On 2009.10.20 at 16:50:59 +0530, Deepak Mundra wrote: > Dear All, > > ══════ I have written a server client application in which im using self > signed ssl certificates .. How can i make sure that only known clients can > connect to my server using ssl connection?
There is three answers to this question. Which is right, depends on what you mean under "connect". If "connect" means "be able to interact using some application protocol over SSL", that simple password-protection on the application protocol level is enough. If your clients have your selfsigned certificate (but better to have separate CA and server certificates) in their trusted certificate store, they are sure that they connect to correct server. So, they can trust that their passwords would not be intercepted by some malicious third party. If your protocol doesn't contain means to verify user identity (such as login with password), "connect" does probably mean "be able to successfully complete SSL handshake" In this case you should use client certificates. This means that you have to create minimal CA to issue these certificate. You'll distribute certificate of this CA to clients to put in their trusted certificate store. Than clients would generate certificate requests (and keep corresponding secret keys really secret) and you will issue certificates. Of course, server certificate shouldn't be selfsigned. You have CA certificate to sign it with. Then you'll configure your server app to require client certificate. and allow only clients which provide certificate signed by your CA in. (this is done by having separate trusted certificate store for this app, containing only your CA certificate and CRL). Note that you really need CRL check in this setup. Because client can loose his secret key, and you need way to quickly disable ability of thief to log in with stolen key and certificate. Third meaning of "connect" is "able to initiate SSL handshake at all" I have seen only one application which have this kind of protection - openvpn. Its authors thinks that SSL handshake is resource consuming and it is possible to launch DoS attact to the server by doing many connects with wrong certificates or passwords, that would fail, but consume some server resources to detect wrong client. So they provide symmetric keys to do MAC authentication on handshake messages. It means that only clients which have this symmetric key can even start TLS handshake. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
