I'm working on open source software which uses client/server for communication. The problem is that I must use some kind of encryption in order to protect the data which will be transmitted over the network.
So I decided to use OpenSSL library.
And now I have two options:
1. To use SSL which is not high performance and it's more difficult to implement multi-threaded server.
2. To use symmetric encryption - OpenSSL with Blowfish cipher: First to encrypt the data and send it via sockets over the network and then to decrypt it using the key again. It's not considered safe by the openssl mailing list users. It will be easy to implement multi-threaded server.
Why the hell it's not considered safe?
What's the difference (except SSL authorization from authority but that's another thing)? Just make your encryption key aside in a file like SSH does.
Both of the SSL and the inprotocol encryption are anti man-in-the-middle attack, and they can't jump "higher".
██ServerAstra.com website / e-mail: info @ serverastra.com
██ HU/EU Co-Location / Managed and Unmanaged VDS & Dedicated servers in Hungary with unmetered connections