Monkey Server v1.6


Monkey supports Secure Socket Layers (SSL) and TLS through the mbedTLS library, our TLS plugin provides Network I/O on top of that library.


Starting from Monkey v1.6, we distribute the mbedTLS library as part of our sources, but that dependency is just build if you enable the TLS plugin. The library will be linked statically.

If for some reason you want to use a different mbedTLS library , you can use the optional --mbedtls-shared configure script option for that purpose or it equivalent -DWITH_MBEDTLS_SHARED=1 CMake option.


Enable TLS support in Monkey is a straightforward step, you only need to tell Monkey to include the TLS plugin in the build phase:

$ ./configure --enable-plugins=tls
$ make

In case you want to build your own mbedTLS library and keep it on a different path, please refer to the following steps:

$ wget wget
$ tar xvzf mbedtls-2.*

By default only the static library version is built, but we need the shared library. To start configuring and building do:

$ cd mbedtls-2.*
$ make
$ make install

then let Monkey use that shared library version:

$ ./configure --enable-plugins=tls --mbedtls-shared
$ make

Enable Plugin

If the plugin have not been built in static mode (check with '$ monkey -b'), you can enable the TLS plugin through the follow the steps mentioned on Plugins section. The plugin name is, so make sure the plugin entry is Load and the absolute path is correct.


As specified on the Server configuration section, the Listeners are the ones who use this plugin interface. To enable SSL/TLS on a listener just append the ssl keyword at the end of the Listener definition. This is an example from conf/monkey.conf:

    Listen 443 ssl

With that setup, we have instructed that the Listener on TCP port 443 will use our TLS plugin that provides ssl capabilities.

Configuring Certificates

You may also want to edit the TLS plugin settings to use your own certificate files. The configuration file is located at conf/plugins/tls/tls.conf. The default options are given below.

    CertificateFile      srv_cert.pem
    CertificateChainFile srv_cert_chain.pem
    RSAKeyFile           rsa_key.pem
    DHParameterFile      dhparam.pem

The minimum requirement to make HTTPS works is to set CertificateFile and RSAKeyFile, but for development purposes no changed are needed as built-in cert files may be used instead. Setting CertificateChainFile is recommended to speed up the handshake process.

Generate your own certificates

The mandatory certificate and RSA key can be generated with the following command using the OpenSSL tool:

$ openssl genrsa -out rsa_key.pem 1024
$ openssl req -new -x509 -key rsa_key.pem -out srv_cert.pem -days 1095

To generate a file with Diffie-Hellman parameters you can run:

$ openssl dhparam -out dhparam.pem 2048

Running the server

Monkey is now able to serve content over SSL. Add your files to the DocumentRoot and start the Monkey!.

$ bin/monkey