On Thu, Apr 16, 2009 at 02:21:10PM +0300, Ouaknine, Keren wrote:
> Hello,
>
> Mazal-tov for getting Beta out. I am interested in the implementation of the
> null-ciphers (when the encryption is mandatory, and clear-text used). This is
> part of RFC 4785, which I didn't see in the log changes of openssl 1.0 beta.
> Any plans for 1.0? If you have any information on this, I would love to hear
> it.
Well, the only NULL ciphers in the beta release are:
ECDHE-RSA-NULL-SHA SSLv3 Kx=ECDH Au=RSA Enc=None Mac=SHA1
ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1
ECDH-RSA-NULL-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=None Mac=SHA1
ECDH-ECDSA-NULL-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=None Mac=SHA1
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
> Details from RFC:
> CipherSuite TLS_PSK_WITH_NULL_SHA = { 0x00, 0x2C };
So this one does not appear to be supported. See ssl/s3_lib.c, where
the next cipher-suite after 2B is 2F. The only PSK ciphers implemented
in s3_lib.c are:
CipherSuite TLS_PSK_WITH_RC4_128_SHA = { 0x00, 0x8A };
CipherSuite TLS_PSK_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x8B };
CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA = { 0x00, 0x8C };
CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA = { 0x00, 0x8D };
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
