Hodie IV Id. Aug. MMX, Jakob Bohm scripsit:
[...]
> The issue is which PRF to use when TLS version <= 1.1 but ciphersuite
> is from RFC5246 Appendix A. The TLS 1.1 and older standards then
> insist on the old PRF no matter what cipher suite is used, while the
> cipher suite definitions (in RFC5246
Hodie IV Id. Aug. MMX, Alex Chen scripsit:
> I am only a end user and not familiar with SSL internal. If I
> understand the replies correctly, OpenSSL 1.0.x currently supports
> SHA-2 in certificates but not in the cipher suites used in network
> communication protocol. Is that a correct statemen
On 09-08-2010 19:09, Erwann ABALEA wrote:
Hodie V Id. Aug. MMX, Erwann ABALEA scripsit:
[...]
This is not possible, as the ciphersuites defined by RFC5246 all
use P_SHA256 as the PRF (paragraph 1.2).
In paragraph 5, it is said "New cipher suites MUST explicitely specify
a PRF and, in general, SH
Hodie V Id. Aug. MMX, Erwann ABALEA scripsit:
[...]
> This is not possible, as the ciphersuites defined by RFC5246 all
> use P_SHA256 as the PRF (paragraph 1.2).
> In paragraph 5, it is said "New cipher suites MUST explicitely specify
> a PRF and, in general, SHOULD use the TLS PRF with SHA-256 or
Hodie V Id. Aug. MMX, Jakob Bohm scripsit:
> On 08-08-2010 01:13, Dr. Stephen Henson wrote:
[...]
> >It depends on what you mean by "in". Support for SHA-2 algorithms is in
> >OpenSSL 0.9.8 and later. The algorithm can be used in certificates and CMS
> >for
> >example.
> >
> >Since OpenSSL doesn't