If u don't want to use any certs on both side then u have to chose annonymous cipher suites, the ones having ADH- in them, like ADH-DES-CBC-SHA. But still u need to have DH key on server and turn off the client athentication on server side.
Aslam -----Original Message----- From: Emil Kopysc [mailto:[EMAIL PROTECTED] Sent: Saturday, March 08, 2003 10:41 AM To: [EMAIL PROTECTED] Subject: Cert usage Hi All! I'm writing a small library to provide secure communication for our client/server application. I don't want to use any certs on both sides (client/server), just establish a connection whith e.g. DHE-DSS-AES128-SHA (i think it doesn't need any certificate to use... or I am wrong...?). The OpenSSL libraries version I'm using is 0.9.7a (on RH7.3), they're compiled as shared libraries. My programs caused some errors, so I thought I've made something wrong, but when I tried to use: "openssl s_server -nocert -debug -cipher DHE-DSS-AES128-SHA" and "openssl s_client -debug" on server side there was an error: "2847:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:881:shutting down SSL" and on client side: "2951:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:470:" and these errors are the same as my programs made... All is good when I use a certificate on server side. So my question is: Is there possible to make any encrypted communication without any certificate? -- Emil Kopysc Design & Developement TRX - Cyfrowe Rejestratory Rozmow ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
