Eugene Levy wrote:
>
> Is there anyway to add the BF (BlowFish) symmetric cipher to TLS, so
> that within a TLS session, randomly generated BF keys are used? For
> those paranoid with security, a "BF-SHA1" cipher, with 256-448 bit
> random keys can be used. The current release of openssl-0.95a doesn't
> seem to have a TLS cipher with BF, and looking at previous postings,
> many others want this also. Does openssl provide an API for adding
> new TLS ciphers, like it does for adding new X509v3 extensions?
>
TLS cipher suites have a pair of registered numbers associated with
them. AFAIK (someone please let me know if you know different) no BF TLS
spec exists describing BF cipher suites.
It would be possible to add BF cipher suites giving them experimental
numbers but ideally some "official" numbers should be used.
BTW the maximum useful key size is determined by the size of the TLS
master secret (48 bytes).
There isn't an API to add new TLS cipher suites. The core source code
needs to be modified.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
