> From: owner-openssl-us...@openssl.org On Behalf Of Erwann ABALEA > Sent: Tuesday, 30 August, 2011 04:39 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] Re: users auth. in XP for HTTPS > > Hodie III Kal. Sep. MMXI, Jakob Bohm scripsit: > > On 8/30/2011 3:29 AM, Dave Thompson wrote: > > >... > > >That sounds like the keyUsage bit dataEncipherment, and OpenSSL CA > > >can set it. But SSL never *does* dataEncipherment using a > > >certificate/key, so this bit should not be needed or make any > > >difference. > > Small correction: SSL/TLS never does dataEncipherment with *client* > > certificates, and always does dataEncipherment with *server* > > certificates (if any). > > Correction to the correction: TLS always does dataEncipherment with > server certificate *if* the key exchange algorithm is RSA. > No, SSL/TLS kRSA is defined as *keyEncipherment*, correctly so because the only thing encrypted is key material (though not strictly the key itself). And aRSA is signing, not certSign or crlSign because the handshake data isn't (just) a cert or CRL. See 2616 and 2459 or successors.
> > So dataEncipherment should be set in the SSL server certificate and > > clear in the SSL client certificate, as is apparently > already the case > > here, so that part is OK. > The OP said the "only" difference is MS-issued *client* cert has data-enc. He implied both have sign,non-rep,key-enc, but didn't actually show it. He has since reported the problem is something entirely different. > Even if you don't set the dataEncipherment bit in the keyUsage > extension, it works. TLS libraries are tolerant :) > OpenSSL, at least, is tolerant, because the check is done at a low level in the code where the full usage (i.e. the key-exchange algorithm selected) isn't available. It will accept dig-sign OR key-enc for any suite. It appears it will accept a cert for k[EC]DH that doesn't have key-agree as specified, but I'm not set up to test that. OpenSSL client does fail (unless overridden by callback) if the server cert is data-enc *only* (not signing). IE7 (all I have to hand) seems to accept anything, but FF3.6 does require signing and/or *key*-enc otherwise it gives its ugly Untrusted page with (Error code: sec_error_inadequate_key_usage) Although the 'user-friendly' explanation is poor: the page says '... was issued by an invalid CA certificate' and the 'add exception' dialog if you go there says 'hasn't been verified by a recognized authority'. Both of those are misleading at best. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
