Hello Erik,
The authentication occurs during the initial setup of TLS session
(handshake phase). If the peer (or peers in case of mutual authentication) is
authenticated then both sides agree in a common secrets for the session as part
handshake phase. The messages sent in the authenticated session are also
authenticated via the shared secrets known at both ends.
Regards,
-Pandit
________________________________
From: Erik Norgaard <[email protected]>
To: [email protected]
Sent: Friday, August 21, 2009 4:22:05 AM
Subject: Question regarding TLS
Hi:
This may not be the right list to ask, if so please redirect me, thanks.
I have been asked to study the possibility of using for authentication without
encryption, ie using TLS_RSA_WITH_NULL_SHA.
Reading the RFC5246, it appears that the server authentication is only possible
through key negotiation, so, for this to work, an encrypted connection would be
established, and then send a Change Cipher Spec message to disable encryption?
Using TLS_RSA_WITH_NULL_SHA, does this ensure the subsequent messages
(application data) are authenticated as well, or will it only ensure integrity?
Thanks, Erik
-- Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
