Am 12.10.2011 15:29, schrieb nilesh:
Hi,
I am writing some code for decryption of https data.
Currently I have planned to support SSLv3 with AES, 3DES and RC4
algorithms only.
Below are the cipher suites in SSLv3. I am looking for information on
which of these suites are commonly used.
SSLv3 implements all of them, but I have seen only few of them get
negotiated frequently (it also depends upon
how ssl.conf is modified, for apache/httpd. But usually without touching
the config file, which of them are popularly used?).
I haven't done extensive test, but after setting up apache on 2-3
different machines, I never saw 'TLS_KRB5_WITH...' or 'TLS_DH_anon_..'
being negotiated.
Any idea?
Well, using a Kerberos cipher suite makes only sense when you are in an
environment with running Kerberos servers for authentication. If you do
not know what Kerberos is you probably don't need the Kerberos cipher
suites. Anonymous cipher suites are susceptible to MITM attacks, so
normally you don't want use them. And the EXPORT cipher suites you don't
want use neither because they use very short encryption keys.
With this your list will reduce to
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Best regards,
Richard
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
