Avatar for Username

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

Chủ đề này đã được lưu trữ. Vui lòng hỏi một câu hỏi mới nếu bạn cần giúp đỡ.

How do I use SSL for authentication without encryption?

  • 2 trả lời
  • 1 gặp vấn đề này
  • 7 lượt xem
  • Trả lời mới nhất được viết bởi cor-el

QRST
QRST
more options

I need to access remote computers using a link where encryption is prohibited. I want to use SSL to authenticate the connection - a permitted function - without encryption. The application relates to Amateur Radio (AR). In the USA under FCC Part 97 rules, those that govern AR, encrypted traffic is not allowed. Absent the functionality of authentication without encryption, this means that logins and passwords have to be sent over a radio connection in clear, with all of the problems that that situation can cause.

There is a VERY old version of the browser "Opera" that supports authentication without encryption, but I would rather use Firefox and I doubt I need to explain to anyone why using a current version of a browser is a good idea.

There are over 700,000 people in the USA who hold AR licences issued by the FCC, so this feature might be useful to more users than you might imagine.

I need to access remote computers using a link where encryption is prohibited. I want to use SSL to authenticate the connection - a permitted function - without encryption. The application relates to Amateur Radio (AR). In the USA under FCC Part 97 rules, those that govern AR, encrypted traffic is not allowed. Absent the functionality of authentication without encryption, this means that logins and passwords have to be sent over a radio connection in clear, with all of the problems that that situation can cause. There is a VERY old version of the browser "Opera" that supports authentication without encryption, but I would rather use Firefox and I doubt I need to explain to anyone why using a current version of a browser is a good idea. There are over 700,000 people in the USA who hold AR licences issued by the FCC, so this feature might be useful to more users than you might imagine.

Tất cả các câu trả lời (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

If I understand what you're saying, you want to use an alternate method of allowing the website to authenticate you, in place of a username and password*. This is different than you authenticating the site purporting to be the site you want to access, which currently is only possible using an encrypted session.

If this page is current, then it's not possible in Firefox:

http://www.hamwan.org/t/SSL+without+Encryption

You could consider filing a "bug": https://bugzilla.mozilla.org/

* As far as I know, you cannot submit a username and password to a site securely without encryption. Whether the site uses "basic" authentication or an HTML form, you would need encrypted transmission to avoid submitting the login in the clear.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

See also:

  • bug 799007 - Remove support for low/weak/null cipher suites