[openssl-users] Replacing RFC2712 (was Re: Kerberos)

Nico Williams nico at cryptonector.com
Mon May 11 16:25:33 UTC 2015


On Fri, May 08, 2015 at 10:57:52PM -0500, Nico Williams wrote:
> I should have mentioned NPN and ALPN too.
> [...]

A few more details:

 - If you don't want to depend on server certs, use anon-(EC)DH
   ciphersuites.

   Clients and servers must reject TLS connections using such a
   ciphersuite but not using a GSS-authenticated application protocol.

 - The protocol MUST use GSS channel binding to TLS.

 - Use SASL/GS2 instead of plain GSS and you get to use an authzid
   (optional) and you get a builtin authorization status result message
   at no extra cost, and all while still using GSS.

You get to optimize only the mechanism negotiation, and you get TLS w/
Kerberos (and others) and without PKIX (if you don't want it).

See RFCs 7301, 5801, 5056, and 5929 (but note that the TLS session hash
extension is required).

Nico
-- 


More information about the openssl-users mailing list