Hi,
I've got a newbie question about a possible SSL/OpenSSL
Consider two machines A and B and a man-in-the-middle, Z, who can
snoop traffic.
A and B exchange certificates securely, i.e. Z lets the SSL handshake
through. Therefore A sends a first application-data message to B.
Z cannot
No.
Part of the SSL/TLS handshake protocol is the definition of what the
content of the message should include -- i.e., the HMAC. If it
doesn't exist or is different from what it's supposed to be, the side
that failed to validate it sends a decryption_error fatal alert and
closes the connection.
See ongoing discussion regarding DTLS: this is something that should
be adjusted in the next CVS, if I read Mr. Henson's messages
correctly. DTLS is in progress, so expect some issues in the near
future: snapshots are a, after all, only snaps of the development
process at work.)
Take care,
Ger
On Fri, May 15, 2009 at 12:47 AM, Alex Takeshita
alex_takesh...@yahoo.com.br wrote:
Hi, how can I use your OpenSSL include in my software developed in Visual
Basic 6?
Do you have any tutorial or tips for me? I'm a little lost!
Thanks for your attention!
does that Stan Laurel thing with the
Hi
I'm glad for your negative answer and that's also what I suspect :-)
... but I didn't really understand why.
Maybe I didn't really fully explain myself, the problem is not really
ensuring secrecy and integrity, it's ensuring delivery.
As I understand it this is normally done with TCP
João wrote:
Hi
I'm glad for your negative answer and that's also what I suspect :-)
... but I didn't really understand why.
Maybe I didn't really fully explain myself, the problem is not really
ensuring secrecy and integrity, it's ensuring delivery.
No protocol can ensure the other side
On Sun, May 17, 2009 at 07:16:47PM +0200, Ger Hobbelt wrote:
See ongoing discussion regarding DTLS: this is something that should
be adjusted in the next CVS, if I read Mr. Henson's messages
correctly. DTLS is in progress, so expect some issues in the near
future: snapshots are a, after all,
TCP does not provide delivery assurance. If the application needs
to know
the data got through, it must use application-level
ackwowledgements. SSL
does not change this and provides the same set of guarantees and
assurances
TCP does.
I'm sorry to disagree but TCP, unlike UDP, does
TCP allows for hijacking -- but the fact that the SSL/TLS layer uses
secret, ever-changing HMACs means that an attacker cannot pass any
data to the hijacked session without it being detected and a protocol
error resulting. (Much less the encryption key for all but NULL
ciphers.)
TCP guarantees
João Távora пишет:
TCP does not provide delivery assurance. If the application needs
to know
the data got through, it must use application-level ackwowledgements.
SSL
does not change this and provides the same set of guarantees and
assurances
TCP does.
I'm sorry to disagree but TCP,
10 matches
Mail list logo
