Solved

SSL: Anonymous and non-anomynous

Posted on 2014-03-21
2
452 Views
Last Modified: 2014-03-26
I have read up on SSL,

with the client sending the key, cipher and hash

The sender then verifying those fields

The client creates a master secret code and sends it to the server with its public key

The server decrytps the master secret with its private key

And thus encyption is possible

Now I am seeing references to anonymous and non-anonymous SSSL

Could some one please give me a brief descrrition of this and what the title or key phrase that identifies non-anonymous SSL ?

Any links would also be helpful

Thanks
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39945679
I didn't even know about Anonymous Ciphers, seems like a bad idea
https://www.openssl.org/docs/apps/ciphers.html#item_aNULL
http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
Although Diffie–Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite).
https://www.owasp.org/index.php/Testing_for_Weak_SSL/TSL_Ciphers,_Insufficient_Transport_Layer_Protection_%28OWASP-EN-002%29#Testing_for_Weak_SSL.2FTLS_Ciphers.2FProtocols.2FKeys_vulnerabilities
-rich
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39955294
@richrumble: That said, a CA cert only protects you from people whose money they won't take :)

I am waiting for DANE to take over, although given it destroys the CA business model, I am not expecting it to happen any time soon. Then we just have the DNS root to worry about.

Sadly, Marlinspike's Convergence never took off.
0

Featured Post

RoboForm Secure Password Management System

RoboForm Everywhere - Superb Browser Support
Windows / Apple / IOS / Android / Linux / Chrome OS
Use different complex passwords everywhere
Best Secure Password Management by far
Synchronize all of your devices instantly
Safe, Secure & Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question