On Thu, Apr 16, 2009 at 02:21:10PM +0300, Ouaknine, Keren wrote: > Hello, > > Mazal-tov for getting Beta out. I am interested in the implementation of the > null-ciphers (when the encryption is mandatory, and clear-text used). This is > part of RFC 4785, which I didn't see in the log changes of openssl 1.0 beta. > Any plans for 1.0? If you have any information on this, I would love to hear > it.
Well, the only NULL ciphers in the beta release are: ECDHE-RSA-NULL-SHA SSLv3 Kx=ECDH Au=RSA Enc=None Mac=SHA1 ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1 AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1 ECDH-RSA-NULL-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=None Mac=SHA1 ECDH-ECDSA-NULL-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=None Mac=SHA1 NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1 NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5 > Details from RFC: > CipherSuite TLS_PSK_WITH_NULL_SHA = { 0x00, 0x2C }; So this one does not appear to be supported. See ssl/s3_lib.c, where the next cipher-suite after 2B is 2F. The only PSK ciphers implemented in s3_lib.c are: CipherSuite TLS_PSK_WITH_RC4_128_SHA = { 0x00, 0x8A }; CipherSuite TLS_PSK_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x8B }; CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA = { 0x00, 0x8C }; CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA = { 0x00, 0x8D }; -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org