Re: Cipher Negotiation

Victor Duchovni Fri, 30 Jun 2006 04:29:32 -0700

On Fri, Jun 30, 2006 at 07:19:39AM -0400, Victor Duchovni wrote:

> On Thu, Jun 29, 2006 at 12:28:44PM -0700, Chris Clark wrote:
> 
> > I have written a client program in which I allow the user to configure
> > which cipher groups they want to allow as well as a cipher strength of
> > low, medium, or high.
> > 
> > The problem is I can't find a way of selecting the order in which I
> > want the cipher negotiated. For example if all ciphers are enabled in
> > the configuration, I would perfer if AES is selected during
> > negoitation.
> 
> What real problem is this intended to solve?
> 
> > Currently I specify the group (HIGH/MEDIUM/LOW) and remove some ciphers
> > from a group (IDEA and ADH). I also remove AES at the beginning (Shif
> > +="-AES:") and add it later because if I don't remove AES there is no
> > way to separate AES128 and AES256.
> > (Due to an OpenSSL bug, HIGH selects both AES128 and AES256)
> 
> Is this a real problem? What's wrong with:
> 
>     
> !EXPORT:!LOW:!MEDIUM:DEFAULT:-DHE-RSA-AES128-SHA:-DHE-DSS-AES128-SHA:-AES128-SHA
>


Sorry, I guess this ("DEFAULT:" should have been first) does not work,
because removing the 128 bit ciphers also removes the 256 bit ciphers.

With:

    $ openssl ciphers -v \
        'DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:@STRENGTH'
    DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
    DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
    AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
    DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
    DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
    AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

and

    $ openssl ciphers -v \
        'DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:@STRENGTH'
    DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
    DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
    AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
    DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
    DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
    AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

producing the same results you are out of luck, if you want 256 bit AES,
you always also get 128 bit AES. In practice (SSLv3/TLSv1) this is not a
problem, because the client and server always choose the strongest common
cipher.
 
-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Re: Cipher Negotiation

Reply via email to