1 Topic by hstr (edited by hstr 2016-06-07 22:57:01)

  • hstr
  • Member
  • Offline
  • Registered: 2016-04-28
  • Posts: 15

Topic: Performance with no encryption and no authentication

Hi,

is there a way to disable encryption and authentication?
I'd like to measure the performance without both and only found the option to disable encryption (NULL cipher suites).

Best regards
hstr

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: Performance with no encryption and no authentication

Hi,

wolfSSL only supports one anonymous cipher suite (one without authentication).  That is "TLS_DH_anon_WITH_AES_128_CBC_SHA", and can be enabled by compiling wolfSSL with "--enable-anon" or defining HAVE_ANON.  After compiling, your application can enable the anonymous cipher suite by using the following function calls, like our example client and server do:

wolfSSL_CTX_allow_anon_cipher(ctx);
wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA");

Note that this cipher suite still supports encryption.

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • hstr
  • Member
  • Offline
  • Registered: 2016-04-28
  • Posts: 15

Re: Performance with no encryption and no authentication

Hi,

thanks for the hint with the anonymous cipher. I compiled both, client and server with "HAVE_ANON", "BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA" and the command "wolfSSL_CTX_allow_anon_cipher(ctx);".
But when I connect to the server with "wolfSSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA");" set at the client, the client sends a "client hello" message but the server then runs into a error: "-501" - "can't match cipher suite".
Are there any other steps that need to be done to communicate via the anonymous cipher?

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: Performance with no encryption and no authentication

Hi hstr,

If you are using the wolfSSL example client and server, you can use the "-a" option to use the anonymous cipher.  This option will cause both client and server to call the above two functions.  It sounds like your server didn't have the anonymous cipher enabled and thus couldn't find a common cipher suite.

$ cd wolfssl-3.9.6
$ ./configure --enable-anon
$ make
$ ./examples/server/server -a

$ ./examples/client/client -a

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share