[stunnel-users] Distinguished Name (DN) is a cleartext network communication?
Michal Trojnara
Michal.Trojnara at mobi-com.net
Wed Jan 7 21:44:04 CET 2009
On środa, 7 stycznia 2009, Michael Renner wrote:
> I am confused. Trying to use the DN as a kind of password replacement I saw
> that the DN goes unencrypted through the network, while the traffic itself
> is encrypted of cause.
[cut]
> This is, more or less, the content of the DN. Is there a chance to encrypt
> this?
Why would you like/need to encrypt the certificate? It's sent before the
encryption keys are negotiated, so it's obviously not encrypted. A
certificate is by definition something publicly availabe, so I can't see any
reason to encrypt it.
DN can replace the username and not the password. The client authentication
needs to be performed with with the private key, and not with the
corresponding public certificate.
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090107/f9ea785c/attachment.sig>
More information about the stunnel-users
mailing list