2013/9/7 Niklas Schnelle <niklas.schne...@gmail.com> > Dear OpenSSL users, > > what can be done to improve the situation. >
One option is to switch from central SSL Certs to selfsigned SSL Certs in a p2p environment http://en.wikipedia.org/wiki/Self-signed_certificate SSL sends the key over D/H exchange, which could be attacked by MITM. One better option would be to send the key for SSL over an AES End to End encryption. http://goldbug.sf.net is a secure multi encrypting messenger, which provides e.g. the AES over RSA and then third uses OpenSSL in a p2p environment with self signed certificates as a channel, to send the AES encrypted message over it. It would be good, if the SSL cert could be exportable to be sent as well over AES and not DH. This is the homework, OpenSSL developers have to do to provide that in their library for self signed certificates, that they can be sent over different ways than just over Diffie-Hellmann-Exchange. What needs to be done to establish an SSL connection using an AES channel to share the secret? Regards Randoph