[openssl-users] Anonymous DH (ADH) in real world applications

Jakob Bohm jb-openssl at wisemo.com
Mon Aug 20 23:45:29 UTC 2018

On 19/08/2018 14:36, Anton wrote:
> Hello
> Does anyone know some examples of applications using
> ADH ciphersuites for TLS connections in production
> environment?
> I know it is vulnerable to MITM, but it still can
> be useful, for example if communicating devices do
> not store state data for authentication (unique
> certificate per instance), but protection from
> passive eavesdropping is desirable.
> Is it reasonable to expect having ADH support enabled
> in future releases of OpenSSL?
> Anton
The common secure use is to combine ADH with a mechanism that
authenticates the session (handshake messages and or a derived
value) over the connection, thus removing the MiTM problem.

That mechanism is generally application level, but may or may
not use various dedicated TLS features to get such a derived
value, depending on the oldest TLS library originally supported
by that application protocol (for example if the application
protocol was originally designed to cope with TLS libraries that
provide only "form X" of the handshake data, then the the
application protocol would specify an element that authenticates
the "form X" value and won't interoperate with code that uses a
more modern "form Y" value even if the application code no longer
supports TLS libraries not offering "form Y").

(As usual, X and Y are placeholders).


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list