Hello, [EMAIL PROTECTED] wrote on 05/07/2008 12:51:21 PM:
> > > The application I am developing requires HTTP over SSL connection > > and hence I am using OpenSSL for SSL support . But Using OpenSSL > > with all the cryptographic libraries included increases the size of > > my app heavily . To deal with that , I want to build a OpenSSL > > library with NULL encryption ( No Crypto Support at all ) so that the > > size comes down fairly . My application uses OpenSSL for SSL handshake > > and I/O only with no encryption/decryption needed at all for data > > transfer . > > You can certainly disable algorithms you don't really need. You can > eliminate elliptic curve, RC5, MDC2, IDEA, SSLv2, SHA0, blowfish, and > probably quite a few others. But I'm not sure I understand (or that you > understand) what you're really asking for. SSL is a security protocol, and > if you take away the encryption, what do you think is left? > > Without crypto support, how is the SSL handshake going to work? The SSL > handhake is largely a succession of cryptographic operations. For example, > one of the steps of the SSL handshake requires the server to decrypt the > pre-master secret, which the client encrypts with the server's public key. > If the server cannot decrypt this because it has no encryption libraries, > how can it prove that it is the owner of its certificate? And if it can't do > that, why would the client continue talking to it? > > What do you think is left if you subtract all encryption operations from > SSL? Authentication doesn't work without encryption. It's no use to make > absolutely sure you are talking to www.securesite.com if the subsequent data > is sent in the clear (because a man-in-the-middle could change it). > > I would love to see the requirements that require SSL but do not require any > actual security. > > What do you think "basic SSL" is? Protocol only, cryptographic algorithms may come from other source. You may use some other library (gmp for RSA or IPP for RSA/EC/AES) ... You may use your customer crypto library ... You may use some crypto hardware ... In this case you do not need any software algorithms which comes with OpenSSL. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
