I need a security protocol where the client authenticates before the server. This is necessary because its a matter of privacy. I dont want any unknown party to know who they are connecting to unless they are allowed to know. In the TLS protocol, the server send his cert first thereby eliminating this possibility. I know enough to know that implementing my own protocol is a bad idea. However, is there a choice? I.e. is there a way to alter the protocol to send the certs in the other order? Wikipidea reference to TLS: http://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake
I need a security protocol where the client authenticates before the server. This is
Share
You could reverse the roles of the client and server.
Normally, with TCP, the client is the endpoint that did
connect()(and send a SYN) and the server is the endpoint that didaccept()(it received the SYN and sent back a SYN|ACK). But once the connection is established, there is no longer any difference between the client’s socket and the server’s socket.If you’re using, say, OpenSSL, you normally call
SSL_connect()after a successfulconnect()and you normally callSSL_accept()after a successfulaccept(). But if you flip that around and callSSL_accept()afterconnect()on the client side and callSSL_connect()afteraccept()on the server side, OpenSSL will never know the difference. And the client will behave as a TLS server and identify itself first.