Hi, I'm trying to use openSSL without certificates and authentication through Anonymous Diffie-Hellman key exchange. I have managed to successfully exchange messages between server and client by modifying some of the sample programs available with the source code.
The salient features of the modified client and server test programs are: 1) Not loading certificates 2) Loading the DH params in the server by reading dhparams.pem 3) Setting the cipher to ADH-AES128-SHA on both client and server I have a question regarding the DH key exchange - don't we have to load DH params on the client side as well ? What I have been able to gather from online sources on DH key exchange is that 1) Alice and Bob decides on the prime P and generator G 2) Alice decides on a random number X and sends G(power of X) mod P to Bob 3) Bob decides on a random number Y and sends G(power of Y) mod P to Alice 4) Both Bob and Alice can calculate the shared secret on their own In my test program, I did not do anything on the client side to generate the shared key. I would really appreciate if someone can shed some light on how anonymous DH works in OpenSSL. Thanks Ramg
