On Wed, Mar 26, 2014, Deepti Jindal wrote:
> Hi,
>
> In continuation with post:
> http://openssl.6102.n7.nabble.com/SSL-Verify-Question-tp17908.html
> which says that with Anonymous ciphers, certificates won't be exchanged and
> hence won't be verified.
>
> However, I do want to ensure sure that no matter what, I am never sending
> requests to the server without verification. Will it be possible if my
> application is using an eNULL cipher (with Authentication ciphers enabled)?
> e.g. "TLS_RSA_WITH_NULL_SHA"
>
> "Certificate exchange will be mandatory in case Authentication ciphers are
> used": Is this statement correct?
>
If you include !aNULL in the cipher string you'll remove any anonymous
ciphersuites. You can check which ones are anonymous using:
openssl ciphers -v <cipher string>
If it says Au=None it is an anonymous ciphersuite, anything else and it isn't.
If you do that with eNULL you'll see that currently only AECDH-NULL-SHA is
anonumous.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
