On Thu, Mar 1, 2012 at 11:16 AM, Erik Tkal <[email protected]> wrote:
> I looked around and found RFC 5430 - Suite B Profile for Transport Layer > Security (TLS), which states: > > RFC 4492 defines a variety of elliptic curves. For cipher suites > defined in this specification, only secp256r1(23) or secp384r1(24) > may be used. … > > Clients desiring to negotiate only a Suite B compliant connection > MUST generate a "Supported Elliptic Curves Extension" containing only > the allowed curves. > > So does this mean that OpenSSL will not support RFC 5430 / Suite B in > 1.0.1? > RFC 5430 specifies that "A Suite B compliant TLS server MUST be configured to support the 128-bit security level, the 192-bit security level, or both security levels." OpenSSL can be configured for the 128-bit security level (using secp256r1) or for the 192-bit security level (using secp384r1), but it currently can't be configured to cleanly support both. (The section from which you quoted also says that "Clients that are willing to do both Suite B compliant and non-Suite B compliant connections MAY omit the extension or send the extension but offer other curves as well as the appropriate Suite B ones." I don't think that supporting Suite B means that you can't also allow non-Suite B compliant connections, with clients that don't support Suite B.) So without having checked all of the formal requirements, I think that OpenSSL 1.0.1 will support Suite B as specified by RFC 5430, even though there's not yet a good way to enable two or more explicitly chosen elliptic curves while disabling all the others. Bodo
