Key length and other questions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Key length and other questions

david kine
Hello,

I am developing a secure HTTP web proxy server using
OpenSSL 0.9.6d.  It supports SSL/TLS on both client
and server sides.  I have already implemented the
basic secure connection and authentication functions
using examples found in OpenSSL books.

I am not a security expert, and my customer is asking
the following questions:

1) What is the key-length of the symmetric and
assymetric encryption for the TLS1.0 and SSL3.0
protocols?  It should be the following:

"TLS 1.0 as described in [RFC2246] must support 128bit
and 1024 key length for symmetric and asymmetric
encryption respectively."

"SSL3.0 as described in [SSL] must support 128bit and
1024 key length for symmetric and asymmetric
encryption respectively."
 
2) Is this key-length directly related to the
algorithms used (RC4, 3DES, AES)?
 
3) What is passed in its CLIENT_HELLO message during
the SSL-handshake:  the different supported
algorithms, the different key-lengths, ...

For question #1, I would expect that OpenSSL indeed
supports the requirements in RFC2246.

Question #2 is probably "yes" as well.

For #3, my code is not modifying the cipher suites in
the SSL context, so the answer might be whatever
"openssl ciphers" prints out:

"EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:.... etc."

Thanks for any comments,

-David



               
____________________________________________________
Yahoo! Sports
Rekindle the Rivalries. Sign up for Fantasy Football
http://football.fantasysports.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]