On Thu, Nov 20, 2008 at 08:56:04AM +0000, Mark Watts wrote:
> I did wonder what the difference between ADH-AES256-SHA and AES256-SHA was.
> Both still result in an encrypted connection though, right?
$ openssl ciphers -v ADH-AES256-SHA:AES256-SHA
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
It would be to call a cipher suite an AES256 cipher-suite if no encryption
took place. Both if the above SSLv3 (thus also TLS 1.x) cipher-suites
use AES256 for data encryption, and SHA1 for message integrity.
"Encryption" is not a synonym for "security", when SSL is used to encrypt,
but not to authenticate, you are protected from passive-eavedropping
(wiretap) attacks, but not from active man-in-the-middle attacks. If you
want to know the the peer on the other end of the encrypted channel is
the one you intended to communicate with, you need to authenticate that
peer, which is where certificate checks enter the discussion.
The first cipher has no authentication mechanism in the SSL handshake,
so you get encryption only, no authentication. The second cipher makes
authentication "possible", but you can still (and typically do) ignore the
peer certificate. So in practice the two ciphers offer the same security,
provided you are not going to reject unauthenticated connections when
sending email to the domain in question.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
