On Fri, Dec 30, 2005, Kyle Hamilton wrote: > Is there a way to do an ephemeral (i.e., unauthenticated) encryption > channel before transmitting whatever certificates are to be used for > authentication? I tend to look at certificate disclosure as an > "information leakage" issue, that gives Eve more information than she > really has any business having. Mallory, of course, can accept an > incoming request, then get the certificate of the one connecting... > but that is prima facie evidence of a much more malicious intent than > a simple eavesdropper. (A network administrator can capture traffic > on a network for troubleshooting purposes -- and thus, put him/herself > into the role of Eve. It would take a truly malicious intent to > intercept the connection attempt.) > > More specifically, is there a way to do this in OpenSSL? :) >
Yes, you start with an unauthenticated ciphersuite (for example anon-DH) and then renegotiate the session. The initial handshake is sent in the clear, the second one would use the existing ciphersuite. That wont thwart a man in the middle attack on the initial anon-DH session though which would reveal the second handshake data. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
