Tharanga wrote:
> Hi All,
>
> Accoring to the nrpe documentation NRPE has the option for Encrypting
> Network traffic using
> SSL/TLS from openssl. The Encryption is done using a set encryption routine
> of
> AES-256 Bit Encryption using SHA and Anon-DH. This encryptsall traffic using
> the NRPE sockets from the client to the server.
>
> when i see the code i can see only the cipher list (ADH). so how this AES
> and SHA invlove ?
> ADH is the key agreement protocol. but it uses ADH and server or client will
> not be autheticated. breaking the ADH cipher is not computaitonally feasible
> at the moment.and you need to find the fisr packet (Man in the Middle
> attack) , so its not practical. then how this AES encryption , and SHA work
> in the protocol.
>
>
> many thanks,
>
Anon-DH is the key exchange protocol between the server/client.
AES/DES/etc. and SHA/MD5/etc. are used for the crypto as well, but I
believe the exact cipher and hash function that is chosen will depend on
OpenSSL. The client/server will use the strongest cipher in
communication.
I'm not an expert, but here's a decent Wikipedia intro:
http://en.wikipedia.org/wiki/Secure_Sockets_Layer
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]