On Dec 22, 2007 1:04 PM, Tom Lane <[EMAIL PROTECTED]> wrote:
> Peter Eisentraut <[EMAIL PROTECTED]> writes:
> > Wouldn't SSL work over Unix-domain sockets as well? The API only deals with
> > file descriptors.
>
> Hmm ... we've always thought of SSL as being primarily comm security
> and thus useless on a Unix socket, but the mutual authentication aspect
> could come in handy as an answer for this type of threat. Anyone want
> to try this and see if it really works or not?
>
> Does OpenSSL have a mode where it only does mutual auth and not
> encryption? The encryption would be wasted cycles in this scenario,
> so being able to turn it off would be nice.
>
[EMAIL PROTECTED]:~$ openssl ciphers -v 'NULL'
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
I see no way to turn off the message digest, but maybe that's just an
added benefit.
--miker
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
