|
I am trying to evaluate whether SSL (specifically
openssl), would be a suitable choice in securing my application. I am
having trouble finding the best combination of algorithms and parameters that
will serve my needs. Here are the rules:
1. I'd like to have a key-pair only on the
server.
2. There is no authentication of either party (yes,
I know this is not good).
3. Physical connections can be initiated either by
the either side, but, once again, only the server has a key pair.
4. I want to avoid all certificates if possible,
but, at minimum, restrict their usage to the server.
It occurred to me that part of my problem could
reduced if the SSL_connect could
be connection (one said connection is established). Is this
true?
What I am looking for, once again is the best
algorithm combination for my situation, along with a couple of brief tips, and
any help is greatly appreciated.
Larry Ellis
|
- Re: SSL Parameters Larry Ellis
- Re: SSL Parameters Eric Rescorla
- Re: SSL Parameters Larry Ellis
