no, I haven’t complied/tested the above, but you get the idea).
    The above page also includes a sample verification routine (replaces NULL above), which seems to be the right place to go pawing through any certificate that the client presents.

  8. Why do you call the message and reply XML? If anything it is very badly formed XML. Well formed XML has open and close tags. value…

    Otherwise I like the ssl code. Thx

Leave a Reply