On Wed, Aug 11, 2004, [EMAIL PROTECTED] wrote:
> > Yes if you are trusting any certificate then you might as well use anon DH.
> >
> > Normally, for certificates, this is resolved by using a mutually acceptable
> > certificate or CA certificate which have been exchanged by some secure means.
> >
> Yes if you are trusting any certificate then you might as well use anon DH.
>
> Normally, for certificates, this is resolved by using a mutually acceptable
> certificate or CA certificate which have been exchanged by some secure means.
>
> Steve.
First of all thanks for your suggestions, i'll
On Wed, Aug 11, 2004, [EMAIL PROTECTED] wrote:
> > The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS
> > without using certificates. To use these you need to set appropriate DH
> > parameters on the server side and enable the ciphersuites using an appropriate
> > cipher strin
> The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS
> without using certificates. To use these you need to set appropriate DH
> parameters on the server side and enable the ciphersuites using an appropriate
> cipher string.
> However without some form of authentication the co
On Tue, Aug 10, 2004, [EMAIL PROTECTED] wrote:
> I know about DH key exchange and its use in the openssl library.
> But how would i use the private session keys from DH to encrypt
> and decrypt the data flowing from peer to peer with highlevel hooks
> like SSL_read and SSL_write?
>
> Or is it req
I know about DH key exchange and its use in the openssl library.
But how would i use the private session keys from DH to encrypt
and decrypt the data flowing from peer to peer with highlevel hooks
like SSL_read and SSL_write?
Or is it required to use completely different functions like the EVP_* f
Try using Diffie Helleman to derive the private key
by exchanging public keys.
Encrypt/Decrypt with the derived private key at the
respective ends.
On Tue, 2004-08-10 at 16:47, [EMAIL PROTECTED] wrote:
> Hello list,
>
> i am currently trying to get rid of all the certificate stuff, that i've se
Hello list,
i am currently trying to get rid of all the certificate stuff, that i've seen often
before in many applications using the openssl library.
basically my server/client model should only handshake without certificate
exchange. the cipher is choosen by the client.
after that the two prog
