Status of TLS and DH-certificates

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Status of TLS and DH-certificates

Roger No-Spam
Hello,

What is the status of the following TLS cipher suites?
>  TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA

This is RFC-3268 cipher suite number 0x30.

>  TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA

This is RFC-3268 cipher suite number 0x36.

>  TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA

This is RFC-3268 cipher suite number 0x31.

>  TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA

This is RFC-3268 cipher suite number 0x37.

SSL_CIPHER structs are defined in the ssl3_ciphers array in s3_lib.c, but
the valid field is set to 0. A quick google session indicated that openssl
does not support DH certificates.

I would be most grateful if someone could clarify if the above cipher suites
are available or not.

Regards Roger

_________________________________________________________________
Nyhet! Hotmail direkt i din Mobil! http://mobile.msn.com/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Status of TLS and DH-certificates

Dr. Stephen Henson
On Thu, Nov 03, 2005, Roger Boden wrote:

> Hello,
>
> What is the status of the following TLS cipher suites?
> > TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
>
> This is RFC-3268 cipher suite number 0x30.
>
> > TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
>
> This is RFC-3268 cipher suite number 0x36.
>
> > TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
>
> This is RFC-3268 cipher suite number 0x31.
>
> > TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
>
> This is RFC-3268 cipher suite number 0x37.
>
> SSL_CIPHER structs are defined in the ssl3_ciphers array in s3_lib.c, but
> the valid field is set to 0. A quick google session indicated that openssl
> does not support DH certificates.
>
> I would be most grateful if someone could clarify if the above cipher
> suites are available or not.
>

That is correct OpenSSL does not support DH certificates and so none of those
cipher suites are available.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]