On Tue, Apr 06, 2010, Victor Duchovni wrote: > > http://cvs.openssl.org/chngview?cn=19536 > > -SSL_library_init() only registers ciphers. Another important initialization > -is the seeding of the PRNG (Pseudo Random Number Generator), which has to > -be performed separately. > +SSL_library_init() mainly adds ciphers and digests used directly by > SSL/TLS. > +In some cases this is not sufficient and errors about unknown algorithms > +will occur: for example when an attempt is made to use a certificate using > +SHA256. This can be resolved by also calling OpenSSL_add_all_algorithms(). > > I find the last two sentences a bit confusing. > > Are certificates that use SHA-2 digests conformant with TLS 1.0 (AFAIK > OpenSSL does not support TLS 1.1 or later)? > > If such certificates are valid, should not SHA-2 digests be initialized > by SSL_library_init()? > > If such certificates are not valid with TLS 1.0, which applications need > to worry about SHA-2 and OpenSSL_add_all_algorithms()? > > Postfix only calls SSL_library_init(), with the expectation that > everything required for interoperable TLS/SSL support will be initialized > via this call without resort to OpenSSL_add_all_algorithms(), is this > the wrong expectation? Specifically, I would expect that SHA-2 will > automatically be initialized as soon as OpenSSL implements support for > a version of the protocol in which SHA-2 certificate signatures are valid. > > If TLS 1.0 is such a protocol version, then I would expect > SSL_library_init() to initialize SHA-2 message digests. > > Has the guidance to developers who use OpenSSL for TLS/SSL rather than > as general-purpose cryptography toolkit changed wrt. library initialization? >
Well that actual manual page is rather old and it still talks about PRNG initialisation which dates from the time OpenSSL didn't handle that automatically on many platforms. Traditionally SSL_library_init() added all the algorithms you were most likely to encounter for SSL/TLS. There was always the possibility that additional algorithms could be encountered in certificates and private key encryption. You could for example find a certificate using RIPEMD and encrypt the private key with Blowfish. SHA2 is starting to be used in certifcates and as a result SSL_library_init() is not always sufficient any more. I suppose it makes sense to add the SHA2 algorithms to SSL_library_init() (40 bit RC2 was added so PKCS#12 still worked), they'll be needed for TLS 1.2 anyway. The dev version of OpenSSL (which will be 1.1.0) does support TLS 1.1 and it is something likely to be backported to 1.0.x for x >= 1. TLS 1.2 is not under development yet. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
