On 08-08-2010 01:13, Dr. Stephen Henson wrote:
On Fri, Aug 06, 2010, Alex Chen wrote:
Is SHA-2 supported in OpenSSL 1.0 or the latest version?
From my search in Google, I found the following entry in openssl-dev mailing
list:
List: openssl-dev
Subject: Re: SHA-2 support in openssl?
From: smitha daggubati<smithad123 () gmail ! com>
Date: 2009-11-18 9:56:55
Message-ID: 40a23ffd0911180144m27523ca3g9be5cf6be406bd0b () mail ! gmail ! com
[Download message RAW]
Marc,
Thanks for the reply.
On Wed, Nov 18, 2009 at 2:54 PM, Jean-Marc Desperrier<jmd...@free.fr>wrote:
smitha daggubati wrote:
Does openssl have support for SHA-2. ?
I know that SHA-2 is part of the crypto library but looking at the way
the
context is setup in ssl_ctx_new we are setiing up
ret->sha1=EVP_get_digestbyname("ssl3-sha1"))
So is there a way to establish an openssl connection using SHA-2
currently?
Yes openssl has support for SHA-2, but what it doesn't have is support for
a SSL cipher suite using SHA-2.
It's a bit late in being updated to support the SHA-2 suites from RFC5289.
I suppose this not the main priority of the development team, since sha1
inside tls is not actually endangered at the moment.
Any help in implementing it, and rearchitecturing the code where use of
SHA-1 is hardcoded, would certainly be welcomed.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-...@openssl.org
Automated List Manager majord...@openssl.org
Does that means SHA-2 is still not in OpenSSL 1.0 yet?
It depends on what you mean by "in". Support for SHA-2 algorithms is in
OpenSSL 0.9.8 and later. The algorithm can be used in certificates and CMS for
example.
Since OpenSSL doesn't currently support TLS 1.2 it will not be used for TLS
ciphersuites since none in TLS 1.1 or earlier use SHA-2 algorithms.
I believe this is an unfortunate reading of the RFCs. Fundamentally,
the SSL3/TLS protocols do not tie the availability of a cipher suite to
the version of the protocol document which was current when it was
introduced. The fact that the most common cipher suites are defined in
the same documents as the protocols themselves really should not be
treated as more important than the fact that there is a single IANA
registry for these values.
So I believe the better implementation strategy would be to offer any
implemented cipher suite value which is not fundamentally incompatible
with the SSL/TLS version, rather than holding back improved algorithms
until unrelated aspects of new TLS versions are implemented.
Formally: RFC2246, RFC4346 and RFC5246 all refer to IANA for the cipher
suite list. IANA's cipher suite list refers to different RFCs for
different suite values, including RFC2712 and RFC5246. The cipher
suites so defined are thus equally applicable to the TLS versions (1.0,
1.1 and 1.2) defined in RFC2246, RFC4346 and RFC5246 unless there is
a cipher suite specific reason not to use them with specific TLS
versions.
Of cause using an SHA-2 based cipher suite with TLS 1.1 or older implies
that the keys will still be created from a master secret produced using
the old MD5/SHA-1 PRF. But at least the HMACs for the data will be done
with SHA-2 , thus limiting the attack surface for exploiters of SHA-1
weaknesses.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
