RE: openSSL client has problem to connect with JSSE based serveron TLS?

Sun, 02 Apr 2006 11:56:28 -0700 

Hello,

> BTW, Is DHE-RSA-AES256-SHA part of TLS cipher suite, 
Yes, you can check this in RFC3268:
   CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA      = { 0x00, 0x2F };
   CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA   = { 0x00, 0x30 };
   CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA   = { 0x00, 0x31 };
   CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA  = { 0x00, 0x32 };
   CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA  = { 0x00, 0x33 };
   CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA  = { 0x00, 0x34 };

   CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA      = { 0x00, 0x35 };
   CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA   = { 0x00, 0x36 };
   CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA   = { 0x00, 0x37 };
   CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA  = { 0x00, 0x38 };
   CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA  = { 0x00, 0x39 };
   CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA  = { 0x00, 0x3A };

> I thought TLS
> cipher always named TLS_something. Why this is named different?
>From file ssl/tls1.h we can read:
/* Additional TLS ciphersuites from
draft-ietf-tls-56-bit-ciphersuites-00.txt
 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
 * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we
probably
 * shouldn't. */
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5     0x03000060
#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA    0x03000062
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA   0x03000063
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA     0x03000064
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA     0x03000066

/* AES ciphersuites from RFC3268 */

#define TLS1_CK_RSA_WITH_AES_128_SHA         0x0300002F
#define TLS1_CK_DH_DSS_WITH_AES_128_SHA         0x03000030
#define TLS1_CK_DH_RSA_WITH_AES_128_SHA         0x03000031
#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA     0x03000032
#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA     0x03000033
#define TLS1_CK_ADH_WITH_AES_128_SHA         0x03000034

#define TLS1_CK_RSA_WITH_AES_256_SHA         0x03000035
#define TLS1_CK_DH_DSS_WITH_AES_256_SHA         0x03000036
#define TLS1_CK_DH_RSA_WITH_AES_256_SHA         0x03000037
#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA     0x03000038
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA     0x03000039
#define TLS1_CK_ADH_WITH_AES_256_SHA         0x0300003A

SSL3 and TLS1 are very similar protocols so I think this is ok.

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to