On Dec 22, 2007 1:04 PM, Tom Lane <[EMAIL PROTECTED]> wrote: > Peter Eisentraut <[EMAIL PROTECTED]> writes: > > Wouldn't SSL work over Unix-domain sockets as well? The API only deals with > > file descriptors. > > Hmm ... we've always thought of SSL as being primarily comm security > and thus useless on a Unix socket, but the mutual authentication aspect > could come in handy as an answer for this type of threat. Anyone want > to try this and see if it really works or not? > > Does OpenSSL have a mode where it only does mutual auth and not > encryption? The encryption would be wasted cycles in this scenario, > so being able to turn it off would be nice. >
[EMAIL PROTECTED]:~$ openssl ciphers -v 'NULL' NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1 NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5 I see no way to turn off the message digest, but maybe that's just an added benefit. --miker ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly