Re: [Exim] (slightly ot) could use some ssl help

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Matthew Byng-Maddick
Datum:  
To: exim-users
Betreff: Re: [Exim] (slightly ot) could use some ssl help
On Sat, Apr 20, 2002 at 04:39:05AM +0200, Tamas TEVESZ wrote:
> in my code, i'm setting up acceptable ssl ciphers, which is pretty
> much everthing my pike7.2 installation knows about:
>
>         context->preferred_suites = ({

[...]
>                 SSL_rsa_with_3des_ede_cbc_sha,

[...]
>         });

>

[...]
> i know Matthew won't like me for this :), but the setup is pretty much
> expecting opportunistic encryption (so no certs on the exim side, nor
> on the client side).


Nothing to do with my liking it or not ;-) but if you use SSL_rsa_... then
you must have at least one certificate, as the RSA methods send a half a
secret encrypted with the server's key (and a certificate needs to be
presented to do this). I'd say that you ought to only use the SSL_dh (not
sure about the _dhe_ suites, not come across those before) if you want to
support no *server* certificates. Even then, I'm not sure if SSL allows
you to do this.

MBM

--
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/