Lutz Jaenicke wrote:
>
> Hi,
>
> I am currently evaluating the steps necessary to get the 56bit cipher
> stuff working.
I think the background to this may have been in some private mails
between me and Lutz, so I should just explain: 56-bit ciphers don't get
selected during cipher negotiation because of the way that ordering is
done. Lutz proposes to fix that, and some other stuff.
> It might include the use of more bits to represent the EXPORT encryption
> strength level.
> We might also need at least one bit more for the RC6 encryption proposed in
> the last days. Eventually other extensions will be necessary over longer time.
Is this going to cause a shortage of bits?
> Hence, I would like to extend the
> typedef struct ssl_cipher_st { ... } SSL_CIPHER;
> structure. I am not completely sure on how to do it, but I tend to
> seperate different properties, as on now just masked into
> unsigned long algorithm;
> like SSL_ENC_MASK, SSL_MAC_MASK, SSL_EXP_MASK (see ssl/ssl_locl.h)
> into own elements.
Ah. That'll sort out the bit shortage.
> Additionally, I would like to add fields for the number of bits used,
> so that this information would be hardcoded and SSL_get_cipher_bits()
> would return correct values (see mod_ssl and Apache+SSL for references).
>
> Since this would break binary compatibility (and this should be done
> as seldom as possible), I would like to hear opinions and maybe proposals
> for further improvements/enhancements.
I think its a good idea.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
