Add anonymous DH/ECDH ciphersuites to the cipher list. Interop checked - botan.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	lloyd <[email protected]>	2012-04-02 17:03:04 +0000
committer	lloyd <[email protected]>	2012-04-02 17:03:04 +0000
commit	0b7fb2651b187097e9c89e37e2672ff28830371a (patch)
tree	72a3866681bd2299d1651a66e05f9ec374cf80d8 /configure.py
parent	7f0df78e77eedaf299a8dcbea2d10290b99d3521 (diff)

Add anonymous DH/ECDH ciphersuites to the cipher list. Interop checked

against OpenSSL. One big issue that needs to be resolved is that with these ciphersuites available to be negotiated, we want to make sure they only are used when the application/user expects them to. Problem is that PSK and SRP are "anonymous" but authenticated via the shared secret. We need to be able to distinguish these on a policy level. Otherwise a MITM could simply offer anon DH, which would be somewhat unfortunate. A client could detect this in the handshake callback, but might not. In the short term to ensure this doesn't occur, disable both anon DH and PSK/SRP in the default policy.

Diffstat (limited to 'configure.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: