On Tue, Oct 02, 2007 at 07:16:19PM +0200, Andreas Hellstr?m wrote:
> Thanks for answering. The ADH ciphers is a little above my head right
> now though. ;-)
That means that what you are trying to do is beyond your present ability
to understand, security is about threat models and mitigations, and SSL
is a security toolkit, so you must start with a threat-model and mitigate
the important threats. Encryption without authentication only addresses
those attacks in which the traffic arrives at the right unmolested, but
may have been passively intercepted in transit (wiretap, SIGINT, ...).
The ADH ciphers support certificateless unauthenticated encryption,
plug and play. All you need to do is tell both client and server to
enable anonymous ciphers. If the server software wants a cert anyway,
just give a self-signed cert that it won't end up using. In some cases it
may be possible to tell the server software that there is no cert, and ADH
ciphers are all that's available. Depends on how the server is written.
> As for the approach I'm sketching, I was under the impression that SSL
> could function as easy as that, where the server has got a self-signed
> certificate with a public and secret key, and then whatever client,
> with a certificate on their own, could connect to the server with SSL
> and get an encrypted connection. Am I wrong?
No, you can also give the server a cert, use ciphers that perform
pointless RSA ops to sign the key exchange and then have the client
ignore the signature. This may be easier to configure, but it ADH is
likely more efficient if client/server support configurable cipherlists.
> At the server side I don't care that any client can connect. Whoever
> connects still has to supply a username/password that is matched with
> a back-end database to grant them access to the service.
Fine, but the client does not know that it is disclosing its password
to the right server. When PSK becomes available with 0.9.9, you may want
to consider using it instead.
> As for the client side, all servers will reside within our network,
> and the clients will connect to our IP-numbers (not domain names).
> Either they trust us when we hand them an IP to connect to, or they
> don't.
There are redirection attacks on switched networks that can steal the
server IP. Most security breaches are inside jobs. Yes, the frequency
of attacks from inside is lower than from outside, but the severity is
often higher.
Why do you need SSL anyway? If your network is secure, why encrypt?
If traffic can be diverted, why not authenticate?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
