On Thu, Aug 15, 2013, Zyan Wu wrote: > >From the documents of http://www.openssl.org/docs/apps/ciphers.html and > CHANGES with the source code, RFC3268 is stated to be supported. > > But I cannot get the following ciphers by using openssl ciphers. (I have > used openssl1.0.1e and openssl0.9.8y) > > TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA > TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA > TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA > TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA > > Are they really supported or do I have to enable them when building > openssl? >
Those web pages refer to the current development branch of OpenSSL so some features (including these ciphersuites) may not be in all versions of OpenSSL. Those pareticular ciphersuites require the use of a DH certificate and are only supported in unreleased OpenSSL 1.0.2 and the master branch. Very few implementations support them, the ephemeral DH (EDH) ciphersuites are much more common. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
