On Wed, Apr 24, 2013 at 01:55:36PM -0700, d...@deadhat.com wrote: > > On Wed, Apr 24, 2013 at 03:18:45PM +0000, Nikola Vassilev wrote: > > > >> We are currently analyzing and understanding the security strength > >> of the openSSL internal implementation to certify the products. > >> In version 0.9.8d, TLSv1.0 alone is supported. Can you please > >> answer the following or provide me with the documentation reference > >> > >> 1. Does openSSL library use MD5 internally for any operation? > >> > >> 2. Can we have SHA256 in the ciphersuite with TLSv1.0? > > > > You're not qualified to perform this analysis. > > > > OpenSSL is not open to such analysis if a documentation reference cannot > be given.
Neither question requires any OpenSSL documentation, OpenSSL 0.9.8d implements SSLv2, SSLv3 and TLSv1.0. Anyone competent to assess the implementation knows the answers to these questions without looking at OpenSSL. The converse is not generally true: I know the answers to the questions, but I am also not competent to assess the strength of the cryptography in OpenSSL relative to other implementations of the same algorithms and protocol standards. That takes additional expertise, which the OP clearly lacks. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org