• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SSL without Server Authentication

 
suekar meredilko
Ranch Hand
Posts: 153
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the issue if SSL is used without Server Authentication ?
I know server auth means that one is not sure if you are talking to the correct host and no means of verifying it. But will SSL session still be an encrypted one ?
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Encryption (via SSL) and authentication are two different concepts. One can be used with or without the other.
 
suekar meredilko
Ranch Hand
Posts: 153
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So so my understanding is right..

SSL without authentication (Server or Client) will still be able to encrypt the session using PKI.

This also means that if data is encrypted but authentication is not in place, there is a risk that my client app can be a target of man in the middle attack.

thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic