Re: authentication (SRP*, DH, TLS)



Paul Rubin wrote:
gmu2006@xxxxxxxxx writes:
Of course you would still use certs with this mode.

seems I've misread that. maybe you are talking about
SSL_OP_SINGLE_DH_USE?

No I mean you'd use a cipher suite that supports EDH with authentication,
like TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA.

There are some unauthenticated suites but you don't want to do that.

I've been able to lend "Network Security with OpenSSL" by
"Pravir Chandra, Matt Messier, John Viega" from 2002 and
am reading that now. I should see if I can get the "SSL and TLS" too.
btw, I hope there's no big performance impact when using
SSL_OP_SINGLE_DH_USE on powerpc (603), and x86_32 (<2GHz).

.