{"id":50622129,"url":"https://github.com/ayumaxsoft/tlsserversample","last_synced_at":"2026-06-06T13:01:56.418Z","repository":{"id":343488196,"uuid":"1177903583","full_name":"AyumaxSoft/TLSServerSample","owner":"AyumaxSoft","description":"Python TLS TCP/IP echo server sample for ObjectDeliverer users, including OpenSSL certificate generation (CA/server/client), mTLS support, and PacketRuleSizeBody-compatible framing.","archived":false,"fork":false,"pushed_at":"2026-03-10T14:37:12.000Z","size":11,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-10T20:47:42.873Z","etag":null,"topics":["tcp","tcp-server","tls"],"latest_commit_sha":null,"homepage":"https://ayumaxsoft.com/objectdeliverer","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AyumaxSoft.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-10T13:45:21.000Z","updated_at":"2026-03-10T14:40:23.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/AyumaxSoft/TLSServerSample","commit_stats":null,"previous_names":["ayumaxsoft/tlsserversample"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/AyumaxSoft/TLSServerSample","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AyumaxSoft%2FTLSServerSample","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AyumaxSoft%2FTLSServerSample/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AyumaxSoft%2FTLSServerSample/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AyumaxSoft%2FTLSServerSample/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AyumaxSoft","download_url":"https://codeload.github.com/AyumaxSoft/TLSServerSample/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AyumaxSoft%2FTLSServerSample/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33983046,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-06T02:00:07.033Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["tcp","tcp-server","tls"],"created_at":"2026-06-06T13:01:51.926Z","updated_at":"2026-06-06T13:01:56.403Z","avatar_url":"https://github.com/AyumaxSoft.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TLSServerSample\n\nA Python `TLSTCPIPServer` sample that can communicate with ObjectDelivererV2 `TLSClient`.\n\nThis sample provides:\n\n- CA/server certificate generation with OpenSSL\n- Client certificate generation for mTLS with OpenSSL\n- Packet framing compatible with ObjectDeliverer `PacketRuleSizeBody`\n- Echo-back behavior (returns exactly what it receives)\n\n## 1. Prerequisites\n\n- macOS / Linux / Windows (WSL)\n- `python3` (3.9+ recommended)\n- `openssl`\n\nCheck:\n\n```bash\npython3 --version\nopenssl version\n```\n\n## 2. File layout\n\n- `server.py`: TLS + SizeBody + echo-back server\n- `scripts/create_ca_and_server_cert.sh`: Generates CA and server certificates\n- `scripts/create_client_cert.sh`: Generates a client certificate for mTLS\n- `certs/`: Certificate output directory\n\n## 3. Generate certificates\n\n### 3-1. Generate CA + server certificate\n\n```bash\ncd /TLSServerSample\n./scripts/create_ca_and_server_cert.sh ./certs localhost localhost 127.0.0.1\n```\n\nArguments:\n\n1. Output directory (default: `./certs`)\n2. Server certificate CN (default: `localhost`)\n3. SAN DNS name (default: `localhost`)\n4. SAN IP address (default: `127.0.0.1`)\n\nGenerated files (example):\n\n- `./certs/ca.crt.pem`\n- `./certs/ca.key.pem`\n- `./certs/server.crt.pem`\n- `./certs/server.key.pem`\n- `./certs/server.fullchain.pem`\n\n### 3-2. Generate client certificate for mTLS\n\n```bash\ncd /TLSServerSample\n./scripts/create_client_cert.sh ./certs od-client\n```\n\nArguments:\n\n1. Output directory (default: `./certs`)\n2. Client name/CN (default: `od-client`)\n3. CA certificate path (default: `./certs/ca.crt.pem`)\n4. CA private key path (default: `./certs/ca.key.pem`)\n\nGenerated files (example):\n\n- `./certs/od-client.crt.pem`\n- `./certs/od-client.key.pem`\n\n## 4. Start server\n\n### 4-1. Start with mTLS required (recommended)\n\n```bash\ncd /TLSServerSample\npython3 server.py \\\n  --host 0.0.0.0 \\\n  --port 8765 \\\n  --cert ./certs/server.crt.pem \\\n  --key ./certs/server.key.pem \\\n  --ca-cert ./certs/ca.crt.pem \\\n  --client-auth required \\\n  --size-length 4 \\\n  --size-endian big\n```\n\n### 4-2. Start without mTLS\n\n```bash\ncd /TLSServerSample\npython3 server.py \\\n  --host 0.0.0.0 \\\n  --port 8765 \\\n  --cert ./certs/server.crt.pem \\\n  --key ./certs/server.key.pem \\\n  --client-auth none \\\n  --size-length 4 \\\n  --size-endian big\n```\n\n## 5. ObjectDeliverer TLSClient settings\n\nWhen configuring ObjectDeliverer TLSClient, match these values:\n\n1. Connection target\n- Host: Must match server certificate SAN/CN\n- Port: Must match `server.py --port`\n\n2. TLS server verification\n- Set `Trusted CA Certificate` to `./certs/ca.crt.pem`\n- Keep certificate verification enabled\n\n3. mTLS (when server uses `--client-auth required`)\n- Client Certificate: `./certs/od-client.crt.pem`\n- Client Private Key: `./certs/od-client.key.pem`\n\n4. Packet rule\n- Select `PacketRuleSizeBody`\n- `SizeLength`: `4` (or match server value)\n- `SizeBufferEndian`: `Big` (or match server value)\n\n## 6. `PacketRuleSizeBody` compatibility\n\nThis server follows the same framing as ObjectDeliverer `PacketRuleSizeBody`:\n\n- First `SizeLength` bytes: unsigned body size\n- Next N bytes: body payload\n- Endian: `big` or `little`\n\nExample (`SizeLength=4`, `big`, body=`\\x01\\x02\\x03`):\n\n- Sent: `00 00 00 03 01 02 03`\n- Echoed response: `00 00 00 03 01 02 03`\n\n## 7. Main `server.py` options\n\n- `--client-auth`: `none | optional | required` (default: `required`)\n- `--size-length`: `1 | 2 | 3 | 4` (default: `4`)\n- `--size-endian`: `big | little` (default: `big`)\n- `--max-body-size`: Max body bytes per packet (default: 8 MiB)\n- `--min-tls-version`: `1.2 | 1.3` (default: `1.2`)\n\nHelp:\n\n```bash\npython3 server.py --help\n```\n\n## 8. Connectivity check (OpenSSL)\n\n### 8-1. Connect to server requiring mTLS\n\n```bash\nopenssl s_client \\\n  -connect 127.0.0.1:8765 \\\n  -CAfile ./certs/ca.crt.pem \\\n  -cert ./certs/od-client.crt.pem \\\n  -key ./certs/od-client.key.pem\n```\n\n### 8-2. Common errors\n\n- `TLS handshake failed`\n  - Confirm `--ca-cert` matches the CA that issued the client certificate\n  - Confirm client certificate/key pair is correct\n- `certificate verify failed`\n  - Confirm ObjectDeliverer host value matches cert SAN/CN\n  - Confirm `Trusted CA Certificate` points to `ca.crt.pem`\n- `body too large`\n  - Increase `--max-body-size` if needed\n\n## 9. Security notes\n\n- `ca.key.pem` is sensitive. Do not expose it.\n- For production, use proper certificate lifecycle management and rotation.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fayumaxsoft%2Ftlsserversample","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fayumaxsoft%2Ftlsserversample","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fayumaxsoft%2Ftlsserversample/lists"}