Re: Cipher Negotiation

[Chris Clark]

It's not a bug that AES182 is classified as "HIGH", although it is a
missing feature that there is no class that encompasses only the
256-bit ciphers.  That's why there now is "@STRENGTH", which does
not add any ciphers and just sorts the one enabled so far.

I assume "AES182" is a typo for AES128.
This is indeed a bug in OpenSSL according to the documentation at
http://www.openssl.org/docs/apps/ciphers.html):

HIGH -  with key lengths larger than 128 bits.
MEDIUM -  those using 128 bit encryption.
LOW -  those using 64 or 56 bit encryption algorithms excluding export ciphers.

But if I just use 'Medium' it does not select AES128.
and If I use 'High' then it selects both AES128 and AES256.

-Chris

>> Is this a real problem? What's wrong with:
>>
>>     
!EXPORT:!LOW:!MEDIUM:DEFAULT:-DHE-RSA-AES128-SHA:-DHE-DSS-AES128-SHA:-AES128-SHA

> Sorry, I guess this ("DEFAULT:" should have been first) does not work,
> because removing the 128 bit ciphers also removes the 256 bit ciphers.
>
> With:
>
>     $ openssl ciphers -v \
>       'DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:@STRENGTH'
>     DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>     DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
>     AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>     DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
>     DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
>     AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
>
> and
>
>     $ openssl ciphers -v \
>       'DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:@STRENGTH'
>     DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>     DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
>     AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>     DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
>     DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
>     AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
>
> producing the same results you are out of luck, if you want 256 bit AES,
> you always also get 128 bit AES.

It appears that you are using OpenSSL 0.9.8 or 0.9.8a here.  This is a
bug that should be fixed in OpenSSL 0.9.8b, so that the
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA ciphersuite
specification (with or without :STRENGTH appended) will only yield the
three ciphersuites intended.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]