On Wed, 8 Dec 1999, Cliff Woolley wrote:
> >>> Simon Weijgers <[EMAIL PROTECTED]> 12/08/99 10:18AM >>>
>
> >You can infact, but you'll have to recompile OpenSSL with Anonymous
> DH
> >(diffie-helman) enabled.
>
> Ahh, true enough. I stand corrected. I was only talking about
> RSA-style encryption, not even thinking about ADH. I never use ADH
> (because of the security implications), so it didn't even cross my mind
> that that doesn't work the same way.
I'm actually wondering why the SSL spec only allows anonymous connections
with diffie-helman as ``key exchange algorithm''. I'd say that
``technically'' it should be possible with RSA or every other public key
encryption algorithm. So is there any particular reason anonymous SSL/TLS
connections are only allowed with DH as key exchange algorithm?
Regards,
Simon Weijgers
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
