[stunnel-users] Distinguished Name (DN) is a cleartext network communication?

Michal Trojnara Michal.Trojnara at mobi-com.net
Wed Jan 7 21:44:04 CET 2009


On środa, 7 stycznia 2009, Michael Renner wrote:
> I am confused. Trying to use the DN as a kind of password replacement I saw
> that the DN goes unencrypted through the network, while the traffic itself
> is encrypted of cause.
[cut]
> This is, more or less, the content of the DN. Is there a chance to encrypt 
> this?

Why would you like/need to encrypt the certificate?  It's sent before the 
encryption keys are negotiated, so it's obviously not encrypted.  A 
certificate is by definition something publicly availabe, so I can't see any 
reason to encrypt it.

DN can replace the username and not the password.  The client authentication 
needs to be performed with with the private key, and not with the 
corresponding public certificate.

Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090107/f9ea785c/attachment.sig>


More information about the stunnel-users mailing list