SSL without certificates

Discussion in 'Computer Security' started by MS, Jul 3, 2003.

  1. MS

    MS Guest

    I want to use SSL for client to server communication. The server is W2K.

    I don't care about server authentication, I just want to encrypt the
    connection.

    Do I still have to create and install a dummy certificate for the
    server, or is there a way to bypass it?

    It appears the SSL/TLS standard does not require the server
    authentication step during the handshake, but how is it implemented on W2K?

    I browsed through the MS Knowledgebase but couldn't find the answer.

    MS
     
    MS, Jul 3, 2003
    #1
    1. Advertisements

  2. I don't care about server authentication, I just want to encrypt the
    You could use a shared secret.

    There's plenty of IPSec information available on TechNet, if documentation
    is what you're looking for.
     
    Keith W. McCammon, Jul 3, 2003
    #2
    1. Advertisements

  3. MS

    ho alexandre Guest

    I'll take theexample of an SSH connection.
    You always need an authentication of the server, but you only need a
    keypair, not a certificate.
     
    ho alexandre, Jul 3, 2003
    #3
  4. MS

    Splatter Guest

    I'm not sure what your specific needs are but I got around this using 2K
    at home by installing the windows certificate authority, and using it to
    roll my own CA & website certificate.
    HTH
    DP
     
    Splatter, Jul 3, 2003
    #4
  5. MS

    ASMdood Guest

    Encryption without authentication is useless.
     
    ASMdood, Jul 3, 2003
    #5
  6. MS

    RobH Guest

    Sorry not familiar with it, but:

    Entering your question (Microsoft implementation of ssl in Windows
    2000) into the Search the Knowledge Base at the top of Microsoft's
    Online Support site, provides several results, and hopefully some
    might discuss that. I see the mention of white papers on
    implementation, but have not read any of them so far.

    Other possible helps might be the MSDN home website, and the
    Windows Platform SDK.

    Searches for "certificateless ssl" and "certificateless tls" at
    those sites, as well as on the Web, might also produce other
    results for you.

    Regards, RobH.



    Splatter wrote:

    As I stated in my original post, I cannot find the answers in
    Microsoft
    documentation. Anybody out there who is familiar with the
    Microsoft
    implementation of SSL in W2K and can answer my question?

    MS
     
    RobH, Jul 5, 2003
    #6
  7. MS

    Ms Guest

    Ms, Jul 7, 2003
    #7
  8. MS

    MS Guest

    The TLS standard allows "anonymous" key exchange. That is, the symmetric
    key is generated without a priori authentication of the two parties. For
    example, the Diffie-Hellman protocol can be used for that --- in
    essence, each party creates a piece of the key, they exchange the two
    pieces, and put them together to form the common secret key. And it's
    done in such a way that an eavesdropper cannot recreate the key.

    MS
     
    MS, Jul 7, 2003
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.