Hi: This may not be the right list to ask, if so please redirect me, thanks.
I have been asked to study the possibility of using for authentication without encryption, ie using TLS_RSA_WITH_NULL_SHA.
Reading the RFC5246, it appears that the server authentication is only possible through key negotiation, so, for this to work, an encrypted connection would be established, and then send a Change Cipher Spec message to disable encryption?
Using TLS_RSA_WITH_NULL_SHA, does this ensure the subsequent messages (application data) are authenticated as well, or will it only ensure integrity?
Thanks, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org