Hi,
>From a study of openssl (ssleay32) cipher suites, I have following:
0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
0x66 TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1
0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-DES-CBC-SHA
SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
0x0a TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
0x05 TLS_RSA_WITH_RC4_128_SHA RC4-SHA
SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
0x04 TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
0x09 TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
0x63 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1 export
0x65 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export
0x60 TLS_RSA_EXPORT1024_WITH_RC4_MD5 EXP1024-RC4-MD5
SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export
0x62 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export
0x61 TLS_RSA_EXPORT1024_WITH_RC2_CBC_MD5 EXP1024-RC2-CBC-MD5
SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export
0x64 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
0x07 TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
My question is what should be the:
1. key size of DH in 0x16, 0x13, 0x66, 0x15, 0x12 (i.e. non-export cipher
suites).
2. if key size of 1024 export cipher suites (0x63, 0x65, 0x60, 0x62, 0x61,
0x64) is 1024 bits for Ephemeral DH, Ephemeral RSA, then why doesn't
ssleay32 report an error if some different key size is used.
3. if key size of 512 export cipher suites (0x14, 0x11, 0x03, 0x06, 0x08) is
512 bits for Ephemeral DH, Ephemeral RSA, then why doesn't ssleay32 report
an error if some different key size is used.
remember u can always call SSL_CTX_set_tmp_dh() and set any key size dh
key..
Thanks in advance..
Aslam
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
