Oliver King wrote:
>
> - cipher suites such as DH-RSA-DES-CBC-SHA and DH-DSS-DES-CBC-SHA are _not_
> supported; for these, the Diffie-Hellman parameters form part of the
> server's certificate, and the whole lot has been signed by a CA (using RSA
> or DSA), so the Diffie-Hellman parameters are fi
> Without some alternative mode of server authentication, of course,
> Anon DH remains a pretty scary proposition -- all the more so because it
> implies a level of trustworthiness that it can not provide.
In the telnet protocol we would like to use Anon-DH in conjunction
with RFC 1416 ba
L PROTECTED]
> Subject: Re: Diffie-Hellman support in OpenSSL
>
> Andrew Cooke wrote:
> >
> >
> > Although my post, in retrospect sounded like eay is some kind of font of
> > eternal knowledge, I meant just that since he wrote the thing, he could
> > expl
Andrew Cooke <[EMAIL PROTECTED]>wrote:
>> Although my post, in retrospect sounded like eay is some kind of font of
>> eternal knowledge, I meant just that since he wrote the thing, he could
>> explain the design decisions.
>>
>> Anyway, I've now found the following two posts which shed
On Mon, Dec 20, 1999 at 02:22:14AM -0500, Vin McLellan wrote:
> Without some alternative mode of server authentication, of course,
> Anon DH remains a pretty scary proposition -- all the more so because it
> implies a level of trustworthiness that it can not provide.
There is no reason f
Andrew Cooke <[EMAIL PROTECTED]>:
> http://remus.prakinf.tu-ilmenau.de/ssl-users/archive19/0160.html
Hm, interesting:
Eric Young ([EMAIL PROTECTED])
Wed, 24 Sep 1997 12:00:42 +1000 (EST)
[...] Currently I do not honor the X509v3 usage extensions, but I
will add that 'real soon now
Andrew Cooke wrote:
>
>
> Although my post, in retrospect sounded like eay is some kind of font of
> eternal knowledge, I meant just that since he wrote the thing, he could
> explain the design decisions.
>
> Anyway, I've now found the following two posts which shed light on the
> historic basi
Andrew Cooke wrote:
> Oliver King wrote:
> [...]
> > OK, silly me... I recompiled the library with SSL_ALLOW_ADH defined and the
> > ADH ciphers worked fine. Thanks for the pointers though. It's a bit weird
> > that the ADH ciphers still show up even when SSL_ALLOW_ADH is not defined...
> [...]
>
Oliver King wrote:
>
> Hi,
>
>
> My first question is about the ADH cipher suites. Try as I might, I cannot
> get a successful connection using any ADH cipher, e.g. ADH-DES-CBC-SHA. The
> server always fails in SSL_accept() and gives the following output from
> ERR_print_errors_fp():
>
> 420:e
> Is there anything special I should be doing to allow ADH to work?
Please check the list of supported ciphers with "openssl ciphers".
You might
note, that the ADH ciphers are not listed. The reason is, that the
default
cipher selection string is (see ssl.h)
On Thu, Dec 16, 1999 at 05:29:15PM -, Oliver King wrote:
> So far, using some simple home-brewed test programs, I've successfully
> managed to establish connections using EDH ciphers such as
> EDH-RSA-DES-CBC-SHA by using the appropriate cert/key files and setting up
> temp DH params using SSL
11 matches
Mail list logo
