Anonymous DH (ADH) in real world applications

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Anonymous DH (ADH) in real world applications

Anton
Hello

Does anyone know some examples of applications using
ADH ciphersuites for TLS connections in production
environment?

I know it is vulnerable to MITM, but it still can
be useful, for example if communicating devices do
not store state data for authentication (unique
certificate per instance), but protection from
passive eavesdropping is desirable.

Is it reasonable to expect having ADH support enabled
in future releases of OpenSSL?

Anton

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Anonymous DH (ADH) in real world applications

Kurt Roeckx
On Sun, Aug 19, 2018 at 02:36:30PM +0200, Anton wrote:
> Hello
>
> Does anyone know some examples of applications using
> ADH ciphersuites for TLS connections in production
> environment?

At least postfix can use it for SMTP.


Kurt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Anonymous DH (ADH) in real world applications

Jakob Bohm-7
In reply to this post by Anton
On 19/08/2018 14:36, Anton wrote:

> Hello
>
> Does anyone know some examples of applications using
> ADH ciphersuites for TLS connections in production
> environment?
>
> I know it is vulnerable to MITM, but it still can
> be useful, for example if communicating devices do
> not store state data for authentication (unique
> certificate per instance), but protection from
> passive eavesdropping is desirable.
>
> Is it reasonable to expect having ADH support enabled
> in future releases of OpenSSL?
>
> Anton
>
The common secure use is to combine ADH with a mechanism that
authenticates the session (handshake messages and or a derived
value) over the connection, thus removing the MiTM problem.

That mechanism is generally application level, but may or may
not use various dedicated TLS features to get such a derived
value, depending on the oldest TLS library originally supported
by that application protocol (for example if the application
protocol was originally designed to cope with TLS libraries that
provide only "form X" of the handshake data, then the the
application protocol would specify an element that authenticates
the "form X" value and won't interoperate with code that uses a
more modern "form Y" value even if the application code no longer
supports TLS libraries not offering "form Y").

(As usual, X and Y are placeholders).

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Anonymous DH (ADH) in real world applications

Viktor Dukhovni
In reply to this post by Kurt Roeckx


> On Aug 19, 2018, at 8:41 AM, Kurt Roeckx <[hidden email]> wrote:
>
>> Does anyone know some examples of applications using
>> ADH ciphersuites for TLS connections in production
>> environment?
>
> At least postfix can use it for SMTP.

And prefers it by default with opportunistic TLS, when authentication
is not enabled for the destination.

        http://www.postfix.org/TLS_README.html#client_tls_may
        http://www.postfix.org/TLS_README.html#client_cipher

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users