[openssl-users] explicitly including other ciphers.

Ron Croonenberg ronc at lanl.gov
Thu Dec 3 23:41:22 UTC 2015


1:
correct:  you could still evesdrop on the connection,  BUT  we know who 
is on there since we authenticated.  (It is a storage system, not on a 
public network and has an internal network for communicating between the 
node (approx 30PB and 50 servers)
We know exactly who are on there and 'things' are tracked per user, it 
wouldn't make sense to "sniff" other people's connections, besides we'd 
know.


2:
It is for internal communication between nodes in a distributed storage 
system (as I mentioned 30PB 50 servers). The users will never be 
directly to the network (an IB fabric between servers) The users are on 
a front end talking to several "connectors" data transfer nodes.
I want the authentication as if it was a Unix box with hard drives. Once 
you're authenticated you have "unencrypted" access to the drives...  the 
stuff with your permissions. This networked cluster is nothing more than 
a "cluster drive"



On 12/03/2015 03:32 PM, Jacob Champion wrote:
> On 12/03/2015 01:50 PM, Richard Moore wrote:
>> ​If network is fully isolated you could use plain text. Using 'https'
>> and null encryption is basically just pretending to do security.
>
> I've never done any work with the eNULL ciphers, so please correct me if
> I'm wrong, but wouldn't they still prevent active tampering with the
> HTTPS communication?
>
> (I understand your point; most web applications today require
> confidentiality to be secure, since sniffing cookies and passwords will
> give you access to the system, but maybe the OP has a use case that
> doesn't require it.)
>
> --Jacob
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


More information about the openssl-users mailing list