AES key length selection bug in OpenSSL 0.9.8a

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

AES key length selection bug in OpenSSL 0.9.8a

Michal Trojnara-2
Dear OpenSSL users,

OpenSSL 0.9.8a does not allow to properly select AES key length.
It selects both 128-bit and 256-bit AES no matter which one was specified:

mtrojnar@moses:~$ /usr/local/ssl/bin/openssl version
OpenSSL 0.9.8a 11 Oct 2005
mtrojnar@moses:~$ /usr/local/ssl/bin/openssl ciphers -v AES256-SHA
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

The old OpenSSL version works fine:

mtrojnar@moses:~$ /usr/bin/openssl version
OpenSSL 0.9.7e 25 Oct 2004
mtrojnar@moses:~$ /usr/bin/openssl ciphers -v AES256-SHA
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1

Here is another example of the same problem:

mtrojnar@moses:~$ /usr/local/ssl/bin/openssl s_client -cipher AES128-SHA
CONNECTED(00000003)
[cut]
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
 [cut]

Is there any known solution?  Can you help?

Best regards,
    Mike

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: AES key length selection bug in OpenSSL 0.9.8a

Chris Clark
Hi Michal,

> OpenSSL 0.9.8a does not allow to properly select AES key length.
> It selects both 128-bit and 256-bit AES no matter which one was specified:

I reported this same bug in February 17th, and Dr. Steven Henson has
confirmed it is a bug so hopefully it will be fixed soon.  If you find
any work around please let me know.

-Chris
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]