Re: SSL, 'plain text' encoding, no cert

From: Hyper4S (hyper_at_4s.com)
Date: 03/10/04

Next message: Jussi P.: "Re: I have been waiting my divorcce papers from America since March, 2000 and I have not received these yet ... I am not an American .."
Previous message: SecQrilious: "I have been waiting my divorcce papers from America since March, 2000 and I have not received these yet ... I am not an American .."
In reply to: Paul Rubin: "Re: SSL, 'plain text' encoding, no cert"
Next in thread: Peter Gutmann: "Re: SSL, 'plain text' encoding, no cert"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 10 Mar 2004 09:53:55 GMT

"Paul Rubin" <http://phr.cx@NOSPAM.invalid> wrote in message
news:7xsmghqkwa.fsf@ruckus.brouhaha.com...
> That looked pretty weird to me too. SSL does support a cipher suite
> where there's no encryption (just MAC) but that suite still uses
> certificates. It's also disabled in most browsers. You have to turn
> it on through a preferences dialog if you want to use it.

You're talking about the "TLS_RSA_WITH_NULL_MD5/_SHA" ciphersuites,
providing a digest (MAC) and server authorization (by certificate) but no
encryption.

The article however is referring to the "Anonymous DH ciphersuites"
("TLS_DH_anon_..."), I guess.
Those provide encryption and digest, but no server authorization (no
certificate).

To test the "most browsers support this"-hypothese, I quickly set up an
openssl server("openssl s_server -accept 443 -nocert -www"), using no
certificates (indicated by the "-nocert" option, which restricts the
ciphersuites to the anonymous DH ones).

However, I wasnt able to connect to it, not with IE 6.0, nor with Netscape
7.1, because they had "no shared cipher".

I havent tested any other browser, but I have no reason to believe that they
would behave differently...

Grtz,

Kristof

Next message: Jussi P.: "Re: I have been waiting my divorcce papers from America since March, 2000 and I have not received these yet ... I am not an American .."
Previous message: SecQrilious: "I have been waiting my divorcce papers from America since March, 2000 and I have not received these yet ... I am not an American .."
In reply to: Paul Rubin: "Re: SSL, 'plain text' encoding, no cert"
Next in thread: Peter Gutmann: "Re: SSL, 'plain text' encoding, no cert"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: An Honest and Simple Question.
... encryption is for the printable subset of ASCII only. ... Somehow the user, or email client program, has to figure out ... obsessively single-minded about) and even more so the RSA cipher. ... It matters not that the mathematics is asymmetric or symmetric - its ...
(sci.crypt)
Re: An Honest and Simple Question.
... of a theoretically unbreakable mathematical algorithm, ... encryption is for the printable subset of ASCII only. ... Somehow the user, or email client program, has to figure out ... obsessively single-minded about) and even more so the RSA cipher. ...
(sci.crypt)
Re: An Honest and Simple Question.
... of a theoretically unbreakable mathematical algorithm, ... encryption is for the printable subset of ASCII only. ... Somehow the user, or email client program, has to figure out ... obsessively single-minded about) and even more so the RSA cipher. ...
(sci.crypt)
Re: Should Initialization Vectors be public ?
... CBC XORes every previous cipher block with next plain text block before ... encryption key on the same plain text, ... add them at the beginning of your plaintext data ...
(microsoft.public.dotnet.security)
Re: =?windows-1252?Q?Server_and_Client_Analogy_=96_The_New_Cryptography_M?= =?windows-1252?Q
... corresponding decryption program that checks her previous encryption ... sending him markup code as cipher text that will index her server ... cryptography is still very intellectually challenging in that Alice ...
(sci.crypt)