Anonymous authentication is very easy to use. No certificates are needed by the communicating parties. Yet, it allows them to benefit from end-to-end encryption and integrity checks.
The client-side code would look like this (assuming some-socket is bound to an open socket port):
;; Client-side.
(let ((client (make-session connection-end/client)))
;; Use the default settings.
(set-session-default-priority! client)
;; Don't use certificate-based authentication.
(set-session-certificate-type-priority! client '())
;; Request the "anonymous Diffie-Hellman" key exchange method.
(set-session-kx-priority! client (list kx/anon-dh))
;; Specify the underlying socket.
(set-session-transport-fd! client (fileno some-socket))
;; Create anonymous credentials.
(set-session-credentials! client
(make-anonymous-client-credentials))
;; Perform the TLS handshake with the server.
(handshake client)
;; Send data over the TLS record layer.
(write "hello, world!" (session-record-port client))
;; Terminate the TLS session.
(bye client close-request/rdwr))
The corresponding server would look like this (again, assuming some-socket is bound to a socket port):
;; Server-side.
(let ((server (make-session connection-end/server)))
(set-session-default-priority! server)
(set-session-certificate-type-priority! server '())
(set-session-kx-priority! server (list kx/anon-dh))
;; Specify the underlying transport socket.
(set-session-transport-fd! server (fileno some-socket))
;; Create anonymous credentials.
(let ((cred (make-anonymous-server-credentials))
(dh-params (make-dh-parameters 1024)))
;; Note: DH parameter generation can take some time.
(set-anonymous-server-dh-parameters! cred dh-params)
(set-session-credentials! server cred))
;; Perform the TLS handshake with the client.
(handshake server)
;; Receive data over the TLS record layer.
(let ((message (read (session-record-port server))))
(format #t "received the following message: ~a~%"
message)
(bye server close-request/rdwr)))
This is it!