> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm > Sent: Wednesday, 19 October, 2011 06:04
> On 10/19/2011 6:10 AM, Mohan Radhakrishnan wrote: > > > > Hi, > > > > Is there any material available that shows flows of one-way/two-ssl > > and different types of CA architectures ? We use two-way SSL and > > generate CSR's and update expired certificates and we are aware of the > > basic points. > > > I am not sure what you mean by "one-way" SSL. > In context I'm sure he means server (only) authentication versus server and client authentication, which is commonly called just client auth or client cert since to users that is the visible difference. (There are suites with no auth at all -- A[EC]DH, KRB5, PSK -- but they are rarely used.) The TLS RFCs (2246, 4346, 5246) show the maximal message flow, with description of which messages are omitted (or varied) in various cases. I don't know anything that lays out all the cases separately. 4158 describes and pictures several possible CA architectures, although some of them are IMHO not very practical. > SSL does not deal with CSRs at all, those are used for CA operations > and obtaining certificates, <snip> > SSL/TLS the protocol does not, but OpenSSL does. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
