On Wed, Jun 25, 2008, Patel Dippen-CDP054 wrote: > The way I understand is you can have authentication and encryption with > TLS. When you use a cipher suite, you can specify the type of > authentication, encryption, hash, etc. > > So, for example, you could provide TLS_DHE_DSS_WITH_NULL_SHA meaning no > encryption. I believe this should work. Question was, how do you setup > the Client and Server to use this? Also, is this option available in the > FIPS compliant module (1.2.2)? When I looked at all the FIPS compliant > cryptographic algorithms ( > http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf ), a > suite with no encryption does not show up > >
You set this up by setting the cipher string to an appropriate value. An example would be "eNULL" which means "only ciphersuites with NULL encryption". This is not enabled by default because most users don't want to enable NULL encryption. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]