cipher suite names in 0.9.8

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

cipher suite names in 0.9.8

Daniel Tiefnig-2
Hej,

there seems to be a change in how openssl interpretes cipher suite names
between (at least) 0.9.7e and 0.9.8.

With 0.9.7e one gets:
$ openssl s_client -cipher RSA-AES256
connect: Connection refused

And with 0.9.8:
$ openssl s_client -cipher RSA-AES256
error setting cipher list

So, is this intended? Is it a bug in 0.9.8? Is it a bug in 0.9.7e? Why
has this changed?


TIA for any helpfull comments,
daniel
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: cipher suite names in 0.9.8

Frédéric Donnat-2
Hi,

I think you made an error:
 - RSA with AES and SHA is:  AES256-SHA
 
Just have a look at openssl ciphers -v ouput.

[donnatfr@CoyoteNux gcb]$ LD_LIBRARY_PATH=/usr/local/ossl-0.9.8/lib /usr/local/ossl-0.9.8/bin/openssl ciphers  -v | grep AES
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

Hope it could help,

Fred

-----Original Message-----
From: Daniel Tiefnig [mailto:[hidden email]]
Sent: Wed 11/30/2005 11:54 AM
To: [hidden email]
Cc:
Subject: cipher suite names in 0.9.8
Hej,

there seems to be a change in how openssl interpretes cipher suite names
between (at least) 0.9.7e and 0.9.8.

With 0.9.7e one gets:
$ openssl s_client -cipher RSA-AES256
connect: Connection refused

And with 0.9.8:
$ openssl s_client -cipher RSA-AES256
error setting cipher list

So, is this intended? Is it a bug in 0.9.8? Is it a bug in 0.9.7e? Why
has this changed?


TIA for any helpfull comments,
daniel
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: cipher suite names in 0.9.8

Daniel Tiefnig-2
Frédéric Donnat wrote:
> I think you made an error:
> - RSA with AES and SHA is:  AES256-SHA

Hmm, I allready thougth that "RSA-AES256" may not be valid. So this is a
bug in openssl 0.9.7e, as it does accept "RSA-AES256" as a cipher selection?

> Hope it could help,

Thanks for your response.

lg,
daniel
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: cipher suite names in 0.9.8

Frédéric Donnat-2
In reply to this post by Daniel Tiefnig-2
be carefull with some typo error.

My openssl 0.9.7e does not accept this "RSA-AES256", but accept "RSA:AES256".

Just have a look at 0.9.7e ouput:
[] # openssl version
OpenSSL 0.9.7e 25 Oct 2004

[] linux # openssl s_client -connect 195.30.6.166:443 -cipher RSA-AES256
CONNECTED(00000003)
21115:error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available:s23_clnt.c:275:

[] linux # openssl s_client -connect 195.30.6.166:443 -cipher RSA:AES256
...
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
...

Things are the same with last openssl 0.9.7i.

Fred

-----Original Message-----
From: Daniel Tiefnig [mailto:[hidden email]]
Sent: Wed 11/30/2005 6:24 PM
To: [hidden email]
Cc:
Subject: Re: cipher suite names in 0.9.8
Frédéric Donnat wrote:
> I think you made an error:
> - RSA with AES and SHA is:  AES256-SHA

Hmm, I allready thougth that "RSA-AES256" may not be valid. So this is a
bug in openssl 0.9.7e, as it does accept "RSA-AES256" as a cipher selection?

> Hope it could help,

Thanks for your response.

lg,
daniel
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: cipher suite names in 0.9.8

Daniel Tiefnig-2
Frédéric Donnat wrote:
> be carefull with some typo error.
>
> My openssl 0.9.7e does not accept this "RSA-AES256",

It does NOT? Strange.

> but accept "RSA:AES256".

Sure, as this specifies two cipher preferences, "RSA" or "AES256"...

> Things are the same with last openssl 0.9.7i.

I'll take it as an user error then.


Thanks again,
daniel
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]