Enable SSL connections#

This guide describes how to a SSL-enabled secure Flower server can be started and how a Flower client can establish a secure connections to it.

A complete code example demonstrating a secure connection can be found here.

The code example comes with a README.md file which will explain how to start it. Although it is already SSL-enabled, it might be less descriptive on how. Stick to this guide for a deeper introduction to the topic.


Using SSL-enabled connections requires certificates to be passed to the server and client. For the purpose of this guide we are going to generate self-signed certificates. As this can become quite complex we are going to ask you to run the script in examples/advanced-tensorflow/certificates/generate.sh

with the following command sequence:

cd examples/advanced-tensorflow/certificates

This will generate the certificates in examples/advanced-tensorflow/.cache/certificates.

The approach how the SSL certificates are generated in this example can serve as an inspiration and starting point but should not be taken as complete for production environments. Please refer to other sources regarding the issue of correctly generating certificates for production environments.

In case you are a researcher you might be just fine using the self-signed certificates generated using the scripts which are part of this guide.


We are now going to show how to write a sever which uses the previously generated scripts.

from pathlib import Path
import flwr as fl

# Start server

When providing certificates, the server expects a tuple of three certificates. Path can be used to easily read the contents of those files into byte strings, which is the data type start_server expects.


We are now going to show how to write a client which uses the previously generated scripts:

from pathlib import Path
import flwr as fl

# Define client somewhere
client = MyFlowerClient()

# Start client

When setting root_certificates, the client expects the PEM-encoded root certificates as a byte string. We are again using Path to simplify reading those as byte strings.


You should now have learned how to generate self-signed certificates using the given script, start a SSL-enabled server, and have a client establish a secure connection to it.

Additional resources#

These additional sources might be relevant if you would like to dive deeper into the topic of certificates: