I need to implement secure data transfer from client to server (binary data). I’m looking for the solution that doesn’t require clients to configure firewall exceptions.
Obvious choice is HTTPS. Most firewalls allow outgoing HTTPS by default. There’re two issues with HTTPS:
-
I don’t want to implement HTTPS (even the simplest possible version) because I don’t need its complexity. Simple custom secure binary protocol would be enough.
-
I’d like to avoid overhead of base64 encoding required for binary data to be put into HTTP POST message (please correct me if I’m wrong). Client runs on weak hardware (embedded system).
Now, my assumptions. Since HTTPS is encrypted (by definition), firewall cannot parse it or check if data is base64 encoded. This means I can use my custom TCP secured protocol using HTTPS port (443) to imitate HTTPS and firewall won’t be able to distinguish it from HTTPS. Please confirm or explain what’s my mistake.
IMO a firewall is not really a good firewall, unless the “default” configuration is to deny everything in/out (for instance, this is what a Juniper SRX and Cisco ASA do by default). The most common firewall configurations typically allow HTTPS through.
As for building your own custom protocol, please for the love of pizza (and your own sanity) use one of the many standardized file transfer protocols that already exist… the choices are wide open, such as
ftp,rsync,http(see below),scp, andsftp.Two things you need to think about…