mintls, maxtls, enclair, and cipher.

Eric S. Raymond esr at thyrsus.com
Sun Feb 3 18:44:36 UTC 2019


Achim Gratz via devel <devel at ntpsec.org>:
> Eric S. Raymond via devel writes:
> > Hal Murray <hmurray at megapathdsl.net>:
> >> Please verify with a TLS wizard that you can do what you are describing with 
> >> OpenSSL.  I've poked around a bit and don't know how to do that.
> 
> https://crypto.stackexchange.com/questions/8964/sending-tls-messages-with-out-encryption-using-openssl-code
> 
> > My plan is to brute-force the problem. Rather than trying to beat TLS into
> > talking en clair, I'll make 'enclair' change the socket-fu so TLS never
> > gets involved at all, the NTS-KE traffic goes over a bare socket.
> 
> The fly in that ointment is that the key derivation based on the TLS
> session state no longer works and you'd have to monkey-patch a mockup
> scaffold around that.  So better to use TLS with a NULL cipher (which
> may need to be enabled first, but for a test system that's an option).

Good to know.  I'll remove "enclair" and, in anticipation, add this as
the intent of 'cipher "null"'. 
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.




More information about the devel mailing list