> On Aug 19, 2018, at 8:41 AM, Kurt Roeckx wrote:
>
>> Does anyone know some examples of applications using
>> ADH ciphersuites for TLS connections in production
>> environment?
>
> At least postfix can use it for SMTP.
And prefers it by default with opportun
On 19/08/2018 14:36, Anton wrote:
Hello
Does anyone know some examples of applications using
ADH ciphersuites for TLS connections in production
environment?
I know it is vulnerable to MITM, but it still can
be useful, for example if communicating devices do
not store state data for
On Sun, Aug 19, 2018 at 02:36:30PM +0200, Anton wrote:
> Hello
>
> Does anyone know some examples of applications using
> ADH ciphersuites for TLS connections in production
> environment?
At least postfix can use it for SMTP.
Kurt
--
openssl-users mailing list
To uns
Hello
Does anyone know some examples of applications using
ADH ciphersuites for TLS connections in production
environment?
I know it is vulnerable to MITM, but it still can
be useful, for example if communicating devices do
not store state data for authentication (unique
certificate per instance
>> Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the
>> trick, but as far as I understand, it switches off some other cipher checks.
>> What's the recommended way of allowing ADH?
>For now just @SECLEVEL=0. There's not yet a more fine-graine
> On Apr 12, 2018, at 7:12 AM, Frykenvall, Per wrote:
>
> Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the
> trick, but as far as I understand, it switches off some other cipher checks.
> What's the recommended way of allowing ADH?
For now just @
other checks of the default
callback.
Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the trick,
but as far as I understand, it switches off some other cipher checks. What's
the recommended way of allowing ADH?
Best regards,
Per
--
openssl-users mailing list
To unsu
I understand why nobody gave an answer to this question, because the crucial
hint was missing:
I am using the GLib GSocketService for handling incoming connections. The GLib
uses non-blocking
sockets under the hood which I was not aware of. Especially the
g_socket_set_blocking() function
does n
Hi,
I recently tried to refactor the TLS related code of my server
application and wanted to use a SSL-BIO instead of performing all
SSL-read/-write-operations by hand. As cipher suite I use
ADH-AES256-SHA, because no authentication of the peers is needed and a
man-in-the-middle-attack is highly
The declaration of "EXP-ADH-DES-CBC-SHA" in s3_lib.c (OpenSSL 0.9.6m,
0.9.7m, 0.9.7n, 1.0.0) seems to suggest that this cipher has a 128-bit key
/* Cipher 19 */
{
1,
SSL3_TXT_ADH_DES_40_CBC_SHA,
SSL3_CK_ADH_DES_40_CBC_SHA,
SSL_kEDH,
Hi,
I have a question on ADH and ECDH. Is ADH and ECDH same in terms of
algorithms used for key exchange? Can't we skip authentication for
ECDH just like how we do for ADH in case if the algorithms are
different ?
Than
Hi,
For a research project I'm pursuing, I want to use OpenSSL with
ADH-DES-CBC3-SHA (TLSv1). This means I want to use neither a server-side
nor a client-side certificate; and the pre-master secret shall be
established via Diffie-Hellman key exchange.
From my experience so far, the cu
Hi,
How exacly ADH implementation in OpenSSL works?
What for exacly do I need templorary keys?
Is it requiered that templorary keys for client and server are same to estabilish ssl
connection?
I will be more than happy for any pointers to docs where it is explained.
Rihards
Hansabankas
responsibility :-)
G.
Dr S N Henson <[EMAIL PROTECTED]> on 08/12/2000 17:18:49
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:(bcc: George Shaw/EMEA/Viewlocity)
Subject: Re: ADH + certs on same SSLCTX ??
Gregory Nicholls wrote:
>
> Hiya,
>
ight if it's an anon-DH cipher. I'd appreciate
> someone either confirming I'm on the right track or lifting me bodily
> and dumping me where I should be.
All you need to do is to enable the ADH ciphers by specifying an
appropriate cipher which includes ADH along with the authentic
Hiya,
Quick one for those in the know. Can I use both verified
certificates and anon-DH sessions with the same SSLCTX ???. I'm
guessing that I have to check the cipher whilst in the callback function
and give the green light if it's an anon-DH cipher. I'd appreciate
someone either
Ah excellent.
Thank you.
G.
Lutz Jaenicke wrote:
> On Wed, Sep 06, 2000 at 01:33:50PM -0400, Gregory Nicholls wrote:
> > I'm using ssl0.9.5a on Winnt. I ran openssl ciphers -v to look for a list that
> > would use ADH. All the ciphers came up with an a
On Wed, Sep 06, 2000 at 01:33:50PM -0400, Gregory Nicholls wrote:
> I'm using ssl0.9.5a on Winnt. I ran openssl ciphers -v to look for a list that
> would use ADH. All the ciphers came up with an authentication scheme, either RSA or
> DSS. Have I missed something ??
Yes. ADH c
did you compile the libraries allowing ADH? I believe prior to 0.9.5 this was
not enabled by default. Check the top level makefile.
Andrew
__
OpenSSL Project http://www.openssl.org
User Support
> to work. I see that it works between s_server (with nocert option) and s_client.
> I'm using openssl v0.9.4.
OpenSSL 0.9.4 is by default compiled without ADH ciphers, so it is not possible
to activate them by just adding them to the cipher list.
If you really want them (do you really w
etween s_server (with nocert option) and s_client.
> I'm using openssl v0.9.4.
>
Try 0.9.5. In previous versions ADH was explicitly disabled unless you
compiled the library with SSL_ALLOW_ADH.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [E
ption) and s_client. I'm using openssl v0.9.4.
ADH cipher suites cannot provide you a secure channel. If you use
ADH then you must perform some kind of authentication after the
connection is established that verifies that there is no man in the
middle attack. This can be done using
I'm using openssl v0.9.4.
The SSL calls are as follows:
SSLeay_add_ssl_algorithms();
SSL_load_error_strings();
method = SSLv3_server_method();
ctx = SSL_CTX_new(method);
dh = PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
SSL_CTX_set_tmp_dh(ctx,dh);
DH_free(dh);
SSL_CTX_set_cipher_list(ctx,&
not going to be so easy to do.
> We would need a separate checkum format for ADH, EDH, and RSA key
> generation techniques. Correct?
You could use the data that is used for the Finished message -- it
includes a hash of the whole handshake and thus has all of the above.
7.4.9. Finished
[
> If you include hashes of the DH *shares*, as opposed to the *result*
> of the DH exchange, then you avoid the protocol weakness.
How would I extract this information from the OpenSSL library?
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit
Jeffrey Altman <[EMAIL PROTECTED]>:
>>> TLS_CHECKSUM_DATA ::= SEQUENCE {
>>>authentication-type-pair OCTET_STRING, -- 2 bytes
>>>SSLversion INTEGER,-- SSL version number
>>>Cipher OCTET_STRING, -- the 3 byte cipher ID
>>>Session_ID
On Thu, Aug 12, 1999 at 07:54:22AM -0700, [EMAIL PROTECTED] wrote:
>> This is not secure. The master secret is derived from data
>> transmitted in clear and the premaster secret, which is just the
>> result of the DH exchange, which *can* be influenced by an attacker in
>> a way such that the cl
> This is not secure. The master secret is derived from data
> transmitted in clear and the premaster secret, which is just the
> result of the DH exchange, which *can* be influenced by an attacker in
> a way such that the client and server agree on its value and the
> attacker kn
> On Thu, Aug 12, 1999 at 12:00:00AM +, Jeffrey Altman wrote:
>
> > I am setting the cipher list on both my client and server
> >
> > ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA
> >
> > and then attempt to make a TLSv1 connection and get the following
&g
Hi,
Yes, I can use the ADH cipher suites. I'm doing the same thing you do:
1. I compile the library with SSL_ALLOW_ADH
2. I set the cipher suite to include the ADH cipher (which is not enabled
by default)
I'm also calling "SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NUL
Hi,
My apologies, it IS working. I thought I had tried it but I guess I made a
mistake and linked to the wrong library (I have 4-5 different versions of the
compiled openssl libraries!). In order to get ADH to work I have to compile
the libraries either with NO_RSA or with SSL_ALLOW_ADH. When
On Thu, Aug 12, 1999 at 12:00:00AM +, Jeffrey Altman wrote:
> I am setting the cipher list on both my client and server
>
> ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA
>
> and then attempt to make a TLSv1 connection and get the following
> error:
>
> [TLS - handshake sta
Hi,
I am writing an application using SSLeay.
I must not use RSA, because of license problems, so I must
use for authentication the public key technique of DH.
I also want not to use encryption. This may sound strange, but due to
the application nature, the data is already encrypted, and thus
sh
33 matches
Mail list logo
