Hi All,
Any answers to my question(s) below ?
Basically I have to make sure [ IPSec link establishment, Certificates
verification, general TLS/SSL, HTTPS, SSH, SFTP], etc all can support
use of the SHA-2 (specifically sha-256) algorithms !
On my system I have openssl 0.9.8g, and I have openssh_5.0p1
According to Rafiq's response below: It looks like openssl 0.9.8g
already has support for sha-256 for my needs mentioned above ?.?
1. Do I need to make sure that openssh supports sha-256 for SSH and SFTP
operations, or does openssh basically end up using openssl underneath ?
2. I tried configuring /etc/ssh/sshd_config and /etc/ssh/ssh_config
with the option MACs sha-2 or MACs sha-256, and tried to restart
sshd. It didnt like that option ! So I am guessing my openssh version
doesnt support sha-256 ?.?
3. Any comments about this blurb I found online:
To implement the SHA256 support in OpenSSH, the platform must
support libcSHA256 or OpenSSLEVP_sha256 SHA256 KEX.
Any help would be greatly appreciated. Thanks in advance.
________________________________
From: Hasan Rezaul-CHR010
Sent: Wednesday, March 10, 2010 1:45 PM
To: 'openssl-users@openssl.org'
Cc: openssl-...@openssl.org; Berger Timothy-TBERGER1; Cheng
Heilung-HCHENG1
Subject: sha-256 support in openssl 0.9.8g
Thanks Rafiq and Jason,
I did run the "openssl dgst -sha256 <filename>" command, and it didnt
complain ! So I know at least the simple sha-256 hashing operation is
supported in openssl 0.9.8g.
Just wasn't sure if it was also fully supported in the context of
certificate verification, etc. Sounds like it is...
I also need to make sure SHA-256 will work with SSH and SFTP on my
machine. So was reading up some OPENSSH posts online. And came across
this. Any thoughts ? Thanks a lot
To implement the SHA256 support in OpenSSH, the platform must
support libcSHA256 or OpenSSLEVP_sha256 SHA256 KEX.
________________________________
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Rafiqul Ahsan
Sent: Tuesday, March 09, 2010 12:13 PM
To: openssl-users@openssl.org
Cc: openssl-...@openssl.org
Subject: Re: OpenSSL server problems
Yes, openssl 098g supports SHA256.
I built Freeradius 1.1.7 with openssl 098g, and we have been using
EAP-TLS with SHA256 signed certs for quite sometimes.
Thanks
On Tue, Mar 9, 2010 at 11:28 AM, Hasan Rezaul-CHR010
<chr...@motorola.com> wrote:
Hi All,
I am somewhat of a newbie to openssl, so apologize in advance
for my
ignorance :-)
I have openssl version 0.9.8g on my custom Linux 2.6.27 distro.
I need to make sure that SHA-2 (specifically SHA-256 algorithm)
is
supported with this version of openssl.
The sha-256 algorithm will be used during IPSec link
establishment,
Certificates Verification, and for general TLS/SSL Cipher
suites.
From the quick online reading, I am getting mixed messages of
whether
sha-2 algorithms (specifically sha-256) is truly supported or
not ?!?
Supposedly things might still be hard-coded to sha-1 even when
sha-2
algorithms are 'supported' ?...
1. Would you kindly clarify if openssl version 0.9.8g does
infact meet
my needs ? That is, does it in fact support sha-256 to be used
in IPSec,
Certificate verification, and general TLS/SSL.
2. If 0.9.8g is not adequate, what version of openssl does
infact
support my needs described above ?
Thanks soo much in advance.
______________________________________________________________________
OpenSSL Project
http://www.openssl.org <http://www.openssl.org/>
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
majord...@openssl.org
--
Rafiqul Ahsan
