Abhi
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Jakob Bohm [jb-open...@wisemo.com]
Sent: Tuesday, November 06, 2012 1:34 AM
To: openssl-users@openssl.org
Subject: Re: ECDH-RSA and TLS 1.2
On 11/5/2012 1:37 AM, Je
On 11/5/2012 1:37 AM, Jeffrey Walton wrote:
On Sun, Nov 4, 2012 at 7:15 PM, wrote:
On 02-11-2012 21:46, Jeffrey Walton wrote:
On Fri, Nov 2, 2012 at 4:30 PM, Jakob Bohm wrote:
(continuing TOFU posting to keep the thread somewhat consistent)
Given some of the mathematical restrictions on
On Sun, Nov 4, 2012 at 7:15 PM, wrote:
> On 02-11-2012 21:46, Jeffrey Walton wrote:
>>
>> On Fri, Nov 2, 2012 at 4:30 PM, Jakob Bohm wrote:
>>>
>>> (continuing TOFU posting to keep the thread somewhat consistent)
>>>
>>> Given some of the mathematical restrictions on parameters needed to
>>> kee
From: Erik Tkal
Sent: Friday, November 02, 2012 8:24 AM
To: openssl-users@openssl.org
Subject: RE: ECDH-RSA and TLS 1.2
What if the server has an ECDH certificate? Would that then be the
appropriate set of suites?
-Original Message-
From: Dr. Stephen Henson
Sent: Thursday, November 01, 2
On Fri, Nov 02, 2012, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Abhiram Shandilya
> > Sent: Thursday, 01 November, 2012 21:31
>
> -dev added
>
> > I configured my openssl RSA CA to add the key usage extension
> > for key agreement to the ECC certificate but eve
> From: owner-openssl-us...@openssl.org On Behalf Of Abhiram Shandilya
> Sent: Thursday, 01 November, 2012 21:31
-dev added
> I configured my openssl RSA CA to add the key usage extension
> for key agreement to the ECC certificate but even then it
> does not work. Pre-TLS 1.2 cipher suites such
>>
>> I thought the keys in ECC certificates can be used for both ECDH key
>> agreement and ECDSA digital signature.
>>
>>> -Original Message-
>>> From: Erik Tkal
>>> Sent: Friday, November 02, 2012 8:24 AM
>>> To: openssl-users@openssl.
Sent: Friday, November 02, 2012 8:24 AM
To: openssl-users@openssl.org
Subject: RE: ECDH-RSA and TLS 1.2
What if the server has an ECDH certificate? Would that then be the appropriate
set of suites?
-Original Message-
From: Dr. Stephen Henson
Sent: Thursday, November 01, 2012 10:38
@openssl.org
Subject: RE: ECDH-RSA and TLS 1.2
What if the server has an ECDH certificate? Would that then be the appropriate
set of suites?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org
> Well one reason is that the fixed ECDH cipher suites do not support forward
> secrecy because they always use the same ECDH key.
ECDHE cipher suites as implemented in OpenSSL don't necessarily
support forward secrecy either. I wonder what it takes to get
SSL_OP_SINGLE_ECDH_USE option by default
Of Dr. Stephen Henson
Sent: Thursday, November 01, 2012 10:38 PM
To: openssl-users@openssl.org
Subject: Re: ECDH-RSA and TLS 1.2
On Fri, Nov 02, 2012, Abhiram Shandilya wrote:
> Hi Steve, Thanks for your response. I'm just trying to figure out what
> it takes to get this working - are
On Fri, Nov 02, 2012, Abhiram Shandilya wrote:
> Hi Steve, Thanks for your response. I'm just trying to figure out what it
> takes to get this working - are you of the opinion that an SSL server should
> not support TLS 1.2 ECDH-RSA cipher suites? Could you also mention why?
>
Well one reason is
sl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Thursday, November 01, 2012 4:40 AM
To: openssl-users@openssl.org
Subject: Re: ECDH-RSA and TLS 1.2
On Thu, Nov 01, 2012, Abhiram Shandilya wrote:
> I ran openssl s_server with an ECC certificate signed by an RSA Root CA. When
> I try to co
On Thu, Nov 01, 2012, Abhiram Shandilya wrote:
> I ran openssl s_server with an ECC certificate signed by an RSA Root CA. When
> I try to connect using s_client and a TLS 1.2 ECDH-RSA cipher suite (eg
> ECDH-RSA-AES128-SHA256 or ECDH-RSA-AES128-GCM-SHA256), the connection fails
> with s_server
I ran openssl s_server with an ECC certificate signed by an RSA Root CA. When I
try to connect using s_client and a TLS 1.2 ECDH-RSA cipher suite (eg
ECDH-RSA-AES128-SHA256 or ECDH-RSA-AES128-GCM-SHA256), the connection fails
with s_server printing the following error: "3086918464:error:1408A0C1
15 matches
Mail list logo