in no time. caching would only work with little bits of data.
On 12/03/2015 10:32 PM, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Jakob Bohm
Sent: Thursday, December 03, 2015 21:11
To: openssl-users@openssl.org
Subject: Re: [openssl-users]
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Ron Croonenberg
> Sent: Monday, December 07, 2015 14:24
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] explicitly including other ciphers.
>
> if the proxy is another host, I'
That is something we have been considering, but someone is going to
bring up the fact that passwords would be in the clear.
It would be an option to have some sort of encrypted authentication
'thing' over HTTP
No it is strictly for having users, on front ends authenticate so they
will only hav
t: Re: [openssl-users] explicitly including other ciphers.
The network is isolated from the outside worl, BUT we still need
authentication because different users are using it.
So what I preferably want is sort of a set up where,
authentication is done the "standard way" and after that jus
-boun...@openssl.org] On Behalf
Of Ron Croonenberg
Sent: Thursday, December 03, 2015 18:35
To: openssl-users@openssl.org
Subject: Re: [openssl-users] explicitly including other ciphers.
The network is isolated from the outside worl, BUT we still need
authentication because different users are
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jakob Bohm
> Sent: Thursday, December 03, 2015 21:11
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] explicitly including other ciphers.
>
> On 04/12/2015 03:03, Michael Wojcik wrot
Since the network is (as I understand it) physically secure
against wiretapping, how about using plain http with http auth?
Or are you trying to protect against TCP connection hijacks by
other computers/processes on the "secure" network?
On 04/12/2015 00:35, Ron Croonenberg wrote:
The network i
On 04/12/2015 03:03, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Ron Croonenberg
Sent: Thursday, December 03, 2015 18:35
To: openssl-users@openssl.org
Subject: Re: [openssl-users] explicitly including other ciphers.
The network is isolated
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Ron Croonenberg
> Sent: Thursday, December 03, 2015 18:35
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] explicitly including other ciphers.
>
> The network is isolated from the ou
1:
correct: you could still evesdrop on the connection, BUT we know who
is on there since we authenticated. (It is a storage system, not on a
public network and has an internal network for communicating between the
node (approx 30PB and 50 servers)
We know exactly who are on there and 'thin
The network is isolated from the outside worl, BUT we still need
authentication because different users are using it.
So what I preferably want is sort of a set up where,
authentication is done the "standard way" and after that just use the
https connection without the overhead of actually
On 12/03/2015 01:50 PM, Richard Moore wrote:
If network is fully isolated you could use plain text. Using 'https'
and null encryption is basically just pretending to do security.
I've never done any work with the eNULL ciphers, so please correct me if
I'm wrong, but wouldn't they still preven
On 2 December 2015 at 17:53, Ron Croonenberg wrote:
> So the idea is to use an object store on an isolated network and push and
> get objects out of it using https.
>
>
If network is fully isolated you could use plain text. Using 'https' and
null encryption is basically just pretending to do sec
> What about openssl? (little confused here).. I would expect openssl
> being the one that needs to be rebuild, not apache.
As Viktor previously stated, openssl has the NULL ciphers built in by default.
Your reply to Rich seemed to confirm that your version of openssl does include
them:
What about openssl? (little confused here).. I would expect openssl
being the one that needs to be rebuild, not apache.
On 12/03/2015 11:15 AM, Wall, Stephen wrote:
So in general, I would have to build apache before I could use null
ciphers?
That is correct.
-spw
> So in general, I would have to build apache before I could use null
> ciphers?
That is correct.
-spw
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
So in general, I would have to build apache before I could use null ciphers?
On 12/02/2015 11:06 AM, Wall, Stephen wrote:
Encryption in https/apache is handled by mod_ssl. does that means,
since there are NULL ciphers I can just use them in apache/mod_ssl by
just changing a setting like:
SSL
> Encryption in https/apache is handled by mod_ssl. does that means,
> since there are NULL ciphers I can just use them in apache/mod_ssl by
> just changing a setting like:
>
> SSLCipherSuite eNULL
>
> in httpd.conf?
No. mod_ssl modifiers the ciphers you specify by appending
':!aNULL:!eNULL:!
thanks! that seemed to work,
So the idea is to use an object store on an isolated network and push
and get objects out of it using https.
Encryption in https/apache is handled by mod_ssl. does that means,
since there are NULL ciphers I can just use them in apache/mod_ssl by
just changing
> but if I do a: openssl ciphers -v "ALL:eNULL" | grep eNULL
Look for NULL, not eNULL. Or "Enc=None"
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ok, thanks,
but if I do a: openssl ciphers -v "ALL:eNULL" | grep eNULL
I don't see anything. How do I configure openssl so it will always be
able to use the eNULL 'encryption' ?
Ron
On 12/01/2015 06:46 PM, Viktor Dukhovni wrote:
On Tue, Dec 01, 2015 at 03:34:09PM -0700, Ron Croonenberg wro
On Tue, Dec 01, 2015 at 03:34:09PM -0700, Ron Croonenberg wrote:
> I want to build/compile openssl including the 'eNULL' cipher. I know it's
> not in ALL or default, because of "security risks".
No need to recompile.
> How do I include it and built it (downloaded a version from the github)
The
Hello,
I want to build/compile openssl including the 'eNULL' cipher. I know
it's not in ALL or default, because of "security risks".
How do I include it and built it (downloaded a version from the github)
thanks,
Ron
___
openssl-users mailing list
23 matches
Mail list logo
