On Thu, Apr 16, 2009 at 02:21:10PM +0300, Ouaknine, Keren wrote:

> Hello,
> 
> Mazal-tov for getting Beta out. I am interested in the implementation of the 
> null-ciphers (when the encryption is mandatory, and clear-text used). This is 
> part of RFC 4785, which I didn't see in the log changes of openssl 1.0 beta.
> Any plans for 1.0? If you have any information on this, I would love to hear 
> it.

Well, the only NULL ciphers in the beta release are:

    ECDHE-RSA-NULL-SHA    SSLv3 Kx=ECDH       Au=RSA   Enc=None      Mac=SHA1
    ECDHE-ECDSA-NULL-SHA  SSLv3 Kx=ECDH       Au=ECDSA Enc=None      Mac=SHA1
    AECDH-NULL-SHA        SSLv3 Kx=ECDH       Au=None  Enc=None      Mac=SHA1
    ECDH-RSA-NULL-SHA     SSLv3 Kx=ECDH/RSA   Au=ECDH  Enc=None      Mac=SHA1
    ECDH-ECDSA-NULL-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH  Enc=None      Mac=SHA1
    NULL-SHA              SSLv3 Kx=RSA        Au=RSA   Enc=None      Mac=SHA1
    NULL-MD5              SSLv3 Kx=RSA        Au=RSA   Enc=None      Mac=MD5

> Details from RFC:
> CipherSuite   TLS_PSK_WITH_NULL_SHA      = { 0x00, 0x2C };

So this one does not appear to be supported. See ssl/s3_lib.c, where
the next cipher-suite after 2B is 2F. The only PSK ciphers implemented
in s3_lib.c are:

    CipherSuite TLS_PSK_WITH_RC4_128_SHA          = { 0x00, 0x8A };
    CipherSuite TLS_PSK_WITH_3DES_EDE_CBC_SHA     = { 0x00, 0x8B };
    CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA      = { 0x00, 0x8C };
    CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA      = { 0x00, 0x8D };

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to