ADH encryption in SSL

rhochmuth

According to the ICE documentation the ADH algorithm used in ICE enables an unathenticated encrypted channel. I've been trying to find information on the ADH algorithm and my high-level understanding at this time is that diffie-Hellman is primarily a secure key exchange algorithm that is usually used to exchange/negoitation private keys without the use of certifications after which a usually a traditional secret key cipher is used. However, in the ICE documentation on using the ADH algorithm I don't see any specificaion of another cipher, just "ADH." This leads me to believe that ICE is using public key cypto for the encrypted channel and not negotiating a a secret key to do secret key crypto, such as DES or RC4. Is my understanding correct or is the ADH algorithm in ICE, after the initial key exchange using a, secret key algorithm?

Regards --Roland

mes

ADH signifies a set of cipher suites based on anonymous Diffie Hellman key exchange. In C++, IceSSL is implemented using OpenSSL; you can view a list of the cipher suites supported by OpenSSL here:

http://www.openssl.org/docs/apps/ciphers.html

The symbols containing "DH_anon" represent the ADH cipher suites, and you can see that they include secret key and secure hash algorithms. IceSSL does not disable the use of a secret key algorithm.

For more information on the Diffie Hellman algorithm, this is a good place to start:

http://en.wikipedia.org/wiki/Diffie-Hellman

Hope that helps,
- Mark

rhochmuth

Hi Mark, The pointer to the cipher suite is what I needed. So the ADH cipher suite in openssl includes a number of secret key encryption and secure hashing algorithms listed in order of priority and these are all enabled in Ice according to what openssl uses.

Typing the command

openssl ciphers ADH

this out. I was missing the fact that ADH is a cipher suite as opposed to a specific cipher.

Thanks again for your quick help --Roland