SSL/TLS Authentication only - Openssl

This is a discussion on SSL/TLS Authentication only - Openssl ; Is it possible to use TLS authentication only? If so, how do I do this using OpenSSL?...

+ Reply to Thread
Results 1 to 5 of 5

Thread: SSL/TLS Authentication only

  1. SSL/TLS Authentication only

    Is it possible to use TLS authentication only? If so, how do I do this
    using OpenSSL?


  2. Re: SSL/TLS Authentication only

    What exactly do you mean? What other possible kinds of authentication do you
    have available? If you just want a TLS-based client and server, then OpenSSL
    can serve your purpose.


    Vijay K.

    On Wed, Jun 25, 2008 at 9:01 PM, Patel Dippen-CDP054 <
    Dippen.Patel@motorola.com> wrote:

    > Is it possible to use TLS authentication only? If so, how do I do this
    > using OpenSSL?
    >



  3. RE: SSL/TLS Authentication only

    The way I understand is you can have authentication and encryption with
    TLS. When you use a cipher suite, you can specify the type of
    authentication, encryption, hash, etc.

    So, for example, you could provide TLS_DHE_DSS_WITH_NULL_SHA meaning no
    encryption. I believe this should work. Question was, how do you setup
    the Client and Server to use this? Also, is this option available in the
    FIPS compliant module (1.2.2)? When I looked at all the FIPS compliant
    cryptographic algorithms (
    http://csrc.nist.gov/publications/ni...2/SP800-52.pdf ), a
    suite with no encryption does not show up

    ________________________________

    From: owner-openssl-users@openssl.org
    [mailtowner-openssl-users@openssl.org] On Behalf Of Vijay Kotari
    Sent: Wednesday, June 25, 2008 4:03 PM
    To: openssl-users@openssl.org
    Subject: Re: SSL/TLS Authentication only


    What exactly do you mean? What other possible kinds of authentication do
    you have available? If you just want a TLS-based client and server, then
    OpenSSL can serve your purpose.


    Vijay K.


    On Wed, Jun 25, 2008 at 9:01 PM, Patel Dippen-CDP054
    wrote:


    Is it possible to use TLS authentication only? If so, how do I
    do this using OpenSSL?




  4. Re: SSL/TLS Authentication only

    On Wed, Jun 25, 2008, Patel Dippen-CDP054 wrote:

    > The way I understand is you can have authentication and encryption with
    > TLS. When you use a cipher suite, you can specify the type of
    > authentication, encryption, hash, etc.
    >
    > So, for example, you could provide TLS_DHE_DSS_WITH_NULL_SHA meaning no
    > encryption. I believe this should work. Question was, how do you setup
    > the Client and Server to use this? Also, is this option available in the
    > FIPS compliant module (1.2.2)? When I looked at all the FIPS compliant
    > cryptographic algorithms (
    > http://csrc.nist.gov/publications/ni...2/SP800-52.pdf ), a
    > suite with no encryption does not show up
    >
    >


    You set this up by setting the cipher string to an appropriate value. An
    example would be "eNULL" which means "only ciphersuites with NULL encryption".

    This is not enabled by default because most users don't want to enable NULL
    encryption.

    Steve.
    --
    Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
    OpenSSL project core developer and freelance consultant.
    Homepage: http://www.drh-consultancy.demon.co.uk
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  5. Re: SSL/TLS Authentication only

    On Thu, Jun 26, 2008 at 12:50:14AM +0200, Dr. Stephen Henson wrote:

    > On Wed, Jun 25, 2008, Patel Dippen-CDP054 wrote:
    >
    > > The way I understand is you can have authentication and encryption with
    > > TLS. When you use a cipher suite, you can specify the type of
    > > authentication, encryption, hash, etc.
    > >
    > > So, for example, you could provide TLS_DHE_DSS_WITH_NULL_SHA meaning no
    > > encryption. I believe this should work. Question was, how do you setup
    > > the Client and Server to use this? Also, is this option available in the
    > > FIPS compliant module (1.2.2)? When I looked at all the FIPS compliant
    > > cryptographic algorithms (
    > > http://csrc.nist.gov/publications/ni...2/SP800-52.pdf ), a
    > > suite with no encryption does not show up
    > >
    > >

    >
    > You set this up by setting the cipher string to an appropriate value. An
    > example would be "eNULL" which means "only ciphersuites with NULL encryption".
    >
    > This is not enabled by default because most users don't want to enable NULL
    > encryption.


    Probably:

    eNULL:!aNULL:@STRENGTH

    Otherwise, you may also pickup a cipher which does integrity only without
    authentication or encryption:

    $ openssl ciphers -v 'eNULL+aNULL:@STRENGTH'
    AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1

    --
    Viktor.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread