Any NULL CIPHER available in TLS package?
197 views
Skip to first unread message
Localhost shell
Nov 26, 2018, 3:18:48 PM11/26/18
to golang-nuts
Hello All,
Is there a TLS package in go that supports NULL CIPHER in TLS communication in go?
I couldn't find any null cipher from the listed cipher suite IDs https://golang.org/pkg/crypto/tls/#pkg-constants
for ex: SSL_RSA_WITH_NULL_MD5
I am working on a project that involves a go client to communicate with a Kafka cluster. We plan to use Null Cipher based data exchange to just get authentication(without encryption) to prevent the significant performance impact we have observed in our testing when we use encryption.
--Unilocal
Localhost shell
Nov 27, 2018, 7:32:43 PM11/27/18
to golang-nuts
Just resending it to catch someones' attention who is aware of a Null Cipher implementation in any go crypto package.
Wojciech S. Czarnecki
Nov 28, 2018, 6:07:31 AM11/28/18
to golan...@googlegroups.com, universal...@gmail.com
On Tue, 27 Nov 2018 16:32:43 -0800 (PST)
Localhost shell <universal...@gmail.com> wrote:
>> Is there a TLS package in go that supports NULL CIPHER in TLS
>> communication in go?
None I know of. But it can be done via forking crypto/tls ofc.
Localhost shell <universal...@gmail.com> wrote:
>> Is there a TLS package in go that supports NULL CIPHER in TLS
>> communication in go?
See https://github.com/FiloSottile/crypto-tls-bogo-shim
> > I couldn't find any null cipher from the listed cipher suite IDs
> > https://golang.org/pkg/crypto/tls/#pkg-constants
> > for ex: SSL_RSA_WITH_NULL_MD5
> >
> > I am working on a project that involves a go client to communicate with a
> > Kafka cluster. We plan to use Null Cipher based data exchange to just get
> > authentication(without encryption) to prevent the significant performance
> > impact we have observed in our testing when we use encryption.
mac-ing data. Null symmetric cipher will NOT spare you costs of pubkey
authentication and computing hmacs. The cpu costs of not encrypting data can be
HIGHER as on any contemporary hardware the MAC/encrypt step is done together
using GCM mode. This takes significantly less cycles/Byte than for doing an
older hmac alone.
See https://en.wikipedia.org/wiki/Galois/Counter_Mode
> > --Unilocal
Hope this helps,
--
Wojciech S. Czarnecki
<< ^oo^ >> OHIR-RIPE
Reply all
Reply to author
Forward
0 new messages