Hi,
If you are allowing anon-DH, then you are permitting certificate-less SSL, which
is a potential security hole, unless your implementation is not worried about
that.
Our implementation needed to enable this, and our solution was to make this
configurable to the end user, then it is their responsibility :-)
G.
Dr S N Henson <[EMAIL PROTECTED]> on 08/12/2000 17:18:49
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc: (bcc: George Shaw/EMEA/Viewlocity)
Subject: Re: ADH + certs on same SSLCTX ??
Gregory Nicholls wrote:
>
> Hiya,
> Quick one for those in the know. Can I use both verified
> certificates and anon-DH sessions with the same SSLCTX ???. I'm
> guessing that I have to check the cipher whilst in the callback function
> and give the green light if it's an anon-DH cipher. I'd appreciate
> someone either confirming I'm on the right track or lifting me bodily
> and dumping me where I should be.
All you need to do is to enable the ADH ciphers by specifying an
appropriate cipher which includes ADH along with the authenticated
cipher suites.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]