Re: Support of SHA-2

Sat, 07 Aug 2010 16:16:49 -0700 

On Fri, Aug 06, 2010, Alex Chen wrote:

> Is SHA-2 supported in OpenSSL 1.0 or the latest version?
> From my search in Google, I found the following entry in openssl-dev mailing 
> list:
> > List:       openssl-dev
> > Subject:    Re: SHA-2 support in openssl?
> > From:       smitha daggubati <smithad123 () gmail ! com>
> > Date:       2009-11-18 9:56:55
> > Message-ID: 40a23ffd0911180144m27523ca3g9be5cf6be406bd0b () mail ! gmail ! 
> > com
> > [Download message RAW]
> > 
> > Marc,
> > Thanks for the reply.
> > 
> > On Wed, Nov 18, 2009 at 2:54 PM, Jean-Marc Desperrier <jmd...@free.fr>wrote:
> > 
> > > smitha daggubati wrote:
> > >
> > >> Does openssl have support for SHA-2.  ?
> > >> I know that SHA-2 is part of  the crypto library but looking at the way
> > >> the
> > >> context is setup in ssl_ctx_new we are setiing up
> > >>
> > >>  ret->sha1=EVP_get_digestbyname("ssl3-sha1"))
> > >>
> > >>
> > >> So is there a way to establish an openssl connection using SHA-2
> > >> currently?
> > >>
> > >
> > > Yes openssl has support for SHA-2, but what it doesn't have is support for
> > > a SSL cipher suite using SHA-2.
> > >
> > > It's a bit late in being updated to support the SHA-2 suites from RFC5289.
> > > I suppose this not the main priority of the development team, since sha1
> > > inside tls is not actually endangered at the moment.
> > > Any help in implementing it, and rearchitecturing the code where use of
> > > SHA-1 is hardcoded, would certainly be welcomed.
> > >
> > >
> > > ______________________________________________________________________
> > > OpenSSL Project                                 http://www.openssl.org
> > > Development Mailing List                       openssl-...@openssl.org
> > >
> > > Automated List Manager                           majord...@openssl.org
> > >
> Does that means SHA-2 is still not in OpenSSL 1.0 yet?
> 

It depends on what you mean by "in". Support for SHA-2 algorithms is in
OpenSSL 0.9.8 and later. The algorithm can be used in certificates and CMS for
example.

Since OpenSSL doesn't currently support TLS 1.2 it will not be used for TLS
ciphersuites since none in TLS 1.1 or earlier use SHA-2 algorithms.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to