On Sun, Feb 03, 2008 at 09:44:03AM -0800, JCA wrote:
> I am trying to use the openssl command line utility in order to
> launch an SSL server supporting the NULL encryption cipher (I am
> trying to debug a simple SSL client.) To that effect, I launch openssl
> as follows:
You are not being specific about what you mean by "NULL". TLS provides
both encryption with no authentication (aNULL ciphers) and authentication
with no encryption (eNULL ciphers). The default cipher list includes
only ciphersuites with both authentication and encryption.
Authentication requires a server certificate.
> # openssl s_server -accept 443 -nocert -WWW -cipher 'ALL:NULL'
This is requesting a cipher that neither authenticates nor encrypts. There
is just one cipher-suite that does that available with 0.9.8 and later:
$ openssl ciphers -v 'aNULL+eNULL'
AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1
This does anonymous elliptic curve DH key exchange, and provides integrity
(SHA1) with no encryption.
> The client is proposing the following ciphersuites:
>
> TLS_RSA_WITH_NULL_SHA
> TLS_RSA_WITH_NULL_MD5
The client is looking for RSA server certificates. It supports 'eNULL',
but not 'aNULL' ciphers.
> But the server does not like this at all :-( It always replies with
>
> 20962:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:s3_srvr.c:974:
The server is right.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
