On Fri, Nov 4, 2011 at 5:23 PM, John Foley <fol...@cisco.com> wrote: > None of the ECDH-RSA cipher suites appear to work in 0.9.8r. Yet they > work in 1.0.0. Is this expected? >
Yes -- the OpenSSL 0.9.8 branch includes basic support for elliptic-curve cryptography, but TLS integration wasn't finished. This is because OpenSSL 0.9.8 doesn't include support for TLS extensions, which are required for RFC-compliant ECC curve negotiation. > Looking at s3_lib.c, all the older DH-RSA cipher suites are disabled > (SSL_CIPHER->valid=0). But the ECDH-RSA ciphers listed in s3_lib.c are > enabled. This leads to the following questions: > > 1. Is it a bug that the ECDH-RSA cipher suites are not working? > 2. Or, is it a bug that the ECDH-RSA cipher suites are enabled? > Neither. Note that not *all* DH-RSA ciphersuites are disabled -- there are two classes of these: - The server's public key is a DH key (signed by RSA). - The server's key is an RSA key, the handshake uses an ephemeral DH key. The ciphersuites that are disabled are the non-ephemeral DH ciphersuites (OpenSSL knows their assigned numbers, but doesn't implement the actual ciphersuites). The ephemeral DH ciphersuites work in OpenSSL. Bodo
