Mikhail Gusarov <[email protected]> writes: > Twas brillig at 10:55:41 15.10.2009 UTC+02 when [email protected] did > gyre and gimble: > > SVI> What I want to achieve is encryption over the wire, without > SVI> authentication or anything, just that MITM attacks can be ruled > SVI> out, > > That's a contradictory requirements. You need to authenticate another > host in order to be sure it's a host you want to connect to, and not a > intruder. > > SVI> or that a certain packet which arrives isn't faked. > > SVI> I will check TLS, thanks for the hint! > > TLS with both server and client certificates is a way to go: TLS gives > integrity and prevention of eavesdropping, certificates prevent MitM > attacks.
Although if he really doesn't want any authentication, TLS with the anonymous ciphersuites is the way to go. Although I would agree that using TLS with both client and server authentication gives more protection against attacks on the network. /Simon _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
