RFC5054 says: "Cipher suites that begin with TLS_SRP_SHA_RSA or TLS_SRP_SHA_DSS require the server to send a certificate message containing a certificate with the specified type of public key, and to sign the server key exchange message using a matching private key.
Cipher suites that do not include a digital signature algorithm identifier assume that the server is authenticated by its possession of the SRP verifier." So why do I get this: $ openssl ciphers -v aNULL | grep SRP SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(256) Mac=SHA1 SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=None Enc=3DES(168) Mac=SHA1 SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(128) Mac=SHA1 If the server is "authenticated by its possession of the SRP verifier"? Steve Henson says: "Looks like the SRP cipher decriptions are broken and we need an SSL_aSRP to do the same as SSL_aPSK." Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org