[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

SSL: Anonymous and non-anomynous

Posted on 2014-03-21
2
Medium Priority
?
559 Views
Last Modified: 2014-03-26
I have read up on SSL,

with the client sending the key, cipher and hash

The sender then verifying those fields

The client creates a master secret code and sends it to the server with its public key

The server decrytps the master secret with its private key

And thus encyption is possible

Now I am seeing references to anonymous and non-anonymous SSSL

Could some one please give me a brief descrrition of this and what the title or key phrase that identifies non-anonymous SSL ?

Any links would also be helpful

Thanks
0
Comment
Question by:Anthony Lucia
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 39945679
I didn't even know about Anonymous Ciphers, seems like a bad idea
https://www.openssl.org/docs/apps/ciphers.html#item_aNULL
http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
Although Diffie–Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite).
https://www.owasp.org/index.php/Testing_for_Weak_SSL/TSL_Ciphers,_Insufficient_Transport_Layer_Protection_%28OWASP-EN-002%29#Testing_for_Weak_SSL.2FTLS_Ciphers.2FProtocols.2FKeys_vulnerabilities
-rich
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39955294
@richrumble: That said, a CA cert only protects you from people whose money they won't take :)

I am waiting for DANE to take over, although given it destroys the CA business model, I am not expecting it to happen any time soon. Then we just have the DNS root to worry about.

Sadly, Marlinspike's Convergence never took off.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
You do not need to be a security expert to make the RIGHT security. You just need some 3D guidance, to help lay out an action plan to secure your business operations. It does not happen overnight. You just need to start now and do the first thin…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…
Suggested Courses

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question