|
SSL without certificates
I want to use SSL for client to server communication. The server is W2K.
I don't care about server authentication, I just want to encrypt the connection. Do I still have to create and install a dummy certificate for the server, or is there a way to bypass it? It appears the SSL/TLS standard does not require the server authentication step during the handshake, but how is it implemented on W2K? I browsed through the MS Knowledgebase but couldn't find the answer. MS |
Re: SSL without certificates
> I don't care about server authentication, I just want to encrypt the
> connection. You could use a shared secret. There's plenty of IPSec information available on TechNet, if documentation is what you're looking for. |
Re: SSL without certificates
MS wrote:
> I want to use SSL for client to server communication. The server is W2K. > > I don't care about server authentication, I just want to encrypt the > connection. I'll take theexample of an SSH connection. You always need an authentication of the server, but you only need a keypair, not a certificate. -- Xandrex |
Re: SSL without certificates
"MS" <ms@ms.net> wrote in message news:3F0428C6.5020609@ms.net... > I want to use SSL for client to server communication. The server is W2K. > I don't care about server authentication, I just want to encrypt the > connection. > Do I still have to create and install a dummy certificate for the > server, or is there a way to bypass it? I'm not sure what your specific needs are but I got around this using 2K at home by installing the windows certificate authority, and using it to roll my own CA & website certificate. HTH DP |
Re: SSL without certificates
On Thu, 03 Jul 2003 08:59:50 -0400, MS <ms@ms.net> wrote:
>I want to use SSL for client to server communication. The server is W2K. > >I don't care about server authentication, I just want to encrypt the >connection. > >Do I still have to create and install a dummy certificate for the >server, or is there a way to bypass it? > >It appears the SSL/TLS standard does not require the server >authentication step during the handshake, but how is it implemented on W2K? > >I browsed through the MS Knowledgebase but couldn't find the answer. > >MS Encryption without authentication is useless. |
Re: SSL without certificates
Sorry not familiar with it, but:
Entering your question (Microsoft implementation of ssl in Windows 2000) into the Search the Knowledge Base at the top of Microsoft's Online Support site, provides several results, and hopefully some might discuss that. I see the mention of white papers on implementation, but have not read any of them so far. Other possible helps might be the MSDN home website, and the Windows Platform SDK. Searches for "certificateless ssl" and "certificateless tls" at those sites, as well as on the Web, might also produce other results for you. Regards, RobH. "MS" <ms@ms.net> wrote in message news:3F05AC99.5040000@ms.net... Splatter wrote: As I stated in my original post, I cannot find the answers in Microsoft documentation. Anybody out there who is familiar with the Microsoft implementation of SSL in W2K and can answer my question? MS |
Re: SSL without certificates
You can generate "test" sertificate and do not think about "anonymous tls"
http://www.stunnel.org/pem/ or you can use http://www.stunnel.org/ vs. MS ISAPI SSL filter on 443 but stunnel USEs sertificates too: http://www.stunnel.org/faq/stunnel.html#certificates "> Does the Microsoft W2K implementation of SSL=TLS allow bypassing the > handshake step that sends server's certificate to the client? In other > words, can I set up an SSL-encrypted connections to the W2K server > without installing a certificate on the server? > > The specification of the TLS standard does allow that: The handshake > protocol can be set up so that no certificates are used, and the client > and the server use an "anonymous" key exchange protocol to agree on an > encryption key. The question is, does Microsoft implementation allow it? > And if so, how do I configure the server to operate this way? > > |
Re: SSL without certificates
Terry wrote: > Quote: mccarthur@btinternet.com wrote that the client needs the server's > cert > because the client uses the public key from the cert to encrypt the data > sent to the server. That is not correct. The data sent back and forth > along the SSL connection are encrypted using a symmetric (secret) key, > not a public key. The secret key is created during the SSL handshake. > > As far as I know, in a SSL connection, the server's cert sent to client is > used to encrypt the session key(secret symmetric key) generated on the > client side which is then sent to the server for use in the connection. So > if the you dont use a server's cert, how can this be done? > The TLS standard allows "anonymous" key exchange. That is, the symmetric key is generated without a priori authentication of the two parties. For example, the Diffie-Hellman protocol can be used for that --- in essence, each party creates a piece of the key, they exchange the two pieces, and put them together to form the common secret key. And it's done in such a way that an eavesdropper cannot recreate the key. MS |
| All times are GMT. The time now is 07:21 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.