Alain,
One of the nice things about the openssl
implementation is the use of BIO's for communication,
protocol becomes totally irrelevant, if you could
write a bio to control white (or grey or black) mice
to carry your data you could implement secure
communications across any road/way/path the mice
> The security work in SNMPv3 is old and outdated and years
> behind current practice. Some of that is understandable, but
> but even back then we knew enough to know that raw UDP is
> almost architecturally flawed.
Not quite on the list topic - but if you were aware of the constraints
placed
> > You might also want to look at the "security" in SNMPv3.
>
> Means what?
The security work in SNMPv3 is old and outdated and years behind current
practice. Some of that is understandable, but but even back then we knew
enough to know that raw UDP is almost architecturally flawed.
/r$
> What I would like to do is to use OpenSSL's normal functionality, but
> without encapsulation of the actual operation of sending messages.
> Instead I would like all messages "forged" by OpenSSL - including
> handshake messages - to be sent back up to my module (which would be
> implemented in t
Justin Karneges wrote:
On Wednesday 19 October 2005 08:37, Alain Damiral wrote:
If I understand what Ning Ke suggests, OpenSSL uses a BIO output to send
all those messages regardless of what that BIO is actually encapsulating
? (That would normally be the TCP connexion) If it is so, I believe I
> > openSSL 0.9.8 comes with support for DTLS, which is TLS over UDP.
>
> Another point for the original poster to keep in mind is that
> SSL/TLS can require multiple read/writes for a single
> application-level packet exchange.
SA establishment cost...
> This isn't always obvious to folks st
On Wednesday 19 October 2005 08:37, Alain Damiral wrote:
> If I understand what Ning Ke suggests, OpenSSL uses a BIO output to send
> all those messages regardless of what that BIO is actually encapsulating
> ? (That would normally be the TCP connexion) If it is so, I believe I
> have the answer to
Rich Salz wrote:
openSSL 0.9.8 comes with support for DTLS, which is TLS over UDP.
Another point for the original poster to keep in mind is that SSL/TLS can
require multiple read/writes for a single application-level packet
exchange. This isn't always obvious to folks starting out. I th
> openSSL 0.9.8 comes with support for DTLS, which is TLS over UDP.
Another point for the original poster to keep in mind is that SSL/TLS can
require multiple read/writes for a single application-level packet
exchange. This isn't always obvious to folks starting out. I think the
DTLS spec discus
> How feasible is it to use OpenSSL's SSL library
to generate the raw data
> that is to be sent through the transport layer independent of the
> latter's implementation ? And read this data on the other end...
openSSL library uses the BIO abstraction for IO operations.
You could use a memory BI
10 matches
Mail list logo
