On Mon, Sep 24, 2001 at 06:41:22AM -0700, Tim Michals wrote:
> >> Now the next step is to use SSL. Followed the server code, s_server.c,
> so
> >> how would you go about creating the file without using RSA? (Trying to
> >> avoid issues using RC5 and RC4, so I did not compile it in).
> >There's no reason to avoid RSA.
> In reading the README, there is no patent issues? Also, what about export
> issues?
The patent has expired many many moons ago. It's so dead, the
corpse has finally grown cold.
There are no export issues that would not affect any other
crypto as well as RSA. For OpenSource software the export (from the
US) issues are virtually non-existant as well. A notice to the BXA,
a notice on your web site, and a little dab'll do'ya. Closed source
proprietary software is a lot stickier.
The only issue WAS the patent issue and that's long dead and buried.
> > Also, since this is a device the url can change, so how is it possible to
> > have the browser just use SSL without verifying the server? I'm trying to
> > keep the connection simple. Due to embedded and no having a file system.
> >In general it's a REALLY bad idea to try to use SSL without server
> >authentication. This leaves you open to a number of active attacks.
> Agreed, but, isn't the name, http://<name of site> the name of site has to
> be fixed?
> What I'm saying, the client uses the name to do a certification lookup using
> another site?
Not really. The "common name" in the cert has to match the
<name of site> in the URL you specified and it has to be signed by
a CA you recognize (yes, that's over simplified, I know).
> >That said, if you want to operate without server auth you have
> >two choices:
> >(1) use DH. This has the advantage that you get perfect forward
> >secrecy.
> >(2) use RSA with a self-signed certificate. This has the advantage
> >that it will work with most any browser, whereas anonymous DH
> >support is less common.
> Help! I'm new to using OpenSSL what would be the commandline augments?
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
