On Wed, Apr 24, 2013 at 01:55:36PM -0700, d...@deadhat.com wrote:
> > On Wed, Apr 24, 2013 at 03:18:45PM +0000, Nikola Vassilev wrote:
> >
> >> We are currently analyzing and understanding the security strength
> >> of the openSSL internal implementation to certify the products.
> >> In version 0.9.8d, TLSv1.0 alone is supported. Can you please
> >> answer the following or provide me with the documentation reference
> >>
> >> 1. Does openSSL library use MD5 internally for any operation?
> >>
> >> 2. Can we have SHA256 in the ciphersuite with TLSv1.0?
> >
> > You're not qualified to perform this analysis.
> >
>
> OpenSSL is not open to such analysis if a documentation reference cannot
> be given.
Neither question requires any OpenSSL documentation, OpenSSL 0.9.8d
implements SSLv2, SSLv3 and TLSv1.0. Anyone competent to assess
the implementation knows the answers to these questions without
looking at OpenSSL.
The converse is not generally true: I know the answers to the
questions, but I am also not competent to assess the strength of
the cryptography in OpenSSL relative to other implementations of
the same algorithms and protocol standards. That takes additional
expertise, which the OP clearly lacks.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
