On Thu, Jun 26, 2008 at 12:50:14AM +0200, Dr. Stephen Henson wrote: > On Wed, Jun 25, 2008, Patel Dippen-CDP054 wrote: > > > The way I understand is you can have authentication and encryption with > > TLS. When you use a cipher suite, you can specify the type of > > authentication, encryption, hash, etc. > > > > So, for example, you could provide TLS_DHE_DSS_WITH_NULL_SHA meaning no > > encryption. I believe this should work. Question was, how do you setup > > the Client and Server to use this? Also, is this option available in the > > FIPS compliant module (1.2.2)? When I looked at all the FIPS compliant > > cryptographic algorithms ( > > http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf ), a > > suite with no encryption does not show up > > > > > > You set this up by setting the cipher string to an appropriate value. An > example would be "eNULL" which means "only ciphersuites with NULL encryption". > > This is not enabled by default because most users don't want to enable NULL > encryption.
Probably: eNULL:!aNULL:@STRENGTH Otherwise, you may also pickup a cipher which does integrity only without authentication or encryption: $ openssl ciphers -v 'eNULL+aNULL:@STRENGTH' AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1 -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]