[openssl-users] Replacing RFC2712 (was Re: Kerberos)
Nico Williams
nico at cryptonector.com
Mon May 11 16:25:33 UTC 2015
On Fri, May 08, 2015 at 10:57:52PM -0500, Nico Williams wrote:
> I should have mentioned NPN and ALPN too.
> [...]
A few more details:
- If you don't want to depend on server certs, use anon-(EC)DH
ciphersuites.
Clients and servers must reject TLS connections using such a
ciphersuite but not using a GSS-authenticated application protocol.
- The protocol MUST use GSS channel binding to TLS.
- Use SASL/GS2 instead of plain GSS and you get to use an authzid
(optional) and you get a builtin authorization status result message
at no extra cost, and all while still using GSS.
You get to optimize only the mechanism negotiation, and you get TLS w/
Kerberos (and others) and without PKIX (if you don't want it).
See RFCs 7301, 5801, 5056, and 5929 (but note that the TLS session hash
extension is required).
Nico
--
More information about the openssl-users
mailing list