> The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS > without using certificates. To use these you need to set appropriate DH > parameters on the server side and enable the ciphersuites using an appropriate > cipher string.
> However without some form of authentication the connection is vulnerable to > man in the middle attacks. > Steve. Well, currently i am using certificates that don't have been signed by anyone so they could be generated by anybody. Wouldn't that make them senseless? The certificates i am using for client and server side are generated by openssl(1) and simply exchanged when the client and server handshake. Because neither of the two is signed by a CA, it would enable everybody to create a certificate and masquerade as my server (or client), no? best regards threadhead _______________________________________________________ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
