Request for Comments: SSL between Login Server, World and Zone

froglok23 · #1 09-02-2007, 05:03 AM

Hi all,

I had this idea and would like to request comments on it.

Firstly, Is this possible? Will this effect communication between the Client and the server? If someone how knows this could give some feedback on this subject it would help a lot.

Why would this be worthy of implementation? Well same reason SSL has been implemented in other software packages? Increased security and such.

I could list an extensive list of Reasons, but in short, the general consensus is the SSL = GOOD. I’m all open for well thought out comments and feedback.

Push comes to shove, I’m more than happy to offer my services in helping get this into the code base.

More information about TLS and SSL can be found at http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Also, What do people think of making this a configurable option, either to have it enabled or disabled depending on how you feel?

- froglok

John Adams · #2 09-02-2007, 01:43 PM

Again, another not-so well thought out response from me, but here's my feedback. Anytime you add encryption to a datastream you are definitely going to slow it down (encryption, right?) While I am all for tightening security holes in the current emu, I am not sure SSL is the solution. Maybe to prevent packet gobblers.

Tell me this, would a server admin need to register their server with a CA, apply for an SSL cert that expires, then apply it to their server - then, all clients expecting to connect have to install the cert as well?

We're using a cert @ enbemulator now, and it has been a super gigantic nightmare for most "common" players to get it set up. Just some thoughts.

froglok23 · #3 09-02-2007, 07:56 PM

Quote:

Tell me this, would a server admin need to register their server with a CA, apply for an SSL cert that expires, then apply it to their server

To answer this, it’s going to be a multi-part response

Quote:

would a server admin need to register their server with a CA, apply for an SSL cert that expires, then apply it to their server

First impression, "Yes". But with a "but". I’d be willing to Host a Certificate Authority people could submit their server cert requests to an issue them free of charge for a period of say, 10 years or something like that.

We could have it as ca.eqemulator.net or something simular

Quote:

then, all clients expecting to connect have to install the cert as well?

I do not believe so, as this would not affect the client to my understanding, its intended use would just be for World<->Zone communication and possibly Login Server<->World. This will need clarification from someone who more experienced in the communication between EQClient and EQEmu.

Granted, adding an extra process to the DataStream will slow it down, but if implemented correctly, it’s not even noticeable, think of https. (From my experiences).

This wouldn’t solve our security flaws, but it would be a good step in the right direction.

Also, we could make this a configurable option to have or not have, do depending on how the server admin feels at the time, they have the option to enable or disable SSL/TLS communications between EQEmu components.

- froglok

**TheLieka** · #4 09-03-2007, 12:37 AM

Quote:

Originally Posted by froglok23

To answer this, it’s going to be a multi-part response

First impression, "Yes". But with a "but". I’d be willing to Host a Certificate Authority people could submit their server cert requests to an issue them free of charge for a period of say, 10 years or something like that.

We could have it as ca.eqemulator.net or something simular

I do not believe so, as this would not affect the client to my understanding, its intended use would just be for World<->Zone communication and possibly Login Server<->World. This will need clarification from someone who more experienced in the communication between EQClient and EQEmu.

Granted, adding an extra process to the DataStream will slow it down, but if implemented correctly, it’s not even noticeable, think of https. (From my experiences).

This wouldn’t solve our security flaws, but it would be a good step in the right direction.

Also, we could make this a configurable option to have or not have, do depending on how the server admin feels at the time, they have the option to enable or disable SSL/TLS communications between EQEmu components.

- froglok

SSL can be used for a ton of stuff, but in order to implement this, you'd have to be able to talk to someone with access to the login server source. I don't think the odds of that happening are very high.

Dax

Theeper · #5 09-04-2007, 09:58 AM

Or, rewrite the LS :p~

I don't think adding SSL to the emu would be practical. The overhead would be astronomical for a game like this. Although if you did, you could use a self signed cert, you don't need to pay for one.

If you're only talking about using it for the LS to communicate with world, what's the point ?

Darkonig · #6 09-04-2007, 11:26 AM

The login server uses UDP as the transport protocol. SSL requires you to be using TCP so it cannot be used with the login server.

The login server cannot be changed to use TCP instead without changing the client, which is clearly not an option.

I fail to see any practical reasons for adding something like SSL into the mix. The client already encrypts the login credentials sent to the login server. That is what keeps almost everyone from just writing their own login server for lan use.

froglok23 · #7 09-04-2007, 02:07 PM

Ok Fair enough abotu the Login Server using UDP and not TCP.

But fo communicaiton between world and zone, certianly SSL coudl be used there.

-froglok

froglok23 · #8 09-04-2007, 02:10 PM

Quote:

Originally Posted by Theeper

Or, rewrite the LS :p~

I don't think adding SSL to the emu would be practical. The overhead would be astronomical for a game like this. Although if you did, you could use a self signed cert, you don't need to pay for one.

If you're only talking about using it for the LS to communicate with world, what's the point ?

What about communication between world and zone?

To be, having SSL between these communcation channels, if possible would certianly be worth it.

- froglok

RangerDown · #9 09-04-2007, 03:20 PM

If you're going to talk to the client, you're at the mercy of what the client does or does not support. To the best of my knowledge, the client does not support SSL either at the login or in world/zone communication.

froglok23 · #10 09-04-2007, 03:24 PM

Agreed, anywhere client <-> server communication takes place, SSL is not possible at all.

- froglok

**WildcardX** · #11 09-04-2007, 08:50 PM

There is really no reason to implement SSL between world and zone. And generally speaking, implementing SSL on a game server is expensive in terms of performance. I just can't see a legitimate reason to do this.

Theeper · #12 09-05-2007, 01:52 AM

I'm not sure there is any reason to encrypt anything. If you can't encrypt all the traffic, why encrypt any ? I assume this is why the LS code isn't public. I may be wrong but I am guessing the LS uses an MD5 hash or something similar to validate users and push them to world. I should sniff that traffic and see, maybe it's plain text.

Breea · #13 09-05-2007, 11:27 PM

On a very beefy server 50 users can really get the load and juices flowing. Adding SSL would ultimately raise that load, and slow the connection speed to the server (more lag). I do agree that SSL is great if you want a secure server but the fact is, if you get any heavy traffic SSL is not an option.

So basically SSL=Secure but also is very SLOW and has a big footprint in the servers load.

oldlurker · #14 09-06-2007, 03:29 AM

I too do not see the benefit in SSL. SSL is good if you want to be sure that there is no man in the middle attack and no one can snoop your passwords or other vital data out of the stream.
But as I already mentioned in another thread it would be great if the world server would ignore connections to Port 9000/UDP as long as the LS does not message it is an legit connection attempt. Something similar goes for the zone servers.