RE: Null (or default) certificates?

2013-02-04 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of Nathan Smyth > Sent: Friday, 01 February, 2013 08:47 > Is it possible to have null, untrusted, or shared > certificates, to simplify deployment for apps that don't care > about SSL? > > Basically I have an infrastructure that uses OpenSSL for

Re: Null (or default) certificates?

2013-02-01 Thread Viktor Dukhovni
On Fri, Feb 01, 2013 at 07:22:52PM +, Nathan Smyth wrote: > In our current implementation, we assume every process has a > certificate associated with it, and thus, from a TLS perspective, > clients will validate server certificates, and servers will request > and validate client certificates

Re: Null (or default) certificates?

2013-02-01 Thread Nathan Smyth
- Original Message - From: Viktor Dukhovni To: "openssl-users@openssl.org" Cc: Sent: Friday, 1 February 2013, 15:22 Subject: Re: Null (or default) certificates? On Fri, Feb 01, 2013 at 01:46:46PM +, Nathan Smyth wrote: > Is it possible to have null, untrusted, or shared

Re: Null (or default) certificates?

2013-02-01 Thread Viktor Dukhovni
On Fri, Feb 01, 2013 at 04:24:47PM +, Nathan Smyth wrote: > > On all servers that don't require client certificates > > (can't ask for client certs when using an anonymous ciphersuite) > > enable anonymous ciphers,? > > Is it possible to both - in the sense you can check the peer's > certific

Re: Null (or default) certificates?

2013-02-01 Thread Nathan Smyth
Thanks Victor for your detailed reply. I'm still to fully understand the specifics. However, one question: > On all servers that don't require client certificates > (can't ask for client certs when using an anonymous ciphersuite) > enable anonymous ciphers,  Is it possible to both - in the sens

Re: Null (or default) certificates?

2013-02-01 Thread Viktor Dukhovni
On Fri, Feb 01, 2013 at 03:22:11PM +, Viktor Dukhovni wrote: > On Fri, Feb 01, 2013 at 01:46:46PM +, Nathan Smyth wrote: > > > Is it possible to have null, untrusted, or shared certificates, > > to simplify deployment for apps that don't care about SSL? > > Absolutely. On all servers tha

Re: Null (or default) certificates?

2013-02-01 Thread Viktor Dukhovni
On Fri, Feb 01, 2013 at 01:46:46PM +, Nathan Smyth wrote: > Is it possible to have null, untrusted, or shared certificates, > to simplify deployment for apps that don't care about SSL? Absolutely. On all servers that don't require client certificates (can't ask for client certs when using an

Null (or default) certificates?

2013-02-01 Thread Nathan Smyth
Is it possible to have null, untrusted, or shared certificates, to simplify deployment for apps that don't care about SSL? Basically I have an infrastructure that uses OpenSSL for comms. As it is protocol based, it's important that everything runs the same code (I.e. I don't want different port