mintls, maxtls, enclair, and cipher.

Achim Gratz Stromeko at nexgo.de
Sun Feb 3 18:14:39 UTC 2019


Eric S. Raymond via devel writes:
> Hal Murray <hmurray at megapathdsl.net>:
>> Please verify with a TLS wizard that you can do what you are describing with 
>> OpenSSL.  I've poked around a bit and don't know how to do that.

https://crypto.stackexchange.com/questions/8964/sending-tls-messages-with-out-encryption-using-openssl-code

> My plan is to brute-force the problem. Rather than trying to beat TLS into
> talking en clair, I'll make 'enclair' change the socket-fu so TLS never
> gets involved at all, the NTS-KE traffic goes over a bare socket.

The fly in that ointment is that the key derivation based on the TLS
session state no longer works and you'd have to monkey-patch a mockup
scaffold around that.  So better to use TLS with a NULL cipher (which
may need to be enabled first, but for a test system that's an option).


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves



More information about the devel mailing list