On Fri, Aug 21, 2015 at 4:07 PM, Salz, Rich <rsalz at akamai.com> wrote: > > >Are there any recommended ways to avoid certificates being sent in > cleartext? That is, to first establish an anonymous encrypted channel, and > then to authenticate within the encrypted channel. > > Not without breaking the protocol. > If interoperability with other software (clients / servers) is not an issue, are there any known configuration / tweaks / minor changes that could be used in openssl? As I understand from the "Transport Layer Security (TLS) Encrypted Handshake Extension, draft-ray-tls-encrypted-handshake-00", the defined way would be to perform an anonymous unencrypted handshake and then to renegotiate the connection, within the encrypted channel. However, it appears that renegotiation will be removed in TLS 1.3, < https://tools.ietf.org/html/draft-ietf-tls-tls13-07>. So, I am looking for a way to achieve identity hiding for DTLS 1.2, which also hopefully can be used in (D)TLS 1.3, when available. > > >I am also aware of some of the work in progress on TLS 1.3. It would be > helpful to understand what is reasonable to expect from the changes > introduced in (D)TLS 1.3 in this respect. > > Perhaps the tls at ietf list is a better place to discuss this. > Yes, I will do that, but I wanted to see what the options for (D)TLS 1.2 would be first. Thanks Viktor S. Wold Eide -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150824/00836c09/attachment.html>
