Hodie IV Id. Aug. MMX, Alex Chen scripsit: > I am only a end user and not familiar with SSL internal. If I > understand the replies correctly, OpenSSL 1.0.x currently supports > SHA-2 in certificates but not in the cipher suites used in network > communication protocol. Is that a correct statement?
That's it. OpenSSL implements the SHA2 family and is able to use wherever it needs to (certificate+CRL, CMS, ...), but only implements TLS1.0 (and in a near future TLS1.1) protocol. SHA256 (member of the SHA2 family) is defined in ciphersuites defined by TLS1.2, and these ciphersuites (and the protocol itself) need to be used differently than what was done previously. -- Erwann ABALEA <erwann.aba...@keynectis.com> Département R&D KEYNECTIS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
