On Fri, Sep 17, 2010 at 10:40:45AM -0400, Tom Cocagne wrote:
> I've been searching for a way to set up an encrypted SSL connection
> that doesn't require the use of certificates. Ideally, I'd like to use
> SSL + SRP as specified in RFC 5054 but, as that isn't yet commonly
> available, I'd like to fall back to setting up an anonymous but
> encrypted SSL connection over which I'll manually use SRP for
> authentication. The SRP portion I have a pretty good handle on but I'm
> not quite sure about the anonymous SSL portion. I found an anonymous
> diffie-hellman example by Josue Gomes a while back
> (http://www.josuegomes.com/dhsample.php) that seems to do exactly what
> I'd like. However, being anything but a "security guru" I'd appreciate
> it if someone in the know could clarify a few things for me and let me
> know if I'm on the right track.
On the server-side don't configure any certificates, set the
cipherlist to:
aNULL:!eNULL:!LOW:!EXPORT:@STRENGTH
and configure DH parameters (generated once-only and stored
in the file-system).
On the client side, set the same cipherlist.
> The following few lines are the relevant anonymous diffie-hellman
> calls distilled from Josue's client/server example.
>
> Server:
> DH* dh = DH_new();
> DH_generate_parameters_ex(dh, 2, DH_GENERATOR_2, 0);
> DH_check(dh, &codes);
> DH_generate_key(dh);
> SSL_CTX_set_tmp_dh(ctx, dh);
> SSL_CTX_set_cipher_list(ctx, "ADH-AES256-SHA");
This is too expensive to do each time.
> For the most part, this looks pretty straight-forward. I was wondering
> though if the manual DH generation is actually necessary. I was under
> the (mistaken?) impression that the DH keys were automatically
> generated by OpenSSL.
The keys are negotiated, but the prime-group needs to be set by the
server in advance.
Examples, for Postfix in:
http://www.postfix.org/TLS_README.html#server_cipher
If you want do enable EECDH support (OpenSSL 1.0.0 or later), the
server should choose a suitable curve:
http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade
http://www.postfix.org/postconf.5.html#tls_eecdh_strong_curve
The underlying C code looks like:
int nid;
EC_KEY *ecdh;
const char *curve;
if ((nid = OBJ_sn2nid(curve)) == NID_undef) {
msg_warn("unknown curve \"%s\": disabling EECDH support", curve);
return (0);
}
ERR_clear_error();
if ((ecdh = EC_KEY_new_by_curve_name(nid)) == 0
|| SSL_CTX_set_tmp_ecdh(server_ctx, ecdh) == 0) {
msg_warn("unable to use curve \"%s\": disabling EECDH support", curve);
tls_print_errors();
return (0);
}
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
