mintls, maxtls, enclair, and cipher.
Eric S. Raymond
esr at thyrsus.com
Sun Feb 3 18:44:36 UTC 2019
Achim Gratz via devel <devel at ntpsec.org>:
> Eric S. Raymond via devel writes:
> > Hal Murray <hmurray at megapathdsl.net>:
> >> Please verify with a TLS wizard that you can do what you are describing with
> >> OpenSSL. I've poked around a bit and don't know how to do that.
>
> https://crypto.stackexchange.com/questions/8964/sending-tls-messages-with-out-encryption-using-openssl-code
>
> > My plan is to brute-force the problem. Rather than trying to beat TLS into
> > talking en clair, I'll make 'enclair' change the socket-fu so TLS never
> > gets involved at all, the NTS-KE traffic goes over a bare socket.
>
> The fly in that ointment is that the key derivation based on the TLS
> session state no longer works and you'd have to monkey-patch a mockup
> scaffold around that. So better to use TLS with a NULL cipher (which
> may need to be enabled first, but for a test system that's an option).
Good to know. I'll remove "enclair" and, in anticipation, add this as
the intent of 'cipher "null"'.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
More information about the devel
mailing list