[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tlsverifyclient security implications




Thank you all for your responses.
You guys are awesome!


This is what I've been worried about with the encryption.
I wanted to make sure the encryption was "secure", so to speak.


-Josh




On Mon, 2009-08-24 at 08:30 -0400, Emmanuel Dreyfus wrote:
Howard Chu <hyc@symas.com> wrote:

> But certificates are not a required element for encryption of a connection -
> after all, TLS also supports anonymous Diffie-Hellman key exchange.

Sure, but encryption without authentication makes little sense, as you
don't know who you are securely speaking to: you can get an encrypted
link to a man in the middle.