File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes SSL without Server Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "SSL without Server Authentication" Watch "SSL without Server Authentication" New topic
Author

SSL without Server Authentication

suekar meredilko
Ranch Hand

Joined: Mar 27, 2006
Posts: 153
What is the issue if SSL is used without Server Authentication ?
I know server auth means that one is not sure if you are talking to the correct host and no means of verifying it. But will SSL session still be an encrypted one ?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42951
    
  72
Encryption (via SSL) and authentication are two different concepts. One can be used with or without the other.
suekar meredilko
Ranch Hand

Joined: Mar 27, 2006
Posts: 153
So so my understanding is right..

SSL without authentication (Server or Client) will still be able to encrypt the session using PKI.

This also means that if data is encrypted but authentication is not in place, there is a risk that my client app can be a target of man in the middle attack.

thanks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SSL without Server Authentication