[openssl-users] Replacing RFC2712 (was Re: Kerberos)

Nico Williams nico at cryptonector.com
Mon May 11 16:25:33 UTC 2015

On Fri, May 08, 2015 at 10:57:52PM -0500, Nico Williams wrote:
> I should have mentioned NPN and ALPN too.
> [...]

A few more details:

 - If you don't want to depend on server certs, use anon-(EC)DH

   Clients and servers must reject TLS connections using such a
   ciphersuite but not using a GSS-authenticated application protocol.

 - The protocol MUST use GSS channel binding to TLS.

 - Use SASL/GS2 instead of plain GSS and you get to use an authzid
   (optional) and you get a builtin authorization status result message
   at no extra cost, and all while still using GSS.

You get to optimize only the mechanism negotiation, and you get TLS w/
Kerberos (and others) and without PKIX (if you don't want it).

See RFCs 7301, 5801, 5056, and 5929 (but note that the TLS session hash
extension is required).


More information about the openssl-users mailing list