AngelWarrior <srikanth.bemin...@gmail.com> writes: > but this still requires a CA kind of certificate right. > I dont know if the client will be have a CA certificate > to authenticate it.If I am wrong please explain me how > it can be done.
The server must have or know something that an attacker does not have or know. Otherwise, there is no way for the client to know that it is talking to the server, which you have said is a requirement. So the question is: What would you like to be that something that the server has or knows that an attacker cannot have or know? It can be a CA certificate, but it does not have to be. However, it must be something. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org