[openssl-users] Privacy considerations - identity hiding from eavesdropping in (D)TLS

Salz, Rich rsalz at akamai.com
Fri Aug 21 14:07:44 UTC 2015


>Are there any recommended ways to avoid certificates being sent in cleartext? That is, to first establish an anonymous encrypted channel, and then to authenticate within the encrypted channel.

Not without breaking the protocol.

>I am also aware of some of the work in progress on TLS 1.3. It would be helpful to understand what is reasonable to expect from the changes introduced in (D)TLS 1.3 in this respect.

Perhaps the tls at ietf list is a better place to discuss this.


More information about the openssl-users mailing list