>From: [email protected] On Behalf Of Suryya Kumar Jana >Sent: Friday, 28 June, 2013 05:34
>I am using a client application program which uses OpenSSL version >1.0.0h. I configured TLSv1.2 and I have set the cipher suite only as >TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (i.e. ECDH-ECDSA-AES128-SHA256) >using the API SSL_CTX_set_cipher_list(). I think you're mistaken about 1.0.0h, unless it's a patched version. TLSv1.1 and 1.2 protocols, and the 1.2-specific suites (SHA-2 and GCM), were added only in 1.0.1. >But what I find in packet capture, is that in Client Hello Message >there are 2 advertised ciphers suites. The first one is >TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 and second cipher suite is >TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 <snip> 1.0.1c and I believe earlier but not tested had several bugs in selecting kECDH and TLSv1.2 ciphers fixed in 1.0.1e. (Also kDH, but those aren't implemented anyway.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
