On Tue, Aug 10, 2004, [EMAIL PROTECTED] wrote: > I know about DH key exchange and its use in the openssl library. > But how would i use the private session keys from DH to encrypt > and decrypt the data flowing from peer to peer with highlevel hooks > like SSL_read and SSL_write? > > Or is it required to use completely different functions like the EVP_* family > to set up the cipher routines? >
The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS without using certificates. To use these you need to set appropriate DH parameters on the server side and enable the ciphersuites using an appropriate cipher string. However without some form of authentication the connection is vulnerable to man in the middle attacks. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]