On 03/17/2012 05:32 PM, Bodo Moeller wrote:
>>> My reading of RFC4492 is that the ECC ciphersuites apply only to TLS >>> 1.0 or later. According to it: "This document describes additions to TLS >>> to support ECC, applicable both to TLS Version 1.0 [2] and to TLS >>> Version 1.1 [3]. In particular, it defines...". > Well, SSL 3.0 was never passed as an IETF spefication, so if SSL 3.0 is the > common protocol version, everything's an ad hoc interpretation of the RFCs > (or, worse, you're really following draft-freier-ssl-version3-01.txt by the > letter). SSL 3.0 behavior is just out of the scope of the RFCs; there's > not good reason not to use the ECC ciphersuites in SSL 3.0 (apart from the > various good reasons to entirely avoid SSL 3.0). I've tried to change that and publish SSL 3.0 RFC6101 but it is quite recent. However it seems to be common for ciphersuites to restrict themselves on a minimum TLS version. For example rfc5288 (aes-gcm) requires TLS 1.2 or later. In gnutls we've set the following as minimum versions in the ciphersuites we support: http://www.gnu.org/software/gnutls/manual/html_node/Supported-ciphersuites.html#Supported-ciphersuites I don't know whether we are correct on every occasion though. Now that I see that again, the protocol version restriction seems like a source for incompatibilities. For example camellia-128-cbc was described on TLS 1.0, but there are not many compelling reasons not to use it under ssl 3.0. I've raised the issue on tls wg: http://www.ietf.org/mail-archive/web/tls/current/msg08509.html regards, Nikos ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
