On Wed, Mar 26, 2014, Deepti Jindal wrote: > Hi, > > In continuation with post: > http://openssl.6102.n7.nabble.com/SSL-Verify-Question-tp17908.html > which says that with Anonymous ciphers, certificates won't be exchanged and > hence won't be verified. > > However, I do want to ensure sure that no matter what, I am never sending > requests to the server without verification. Will it be possible if my > application is using an eNULL cipher (with Authentication ciphers enabled)? > e.g. "TLS_RSA_WITH_NULL_SHA" > > "Certificate exchange will be mandatory in case Authentication ciphers are > used": Is this statement correct? >
If you include !aNULL in the cipher string you'll remove any anonymous ciphersuites. You can check which ones are anonymous using: openssl ciphers -v <cipher string> If it says Au=None it is an anonymous ciphersuite, anything else and it isn't. If you do that with eNULL you'll see that currently only AECDH-NULL-SHA is anonumous. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org