Yes and no.
The current Kerberos support is insecure and should not be used. The main
problem is that the session key is reused for all TLS connections. This
prevents perfect forward secrecy.
That being said, we have been toying around with the idea of making a new
standard for GSSAPI/TLS which
Nico Williams has made an interesting proposal on this topic:
http://marc.info/?l=openssl-usersm=143136162429551w=2
It is probably worth discussing.
On Mon, 2015-05-11 at 10:09 -0400, Nathaniel McCallum wrote:
Yes and no.
The current Kerberos support is insecure and should not be used. The
Hello!
Is this somehow interesting for us?
Petr^2 Spacek
Forwarded Message
Subject: [openssl-users] Kerberos
Date: Tue, 05 May 2015 09:21:28 +0100
From: Matt Caswell m...@openssl.org
Reply-To: openssl-us...@openssl.org
To: openssl-us...@openssl.org, openssl-...@openssl.org
I