> The > "enclair" > option is intended to disable crypto negotiation so certificates are not > required and traffic in sent en clair.
Please verify with a TLS wizard that you can do what you are describing with OpenSSL. I've poked around a bit and don't know how to do that. I think you get an error if client/server can't find a matching crypto algorithm. I don't know how to say no-crypto. It sounds like the sort of operational bug-attractor that you would like to stamp out. It's easy to setup a junk self-signed certificate for the server. We could ship one to enable testing -- or waf could generate one on the fly. I don't know if the server can run without a certificate. Seems like a reasonable request, but a quick search found several questions without any answer. It's easy for the client to not check the certificate. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
