On Tue, Jan 24, 2006 at 06:44:30PM +0530, Urjit Gokhale wrote: > Hi all, >
> I am planning to use SSL for the communication between my client and >server. The idea is to use SSL *mainly* for peer authentication and >validation (Both server and client authentication by means of >certificates). Regarding the data encryption, I would like to have it >as an optional feature. > 1) Is it possible to use SSL only for the sake of peer >authentication + validation and transfer un-encrypted data over this >channel ? How about; you open the sockets using your socket level interface. Then you attach SSL constructs to both ends, but with the "don't close this option". They connect, authenticate each other. You can then use the connection objects to get the peer certificates (you need to do this because the connection will succeed if the client doesn't offer a certificate, whereas you're after BOTH parties being authenticated). If both ends get a validated certificate presented, the connection is authenticated. Close the SSL layer, which will leave you with two natice connected sockets to talk over. > 2) Would sacrificing on encryption *really* improve the performance ? We're sending video data, so your mileage may vary, but SSL's symmetric encryption is far faster than the network can move the data and the overhead of TLS is non-noticable for those volumes of data. Yes, it'll remove some strain from your machine, but next year's CPUs will remove that strain from notice. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
