Re: Avoiding Certificates for Server/Client approach
The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS without using certificates. To use these you need to set appropriate DH parameters on the server side and enable the ciphersuites using an appropriate cipher string. However without some form of authentication the connection is vulnerable to man in the middle attacks. Steve. Well, currently i am using certificates that don't have been signed by anyone so they could be generated by anybody. Wouldn't that make them senseless? The certificates i am using for client and server side are generated by openssl(1) and simply exchanged when the client and server handshake. Because neither of the two is signed by a CA, it would enable everybody to create a certificate and masquerade as my server (or client), no? best regards threadhead ___ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
On Wed, Aug 11, 2004, [EMAIL PROTECTED] wrote: The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS without using certificates. To use these you need to set appropriate DH parameters on the server side and enable the ciphersuites using an appropriate cipher string. However without some form of authentication the connection is vulnerable to man in the middle attacks. Steve. Well, currently i am using certificates that don't have been signed by anyone so they could be generated by anybody. Wouldn't that make them senseless? The certificates i am using for client and server side are generated by openssl(1) and simply exchanged when the client and server handshake. Because neither of the two is signed by a CA, it would enable everybody to create a certificate and masquerade as my server (or client), no? Yes if you are trusting any certificate then you might as well use anon DH. Normally, for certificates, this is resolved by using a mutually acceptable certificate or CA certificate which have been exchanged by some secure means. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
Yes if you are trusting any certificate then you might as well use anon DH. Normally, for certificates, this is resolved by using a mutually acceptable certificate or CA certificate which have been exchanged by some secure means. Steve. First of all thanks for your suggestions, i'll keep them in mind. How would i then use the anonymous DH public key algorithm? (May it either be on the fly or from a file containing the public values.) Are there any functions for that in the openssl library that i can use? best regards threadhead Aufnehmen, abschicken, nah sein - So einfach ist WEB.DE Video-Mail: http://freemail.web.de/?mc=021200 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
On Wed, Aug 11, 2004, [EMAIL PROTECTED] wrote: Yes if you are trusting any certificate then you might as well use anon DH. Normally, for certificates, this is resolved by using a mutually acceptable certificate or CA certificate which have been exchanged by some secure means. Steve. First of all thanks for your suggestions, i'll keep them in mind. How would i then use the anonymous DH public key algorithm? (May it either be on the fly or from a file containing the public values.) Are there any functions for that in the openssl library that i can use? You need to supply a set of DH parameters. Since these can take some time to generate they are often generated in advance and read from a file or even hard coded in source. 'openssl dhparam' can be used for this. The function SSL_CTX_set_tmp_dh() among others can be used to use these DH parameters in an SSL_CTX structure. Finally an appropriate cipher string needs to be set. The string ADH is useful for this, for example ADH:@STRENGTH will just select anon DH ciphers sorted by strength. The s_server and s_client utilities can be used to try this out. They automatically set DH parameters (though new ones can be supplied too) and by using the -nocert option in s_server and an appropriate cipher string anon DH can be negotiated. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Avoiding Certificates for Server/Client approach
Hello list, i am currently trying to get rid of all the certificate stuff, that i've seen often before in many applications using the openssl library. basically my server/client model should only handshake without certificate exchange. the cipher is choosen by the client. after that the two programs are supposed to transfer encrypted data with SSL_read and SSL_write. now, is it possible to avoid building/exchanging/verifying certificates on the client AND serverside but still have the data channel encrypted with the cipher picked by the client? thanks for your time best regards threadhead ___ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
Try using Diffie Helleman to derive the private key by exchanging public keys. Encrypt/Decrypt with the derived private key at the respective ends. On Tue, 2004-08-10 at 16:47, [EMAIL PROTECTED] wrote: Hello list, i am currently trying to get rid of all the certificate stuff, that i've seen often before in many applications using the openssl library. basically my server/client model should only handshake without certificate exchange. the cipher is choosen by the client. after that the two programs are supposed to transfer encrypted data with SSL_read and SSL_write. now, is it possible to avoid building/exchanging/verifying certificates on the client AND serverside but still have the data channel encrypted with the cipher picked by the client? thanks for your time best regards threadhead ___ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
I know about DH key exchange and its use in the openssl library. But how would i use the private session keys from DH to encrypt and decrypt the data flowing from peer to peer with highlevel hooks like SSL_read and SSL_write? Or is it required to use completely different functions like the EVP_* family to set up the cipher routines? best regards threadhead Try using Diffie Helleman to derive the private key by exchanging public keys. Encrypt/Decrypt with the derived private key at the respective ends. ___ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
On Tue, Aug 10, 2004, [EMAIL PROTECTED] wrote: I know about DH key exchange and its use in the openssl library. But how would i use the private session keys from DH to encrypt and decrypt the data flowing from peer to peer with highlevel hooks like SSL_read and SSL_write? Or is it required to use completely different functions like the EVP_* family to set up the cipher routines? The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS without using certificates. To use these you need to set appropriate DH parameters on the server side and enable the ciphersuites using an appropriate cipher string. However without some form of authentication the connection is vulnerable to man in the middle attacks. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]