http://tools.ietf.org/html/rfc2246
The RFC for TLS 1.0
OpenSSL implements that, as per specification. And incidentally, as rfc2246 pre-dates (Jan 1999) SHA-256 (2001) the answers aren't the ones you want to hear.
NOT an OpenSSL problem that, simply the fact that time has passed and the security landscape has changed.
If you want secure, TLS 1.2 (Published March 2011) is it now, and OpenSSL 0.9.8d (Released September 2006) dosn't support TLS 1.2
Peter
-----owner-openssl-...@openssl.org wrote: -----
To: openssl-us...@openssl.org, "openssl-dev@openssl.org" <openssl-dev@openssl.org>
From: "Nikola Vassilev"
Sent by: owner-openssl-...@openssl.org
Date: 04/25/2013 02:21AM
Subject: Re: MD5 in openSSL internals
From: "Nikola Vassilev"
Sent by: owner-openssl-...@openssl.org
Date: 04/25/2013 02:21AM
Subject: Re: MD5 in openSSL internals
From: Venkataragavan Narayanaswamy <v...@brocade.com>
Sender: owner-openssl-us...@openssl.org
Date: Tue, 23 Apr 2013 00:29:17 -0600
To: openssl-dev@openssl.org<openssl-dev@openssl.org>; openssl-us...@openssl.org<openssl-us...@openssl.org>
ReplyTo: openssl-us...@openssl.org
Subject: MD5 in openSSL internals
Hi,
We are currently analyzing and understanding the security strength of the openSSL internal implementation to certify the products.
In version 0.9.8d, TLSv1.0 alone is supported. Can you please answer the following or provide me with the documentation reference
1. Does openSSL library use MD5 internally for any operation?
2. Can we have SHA256 in the ciphersuite with TLSv1.0?
Thanks,
Venkat
