Re: [openssl-users] Re: Support of SHA-2

2010-08-11 Thread Erwann ABALEA
Hodie IV Id. Aug. MMX, Jakob Bohm scripsit: [...] > The issue is which PRF to use when TLS version <= 1.1 but ciphersuite > is from RFC5246 Appendix A. The TLS 1.1 and older standards then > insist on the old PRF no matter what cipher suite is used, while the > cipher suite definitions (in RFC5246

Re: [openssl-users] Re: Support of SHA-2

2010-08-10 Thread Erwann ABALEA
Hodie IV Id. Aug. MMX, Alex Chen scripsit: > I am only a end user and not familiar with SSL internal. If I > understand the replies correctly, OpenSSL 1.0.x currently supports > SHA-2 in certificates but not in the cipher suites used in network > communication protocol. Is that a correct statemen

Re: [openssl-users] Re: Support of SHA-2

2010-08-10 Thread Jakob Bohm
On 09-08-2010 19:09, Erwann ABALEA wrote: Hodie V Id. Aug. MMX, Erwann ABALEA scripsit: [...] This is not possible, as the ciphersuites defined by RFC5246 all use P_SHA256 as the PRF (paragraph 1.2). In paragraph 5, it is said "New cipher suites MUST explicitely specify a PRF and, in general, SH

Re: [openssl-users] Re: Support of SHA-2

2010-08-09 Thread Erwann ABALEA
Hodie V Id. Aug. MMX, Erwann ABALEA scripsit: [...] > This is not possible, as the ciphersuites defined by RFC5246 all > use P_SHA256 as the PRF (paragraph 1.2). > In paragraph 5, it is said "New cipher suites MUST explicitely specify > a PRF and, in general, SHOULD use the TLS PRF with SHA-256 or

Re: [openssl-users] Re: Support of SHA-2

2010-08-09 Thread Erwann ABALEA
Hodie V Id. Aug. MMX, Jakob Bohm scripsit: > On 08-08-2010 01:13, Dr. Stephen Henson wrote: [...] > >It depends on what you mean by "in". Support for SHA-2 algorithms is in > >OpenSSL 0.9.8 and later. The algorithm can be used in certificates and CMS > >for > >example. > > > >Since OpenSSL doesn't