On Thursday 20 November 2008 15:05:50 Victor Duchovni wrote: > On Thu, Nov 20, 2008 at 08:56:04AM +0000, Mark Watts wrote: > > I did wonder what the difference between ADH-AES256-SHA and AES256-SHA > > was. Both still result in an encrypted connection though, right? > > $ openssl ciphers -v ADH-AES256-SHA:AES256-SHA > ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) > Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) > Mac=SHA1 > > It would be to call a cipher suite an AES256 cipher-suite if no encryption > took place. Both if the above SSLv3 (thus also TLS 1.x) cipher-suites > use AES256 for data encryption, and SHA1 for message integrity. > > "Encryption" is not a synonym for "security", when SSL is used to encrypt, > but not to authenticate, you are protected from passive-eavedropping > (wiretap) attacks, but not from active man-in-the-middle attacks. If you > want to know the the peer on the other end of the encrypted channel is > the one you intended to communicate with, you need to authenticate that > peer, which is where certificate checks enter the discussion.
Indeed - this is next on my list of things to investigate. > The first cipher has no authentication mechanism in the SSL handshake, > so you get encryption only, no authentication. The second cipher makes > authentication "possible", but you can still (and typically do) ignore the > peer certificate. So in practice the two ciphers offer the same security, > provided you are not going to reject unauthenticated connections when > sending email to the domain in question. Do people typically use SASL authentication insted of certificate checking? On the remote server I have control over, I've configured SASL + TLS on the submission port, and TLS is optional on port 25 for Internet clients. Does adding (client) certificates add anything in this case? Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part.
