On 03/11/2015 01:28 PM, Shawn Fernandes via RT wrote:
Hi,
At the moment, we have SSL handshake making use of a single certificate, using
a single key-pair present in the certificate.
In the event the MITM has the same certificate(SSL - offloader) then the data
can be encrypted/decrypted.
In addition to client authentication, another approach would be to use
TLS-SRP to protect against MITM. Without the SRP credentials, the
attacker would not be able to establish the two TLS connections required
for MITM.
On 03/11/2015 09:35 AM, Short, Todd via RT wrote:
This is more of a request
We have no plans to do this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi,
At the moment, we have SSL handshake making use of a single certificate, using
a single key-pair present in the certificate.
In the event the MITM has the same certificate(SSL - offloader) then the data
can be encrypted/decrypted.
Would like to know if we can have the enhancement of using
This is more of a request to change the TLS protocol, than an enhancement to
OpenSSL.
DHE and ECDHE ciphers provide PFS to protect against compromised public
key-pairs.
However, if a MITM has the same certificate, signed by a trusted certificate
authority, then most bets are off.
This is more of a request to change the TLS protocol, than an enhancement to
OpenSSL.
DHE and ECDHE ciphers provide PFS to protect against compromised public
key-pairs.
However, if a MITM has the same certificate, signed by a trusted certificate
authority, then most bets are off.