Products > Networking & Wireless
HTTP to HTTPS conversion device?
AlbertL:
I have a programmable logic controller at a remote site that's pushing data to a server via HTTP at 5-second intervals, but I'd like to move to HTTPS. The PLC has TLS capability so it can do HTTPS, but it doesn't have a specialized encryption processor so the handshake is very slow - in the range of 8-15 seconds to establish a connection.
So I'm wondering: does anyone make a fast, transparent converter that would accept HTTP messages from the PLC, forward them to the server via HTTPS, and pass the response back to the PLC as HTTP? I think what I want is a "TLS termination proxy", but in a stand-alone hardware package.
madires:
RasPi + squid + script to rewrite the URL
pqass:
stunnel is available for various Linux, FreeBSD, others:
https://www.elastic.co/guide/en/cloud/current/ec-tunneling-ssl.html
https://blog.thesysadmins.co.uk/using-stunnel-to-encrypt-unsecure-connections.html
https://www.stunnel.org/
https://www.freebsd.org/cgi/ports.cgi?query=stunnel&stype=all
From the man page: https://www.stunnel.org/static/stunnel.html
PLC connects to stunnel gateway, gateway calls HTTPS service.
In the example below, in on 143 out to servername:993
--- Quote ---In order to let your local e-mail client connect to a TLS-enabled imapd service on another server, configure the e-mail client to connect to localhost on port 119143 and use:
[imap]
client = yes
accept = 143
connect = servername:993
--- End quote ---
AlbertL:
--- Quote from: madires on December 22, 2021, 06:30:45 pm ---RasPi + squid + script to rewrite the URL
--- End quote ---
Thanks - that's an interesting approach. Do you have any feel for the speed of TLS in that environment? As I mentioned, sending HTTPS message from my PLC takes about 8-15 seconds; that's to open the TCP connection, do the TLS handshaking and send < 1KB of data. I'd want to get that under 5 seconds.
madires:
Less than 5 seconds shouldn't be any problem.
Navigation
[0] Message Index
[#] Next page
Go to full version