Anonymous authentication is very easy to use. No certificates are needed by the communicating parties. Yet, it allows them to benefit from end-to-end encryption and integrity checks.
The client-side code would look like this (assuming some-socket is bound to an open socket port):
;; Client-side. (let ((client (make-session connection-end/client))) ;; Use the default settings. (set-session-default-priority! client) ;; Don't use certificate-based authentication. (set-session-certificate-type-priority! client '()) ;; Request the "anonymous Diffie-Hellman" key exchange method. (set-session-kx-priority! client (list kx/anon-dh)) ;; Specify the underlying socket. (set-session-transport-fd! client (fileno some-socket)) ;; Create anonymous credentials. (set-session-credentials! client (make-anonymous-client-credentials)) ;; Perform the TLS handshake with the server. (handshake client) ;; Send data over the TLS record layer. (write "hello, world!" (session-record-port client)) ;; Terminate the TLS session. (bye client close-request/rdwr))
The corresponding server would look like this (again, assuming some-socket is bound to a socket port):
;; Server-side. (let ((server (make-session connection-end/server))) (set-session-default-priority! server) (set-session-certificate-type-priority! server '()) (set-session-kx-priority! server (list kx/anon-dh)) ;; Specify the underlying transport socket. (set-session-transport-fd! server (fileno some-socket)) ;; Create anonymous credentials. (let ((cred (make-anonymous-server-credentials)) (dh-params (make-dh-parameters 1024))) ;; Note: DH parameter generation can take some time. (set-anonymous-server-dh-parameters! cred dh-params) (set-session-credentials! server cred)) ;; Perform the TLS handshake with the client. (handshake server) ;; Receive data over the TLS record layer. (let ((message (read (session-record-port server)))) (format #t "received the following message: ~a~%" message) (bye server close-request/rdwr)))
This is it!