On Sun, May 25, 2014 at 11:28:04AM -0400, Jeffrey Walton wrote:
> > sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
> > if ( sip_trp_ssl_ctx == NULL ) {
> > ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
> > return SSL_INIT_ERROR;
> > }
>
> Well, EC support was added to SSL/TLS at TLS 1.2.
That's not the case. ECDSA and ECDHE predate TLSv1.2. Full support
for EC in OpenSSL starts in OpenSSL 1.0.0, while support for TLSv1.2
was added in 1.0.1 IIRC.
$ openssl ciphers -v 'aECDSA:!TLSv1.2'
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
$ openssl ciphers -v 'aECDSA+TLSv1.2'
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
