Eric Young wrote:
>
> On Sun, 26 Apr 1998, Tomas Hellberg wrote:
> > Is it possible to use som kind of "NULL-encryption" method with SSLeay?
>
> To protect people from themselves, by default, NULL encryption is disabled in
> SSLeay. To re-enable it, edit the makefile and define SSL_ALLOW_ENULL (or
> from the makefile
> # SSL_ALLOW_ENULL - define if you want the server to be able to use the
> # NULL encryption ciphers.
>
OK, I've done that and s_client can talk to s_server just fine with the
eNULL method, which evaluates as follows:
C:\Projekt\cert>ssleay ciphers -v eNULL
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
The problem is tat I can't get Netscape or MSIE to connect to s_server.
Netscape shows some dialogs presenting the certificate used and states
that the cipher is NULL with 0 secret bits together with MD5. After
this, the handshake fails, and Netscape claims "Connection reset by
peer". Below is the information flow during the handshake. The "->"
marks data from Netscape to s_server, and "<-" is the response from
s_server.
-> 0000: 80 28 01 03 00 00 0F 00 00 00 10 02 00 80 04 00
.(..............
-> 0010: 80 00 00 03 00 00 06 00 00 01 EF 26 C1 93 59 55
...........&..YU
-> 0020: 10 E4 6C 22 7D CF 65 06 AE 54 ..l"}.e..T
<- 0000: 16 03 00 00 4A 02 00 00 46 03 00 35 44 1A DB FC
?...J...F..5D?..
<- 0010: 61 23 DC F6 08 D7 5A 2F 4B 42 3E DA 1A B7 F0 BE
a#....Z/KB>.?...
<- 0020: 55 EA 03 AF C0 39 F8 3E 19 73 8F 20 F7 34 D0 E7 U....9.>?s.
.4..
<- 0030: 7D F9 81 1F C9 6F 16 28 CD 41 AC C6 FA 95 3D 11
}..?.o?(.A....=.
<- 0040: 4A 85 CA 5B 7F D5 9D F2 F6 4D E6 16 00 01 00 16
J..[�....M.?...?
<- 0050: 03 00 01 66 0B 00 01 62 00 01 5F 00 01 5C 30 82
...f...b.._..\0.
<- 0060: 01 58 30 82 01 02 02 01 00 30 0D 06 09 2A 86 48
.X0......0...*.H
<- 0070: 86 F7 0D 01 01 04 05 00 30 37 31 0B 30 09 06 03
........071.0...
<- 0080: 55 04 06 13 02 53 45 31 14 30 12 06 03 55 04 0A
U....SE1.0...U..
<- 0090: 13 0B 4B 6C 69 65 6E 74 70 72 6F 78 79 31 12 30
..Klientproxy1.0
<- 00A0: 10 06 03 55 04 03 13 09 6C 6F 63 61 6C 68 6F 73
...U....localhos
<- 00B0: 74 30 1E 17 0D 39 38 30 34 32 30 31 35 32 34 31
t0??.98042015241
<- 00C0: 33 5A 17 0D 33 38 30 31 31 38 31 35 32 34 31 33
3Z?.380118152413
<- 00D0: 5A 30 37 31 0B 30 09 06 03 55 04 06 13 02 53 45
Z071.0...U....SE
<- 00E0: 31 14 30 12 06 03 55 04 0A 13 0B 4B 6C 69 65 6E
1.0...U....Klien
<- 00F0: 74 70 72 6F 78 79 31 12 30 10 06 03 55 04 03 13
tproxy1.0...U...
<- 0100: 09 6C 6F 63 61 6C 68 6F 73 74 30 5C 30 0D 06 09
.localhost0\0...
<- 0110: 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B 00 30 48
*.H.........K.0H
<- 0120: 02 41 00 BC F9 E7 E9 8E 0D C0 A6 B2 9C 8A FE 05
.A..............
<- 0130: 86 85 95 8D 89 AF 62 70 67 90 B3 71 2A CD 2D 7A
......bpg..q*.-z
<- 0140: E4 BB 42 77 5B DC 85 06 3F 3B B1 4B CC 5A 24 FE
..Bw[...?;.K.Z$.
<- 0150: D4 AB E2 9D E6 FE C9 20 9D A4 A7 C5 E6 A0 95 AF .......
........
<- 0160: 4D 3B D1 02 03 01 00 01 30 0D 06 09 2A 86 48 86
M;......0...*.H.
<- 0170: F7 0D 01 01 04 05 00 03 41 00 01 AB 59 84 03 C1
........A...Y...
<- 0180: 3C D4 CB C1 F9 8F 16 8B 46 6B A4 71 09 99 C2 02
<.....?.Fk.q....
<- 0190: FF E0 F5 74 75 69 98 21 D3 48 71 A8 8A 77 5D 4F
...tui.!.Hq..w]O
<- 01A0: 10 E1 70 7C 55 42 FD BC 18 73 F3 D6 F3 C8 3E 68
..p|UB..?s....>h
<- 01B0: A8 E1 EA B3 13 A9 B2 AA ED 28 16 03 00 00 04 0E
.........(?.....
<- 01C0: 00 00 00 ...
-> 0000: 15 03 00 00 02 01 00 �......
I've enabled the checkbox for NULL-MD5 in Netscape's security settings.
Any ideas?
--
Tomas Hellberg, SECTRA, http://www.sectra.se/
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
