Re: testing null encryption

Thu, 28 Jul 2011 13:22:23 -0700 

On Thu, Jul 28, 2011 at 09:14:34AM -0700, navin gopalakrishnan wrote:

> 1) When i use my own applications (client & server) which uses
> the openssl library a separate client program and a separate server
> program, both configured to use only eNULL as above. (i.e. with only
> NULL_SHA & NULL_MD5),

The ciphers are "NULL-SHA" and "NULL-MD5", not "NULL_SHA" or "NULL_MD5".

    $ openssl ciphers -v NULL-SHA:NULL-MD5
    NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
    NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5

> I am seeing a error at the server application saying:
> 
> ???? Error in GET_CLIENT_HELLO_MSG: No shared ciphers: in s_srvr.c .....

Then perhaps you have not installed a suitable server certificate, or
more likely you have not in fact correctly configured the client or
server cipherlist.

> Unable to understand what the error message is saying .. i was expecting that 
> since both my client & server have the common ciphers - NULL_SHA & NULL_MD5,
> one of them to get selected and the handshake should get completed....

Either the server has no certificate, or you've misconfigured the
ciphers:

> 2) Getting back to the client & server programs supplied along with the 
> openssl package. When eNULL was configured as mentioned above, ran the 
> wireshark
> packet capture utility.
> typed " hello world" at the server and the "hello world" was reflected in the 
> client. 
> 
> 
> Was expecting "hello world" to be seen in clear text because NULL encryption 
> is used. 
> 
> But in wireshark i could not see anything in clear text .. Atleast i could 
> not see "hello world" in the application data section of wireshark.
> Rightly application data was after the client hello exchange messages sent by 
> the ssl protocol.
> 
> wondering why clear text message was not seen .... does any form of encoding 
> is used by the client & server.??

Compression may have been enabled. Or your test is flawed.

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to