[openssl-users] explicitly including other ciphers.
Jacob Champion
champion.p at gmail.com
Thu Dec 3 22:32:58 UTC 2015
On 12/03/2015 01:50 PM, Richard Moore wrote:
> If network is fully isolated you could use plain text. Using 'https'
> and null encryption is basically just pretending to do security.
I've never done any work with the eNULL ciphers, so please correct me if
I'm wrong, but wouldn't they still prevent active tampering with the
HTTPS communication?
(I understand your point; most web applications today require
confidentiality to be secure, since sniffing cookies and passwords will
give you access to the system, but maybe the OP has a use case that
doesn't require it.)
--Jacob
More information about the openssl-users
mailing list