On Thu, Jun 26, 2008 at 12:50:14AM +0200, Dr. Stephen Henson wrote:
> On Wed, Jun 25, 2008, Patel Dippen-CDP054 wrote:
>
> > The way I understand is you can have authentication and encryption with
> > TLS. When you use a cipher suite, you can specify the type of
> > authentication, encryption, hash, etc.
> >
> > So, for example, you could provide TLS_DHE_DSS_WITH_NULL_SHA meaning no
> > encryption. I believe this should work. Question was, how do you setup
> > the Client and Server to use this? Also, is this option available in the
> > FIPS compliant module (1.2.2)? When I looked at all the FIPS compliant
> > cryptographic algorithms (
> > http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf ), a
> > suite with no encryption does not show up
> >
> >
>
> You set this up by setting the cipher string to an appropriate value. An
> example would be "eNULL" which means "only ciphersuites with NULL encryption".
>
> This is not enabled by default because most users don't want to enable NULL
> encryption.
Probably:
eNULL:!aNULL:@STRENGTH
Otherwise, you may also pickup a cipher which does integrity only without
authentication or encryption:
$ openssl ciphers -v 'eNULL+aNULL:@STRENGTH'
AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
