On Wed, 25 May 2011 12:21:04 +0200 "Dr. Stephen Henson" <st...@openssl.org> wrote:
> On Wed, May 25, 2011, Erwann ABALEA wrote: > > > Bonjour, > > > > Hodie VIII Kal. Iun. MMXI, shoutee scripsit: > > > I want to run a TLS Server with support of cipher suite > > > 'ECDH-ECDSA-AES128-SHA256' (RFC 5289). Unfortunately I can't find these > > > cipher suite > > > within tls1.h. ECDSA is only available with SHA1. > > > > > > Since openssl supports SHA256 I thought that ECDSA with SHA256 should be > > > available, or am I missing something? > > > I'm using openssl-1.0.0d. > > > > The ciphersuites defined in RFC5289 apply to TLS1.2 only. OpenSSL > > doesn't support (yet) TLS1.2. > > If your next question is "when will OpenSSL support TLS1.2?", you'll > > find the answer in the archives, as it has been asked quite some > > times. > > > > The answer however has changed: experimental TLS v1.2 code is present in HEAD > and the 1.0.1 stable branch. The code hasn't been fully tested yet so some > bugs may remain. There are some known interop problems with some ECC > ciphersuites: that is OpenSSL can connect to some servers but not others. At > this point it isn't clear if the problem is with the servers or OpenSSL. > > If anyone knows of any public servers supporting TLS v1.2 I'd be interested > in some interop testing. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org Only server I know is http://ecc.fedora.redhat.com Markus ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
