RE: Can I have SSL for peer authentication only? (and not for data encryption)
Urjit, To answer your 2nd question, just immediately after SSL_accept and SSL_connect on the server and client side respectively, you can use the functions: SSL_get_cipher (ssl), SSL_get_cipher_version (ssl) These will give you the cipher and SSL version. A sample output can be: SSL connection cipher:[EDH-RSA-DES-CBC3-SHA],version:[TLSv1/SSLv3] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Urjit Gokhale Sent: Wednesday, February 08, 2006 11:07 AM To: openssl-users@openssl.org Subject: Re: Can I have SSL for peer authentication only? (and not for data encryption) Hi all, Thanks for all those mails. I now understand that I can use NULL cipher suite to exchange data without encryption. I understand that on specifying NULL cipher suite, ssl will use RSA authentication. I believe that I will have to call SSL_CTX_set_cipher_list with second argument as "NULL" SSL_CTX_set_cipher_list(ctx, "NULL"); And then the application should be able to communicate using SSL_read() and SSL_write(). Please correct me if I am wrong. Now I have a source for a server application. The server goes through the following function sequence: === SSL_context = SSL_CTX_new(SSLv23_method()); SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM); SSL_CTX_check_private_key(SSL_context); port->ssl = SSL_new(SSL_context); SSL_set_fd(port->ssl, port->sock); SSL_accept(port->ssl); SSL_read(port->ssl, pkt->ptr, pkt->nrtodo); === Now the questions I have here is: 1) Is the server using NULL cipher ? 2) If not, then which authentication and which cipher would it be using ? 3) If I want to force NULL cipher, do I give a call to SSL_CTX_set_cipher_list() before I call SSL_new ? If you want any more information in order to answer the above questions, please do ask me. Thanks, ~ Urjit - Original Message - From: "Kyle Hamilton" <[EMAIL PROTECTED]> To: Sent: Thursday, February 02, 2006 9:37 PM Subject: Re: Can I have SSL for peer authentication only? (and not for data encryption) On 2/2/06, Katie Lucas <[EMAIL PROTECTED]> wrote: > On Tue, Jan 24, 2006 at 06:44:30PM +0530, Urjit Gokhale wrote: > > Hi all, > > > > > I am planning to use SSL for the communication between my client and > >server. The idea is to use SSL *mainly* for peer authentication and > >validation (Both server and client authentication by means of > >certificates). Regarding the data encryption, I would like to have it > >as an optional feature. This is already possible with the NULL cipher suite. > > 1) Is it possible to use SSL only for the sake of peer > >authentication + validation and transfer un-encrypted data over this > >channel ? Yes. Remember that SSL/TLS also provides an integrity check to ensure that a session hasn't been hijacked. If this is important to your application, don't shut down the SSL layer as Ms. Lucas suggests. > > How about; you open the sockets using your socket level > interface. Then you attach SSL constructs to both ends, but with the > "don't close this option". > > They connect, authenticate each other. You can then use the connection > objects to get the peer certificates (you need to do this because the > connection will succeed if the client doesn't offer a certificate, > whereas you're after BOTH parties being authenticated). If both ends > get a validated certificate presented, the connection is authenticated. > > Close the SSL layer, which will leave you with two natice connected > sockets to talk over. > > > 2) Would sacrificing on encryption *really* improve the performance ? > > We're sending video data, so your mileage may vary, but SSL's > symmetric encryption is far faster than the network can move the data > and the overhead of TLS is non-noticable for those volumes of > data. > > Yes, it'll remove some strain from your machine, but next year's CPUs > will remove that strain from notice. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Hi all, Thanks for all those mails. I now understand that I can use NULL cipher suite to exchange data without encryption. I understand that on specifying NULL cipher suite, ssl will use RSA authentication. I believe that I will have to call SSL_CTX_set_cipher_list with second argument as "NULL" SSL_CTX_set_cipher_list(ctx, "NULL"); And then the application should be able to communicate using SSL_read() and SSL_write(). Please correct me if I am wrong. Now I have a source for a server application. The server goes through the following function sequence: === SSL_context = SSL_CTX_new(SSLv23_method()); SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM); SSL_CTX_check_private_key(SSL_context); port->ssl = SSL_new(SSL_context); SSL_set_fd(port->ssl, port->sock); SSL_accept(port->ssl); SSL_read(port->ssl, pkt->ptr, pkt->nrtodo); === Now the questions I have here is: 1) Is the server using NULL cipher ? 2) If not, then which authentication and which cipher would it be using ? 3) If I want to force NULL cipher, do I give a call to SSL_CTX_set_cipher_list() before I call SSL_new ? If you want any more information in order to answer the above questions, please do ask me. Thanks, ~ Urjit - Original Message - From: "Kyle Hamilton" <[EMAIL PROTECTED]> To: Sent: Thursday, February 02, 2006 9:37 PM Subject: Re: Can I have SSL for peer authentication only? (and not for data encryption) On 2/2/06, Katie Lucas <[EMAIL PROTECTED]> wrote: > On Tue, Jan 24, 2006 at 06:44:30PM +0530, Urjit Gokhale wrote: > > Hi all, > > > > > I am planning to use SSL for the communication between my client and > >server. The idea is to use SSL *mainly* for peer authentication and > >validation (Both server and client authentication by means of > >certificates). Regarding the data encryption, I would like to have it > >as an optional feature. This is already possible with the NULL cipher suite. > > 1) Is it possible to use SSL only for the sake of peer > >authentication + validation and transfer un-encrypted data over this > >channel ? Yes. Remember that SSL/TLS also provides an integrity check to ensure that a session hasn't been hijacked. If this is important to your application, don't shut down the SSL layer as Ms. Lucas suggests. > > How about; you open the sockets using your socket level > interface. Then you attach SSL constructs to both ends, but with the > "don't close this option". > > They connect, authenticate each other. You can then use the connection > objects to get the peer certificates (you need to do this because the > connection will succeed if the client doesn't offer a certificate, > whereas you're after BOTH parties being authenticated). If both ends > get a validated certificate presented, the connection is authenticated. > > Close the SSL layer, which will leave you with two natice connected > sockets to talk over. > > > 2) Would sacrificing on encryption *really* improve the performance ? > > We're sending video data, so your mileage may vary, but SSL's > symmetric encryption is far faster than the network can move the data > and the overhead of TLS is non-noticable for those volumes of > data. > > Yes, it'll remove some strain from your machine, but next year's CPUs > will remove that strain from notice. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Katie Lucas wrote: On Thu, Feb 02, 2006 at 05:09:42PM +0100, Alain Damiral wrote: But with no cryptographic digest you have no guarantee that the data you receive provides from the person who showed his certificate. I think it would be vulnerable to a man in the middle type of attack. Only if they can spoof the IP streams... Why would anyone assume that they can't ? An attacker might even have other means of messing around with IP adresses that would allow him to achieve man in the middle without spoofing. -- Alain Damiral __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
On Thu, Feb 02, 2006 at 05:09:42PM +0100, Alain Damiral wrote: > > >>1) Is it possible to use SSL only for the sake of peer > >>authentication + validation and transfer un-encrypted data over this > >>channel ? > >> > >> > > > >How about; you open the sockets using your socket level > >interface. Then you attach SSL constructs to both ends, but with the > >"don't close this option". > > > >They connect, authenticate each other. You can then use the connection > >objects to get the peer certificates (you need to do this because the > >connection will succeed if the client doesn't offer a certificate, > >whereas you're after BOTH parties being authenticated). If both ends > >get a validated certificate presented, the connection is authenticated. > > > >Close the SSL layer, which will leave you with two natice connected > >sockets to talk over. > > > > > > > But with no cryptographic digest you have no guarantee that the data you > receive provides from the person who showed his certificate. I think it > would be vulnerable to a man in the middle type of attack. Only if they can spoof the IP streams... At the point the SSL connection says "yep. Everything's OK", it's already done the challenges and responses so it's all ready to go -- this is as long as you don't include the null cipher, so the initial comms are encrypted. Closing the SSL connection means turning off the encryption later on, so it can still be used initially for the certificate verification. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? How about; you open the sockets using your socket level interface. Then you attach SSL constructs to both ends, but with the "don't close this option". They connect, authenticate each other. You can then use the connection objects to get the peer certificates (you need to do this because the connection will succeed if the client doesn't offer a certificate, whereas you're after BOTH parties being authenticated). If both ends get a validated certificate presented, the connection is authenticated. Close the SSL layer, which will leave you with two natice connected sockets to talk over. But with no cryptographic digest you have no guarantee that the data you receive provides from the person who showed his certificate. I think it would be vulnerable to a man in the middle type of attack. I suppose a digest is still included when using the null cipher with OpenSSL... ? -- Alain Damiral __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
On 2/2/06, Katie Lucas <[EMAIL PROTECTED]> wrote: > On Tue, Jan 24, 2006 at 06:44:30PM +0530, Urjit Gokhale wrote: > > Hi all, > > > > > I am planning to use SSL for the communication between my client and > >server. The idea is to use SSL *mainly* for peer authentication and > >validation (Both server and client authentication by means of > >certificates). Regarding the data encryption, I would like to have it > >as an optional feature. This is already possible with the NULL cipher suite. > > 1) Is it possible to use SSL only for the sake of peer > >authentication + validation and transfer un-encrypted data over this > >channel ? Yes. Remember that SSL/TLS also provides an integrity check to ensure that a session hasn't been hijacked. If this is important to your application, don't shut down the SSL layer as Ms. Lucas suggests. > > How about; you open the sockets using your socket level > interface. Then you attach SSL constructs to both ends, but with the > "don't close this option". > > They connect, authenticate each other. You can then use the connection > objects to get the peer certificates (you need to do this because the > connection will succeed if the client doesn't offer a certificate, > whereas you're after BOTH parties being authenticated). If both ends > get a validated certificate presented, the connection is authenticated. > > Close the SSL layer, which will leave you with two natice connected > sockets to talk over. > > > 2) Would sacrificing on encryption *really* improve the performance ? > > We're sending video data, so your mileage may vary, but SSL's > symmetric encryption is far faster than the network can move the data > and the overhead of TLS is non-noticable for those volumes of > data. > > Yes, it'll remove some strain from your machine, but next year's CPUs > will remove that strain from notice. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
On Tue, Jan 24, 2006 at 06:44:30PM +0530, Urjit Gokhale wrote: > Hi all, > > I am planning to use SSL for the communication between my client and >server. The idea is to use SSL *mainly* for peer authentication and >validation (Both server and client authentication by means of >certificates). Regarding the data encryption, I would like to have it >as an optional feature. > 1) Is it possible to use SSL only for the sake of peer >authentication + validation and transfer un-encrypted data over this >channel ? How about; you open the sockets using your socket level interface. Then you attach SSL constructs to both ends, but with the "don't close this option". They connect, authenticate each other. You can then use the connection objects to get the peer certificates (you need to do this because the connection will succeed if the client doesn't offer a certificate, whereas you're after BOTH parties being authenticated). If both ends get a validated certificate presented, the connection is authenticated. Close the SSL layer, which will leave you with two natice connected sockets to talk over. > 2) Would sacrificing on encryption *really* improve the performance ? We're sending video data, so your mileage may vary, but SSL's symmetric encryption is far faster than the network can move the data and the overhead of TLS is non-noticable for those volumes of data. Yes, it'll remove some strain from your machine, but next year's CPUs will remove that strain from notice. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Kyle Hamilton wrote: In France (unless the laws have changed) it's illegal to use cryptography to encrypt data payload, but not illegal to use cryptography as a means of identification. This is, if I understand Netscape's and the IETF's motives correctly, the only reason why the NULL cipher suites exist in the SSL/TLS specifications. @openssl.org It's hard to find intelligible up to date information on that matter but things have changed since june 2004 (Loi n°2004-575). It seems that as long as the "provider" of encryption is known you're pretty much free to do whatever you want. But you get punished harder if you're using encryption for naughty criminal stuff. I found nothing about limits on key sizes. -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Brief primer on SSL/TLS: 1) Server has a public and private key pair. Optionally, the client has a public and private key pair. Any public key is authenticated by a 'certificate', which is a set of data attached to the public key, the entirety of which has a hash encrypted by the private key of a trusted third party. 2) [Different versions of the protocol modify this part; this is a 10,000 foot view] On connection, server sends client its certificate (and perhaps a random number encrypted with its private key that the client can decrypt with the public key in the certificate). Client decrypts the random number, generates its own random number, and encrypts that with the server's public key (perhaps combining it with the server's random number in some fashion), and sends it back. [this assumes that the client trusts the signer of the certificate.] 3) Server decrypts what the client sent, removes its own randomness, and uses this as the generator for the base key for the session. (if the client sends information that the server can't decrypt, then the server doesn't have the private key for the certificate that it has presented.) The client already has this knowledge, so it has already generated this key. 4) Server can optionally ask the client to authenticate itself, by essentially performing the exchange in reverse. 5) In this exchange, there is also a list of "cipher suites" that are acceptable to each side. The cipher suite chosen is the highest-security one that both sides support. (Highest-security means 'highest bulk cipher bit security'.) The generated keys (from step 3) are used for bulk cipher encryption, as well as being the means of encrypting the message authentication code for verification. 6) It's possible (and, indeed, legally necessary in France) for there to be no bulk cipher applied; in this case, the generated key material from step 3 is used only for message authentication, to show that it actually came from the other side and wasn't injected into the TCP stream. The hashing occurs regardless of whether there's a bulk cipher in use. A bulk cipher only adds a little bit of overhead to the end, just before the data is transmitted and as soon as the data is received. In France (unless the laws have changed) it's illegal to use cryptography to encrypt data payload, but not illegal to use cryptography as a means of identification. This is, if I understand Netscape's and the IETF's motives correctly, the only reason why the NULL cipher suites exist in the SSL/TLS specifications. -Kyle H ...who now waits for other people to nitpick over the details of his explanation, since it's based primarily on SSL2 and 3, and not TLS. On 1/24/06, Alain Damiral <[EMAIL PROTECTED]> wrote: > Hi and welcome, > > I haven't thought hardly about what you're trying to do but my first > intuition tells me that encryption also has some part to play in > authentication that you're missing. My knowledge of SSL is limited but I > think it is safe to say that private/public key (assymetric) encryption > is used to guarantee certificate authenticity, and to agree on the > secret (symetric) key that will be used for the actual communication. > > If you use no secret key, you have no guarantee that the guy you're > talking with really is the same guy that you did your handshake with > (who showed you his certificate and knows the shared secret). So even if > you don't want your data encrypted, there must be some signature for > each message sent to guarantee authenticity, based on that shared secret. > > So if what I said is correct, even if you don't use encryption you will > still need a signature of each message - probably in the form of a > cryptographic hash based on the shared secret. I'm really not sure that > such an operation is significantly cheaper than symmetric encryption. > > > > Urjit Gokhale wrote: > > > Hi all, > > > > I am planning to use SSL for the communication between my client and > > server. The idea is to use SSL *mainly* for peer authentication and > > validation (Both server and client authentication by means of > > certificates). Regarding the data encryption, I would like to have it > > as an optional feature. > > > > The motivation behind this desirable feature is that in a particular > > environment, I am not really worried about the data, but the client > > talking to my server. I would like to give up on encryption in favor > > of performance. > > > > So the questions are: > > 1) Is it possible to use SSL only for the sake of peer authentication > > + validation and transfer un-encrypted data over this channel ? > > > > 2) Would sacrificing on encryption *really* improve the performance ? > > > > Thanks, > > > > ~ Urjit > > > > PS: This is my first mail to this list. So, in case, you think that my > > questions are out of the scope of this group, or you know of some > > other group which can yield me better answers, could you please point > > me to such groups ? > > > ___
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Bernhard Froehlich wrote: Maybe this would be possible using the NULL cipher combined with DH authentication... (The official NULL cipher suites use RSA authentication.) The answer to the first question of the OP is yes, use a NULL cipher suite. But if your problem is only performance I don't think it's worthwhile to worry about bulk encryption. [...] I agree to this. Anyway, it is not much effort to make the cipher suite used by the application configurable; comparing a NULL cipher suite with an e.g. AES-128 cipher suite gives in short time the answer to the OP's second question. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Urjit Gokhale wrote: Hi all, I am planning to use SSL for the communication between my client and server. The idea is to use SSL *mainly* for peer authentication and validation (Both server and client authentication by means of certificates). Regarding the data encryption, I would like to have it as an optional feature. The motivation behind this desirable feature is that in a particular environment, I am not really worried about the data, but the client talking to my server. I would like to give up on encryption in favor of performance. So the questions are: 1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? 2) Would sacrificing on encryption *really* improve the performance ? Maybe this would be possible using the NULL cipher combined with DH authentication... But if your problem is only performance I don't think it's worthwhile to worry about bulk encryption. Bulk encryption uses symetric ciphers that are cheap compared to the public key algorithms needed for authentication. It may be a concern if you want to reach transfer rates bigger than let's say 10 MByte/s, but encryping traffic on a typical internet connection will not keep your CPU really busy (assuming you're using a not too old desktop PC). Thanks, ~ Urjit PS: This is my first mail to this list. So, in case, you think that my questions are out of the scope of this group, or you know of some other group which can yield me better answers, could you please point me to such groups ? Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
Re: Can I have SSL for peer authentication only? (and not for data encryption)
Hi and welcome, I haven't thought hardly about what you're trying to do but my first intuition tells me that encryption also has some part to play in authentication that you're missing. My knowledge of SSL is limited but I think it is safe to say that private/public key (assymetric) encryption is used to guarantee certificate authenticity, and to agree on the secret (symetric) key that will be used for the actual communication. If you use no secret key, you have no guarantee that the guy you're talking with really is the same guy that you did your handshake with (who showed you his certificate and knows the shared secret). So even if you don't want your data encrypted, there must be some signature for each message sent to guarantee authenticity, based on that shared secret. So if what I said is correct, even if you don't use encryption you will still need a signature of each message - probably in the form of a cryptographic hash based on the shared secret. I'm really not sure that such an operation is significantly cheaper than symmetric encryption. Urjit Gokhale wrote: Hi all, I am planning to use SSL for the communication between my client and server. The idea is to use SSL *mainly* for peer authentication and validation (Both server and client authentication by means of certificates). Regarding the data encryption, I would like to have it as an optional feature. The motivation behind this desirable feature is that in a particular environment, I am not really worried about the data, but the client talking to my server. I would like to give up on encryption in favor of performance. So the questions are: 1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? 2) Would sacrificing on encryption *really* improve the performance ? Thanks, ~ Urjit PS: This is my first mail to this list. So, in case, you think that my questions are out of the scope of this group, or you know of some other group which can yield me better answers, could you please point me to such groups ? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Can I have SSL for peer authentication only? (and not for data encryption)
Hi all, I am planning to use SSL for the communication between my client and server. The idea is to use SSL *mainly* for peer authentication and validation (Both server and client authentication by means of certificates). Regarding the data encryption, I would like to have it as an optional feature. The motivation behind this desirable feature is that in a particular environment, I am not really worried about the data, but the client talking to my server. I would like to give up on encryption in favor of performance. So the questions are: 1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? 2) Would sacrificing on encryption *really* improve the performance ? Thanks, ~ Urjit PS: This is my first mail to this list. So, in case, you think that my questions are out of the scope of this group, or you know of some other group which can yield me better answers, could you please point me to such groups ?
