subject:"mac os x safari ssl cipher suite"

Re: mac os x safari ssl cipher suite

2006-08-13 Thread James A. Donald


--
Joe Cooley wrote:
 Safari only seems to support DES, 3DES, and RC4
 ciphers.  My question is this: should I be concerned
 about privacy when *_RC4_* is the negotiated suite,

Nothing wrong with RC4, when used correctly.  Using it
correctly turned out to be harder than we originally
thought - but SSL does use it correctly.


--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 8PORO+zKpxIcfbxPbIn6QJCWObzpBeAHXq1ayeRH
 4Xom0un81cmvTp/yhXOteppnRKtloRB7itr3E2ASz

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

mac os x safari ssl cipher suite

2006-08-11 Thread Joe Cooley


I recently inspected ssl packets from the following apps:

firefox 1.5.0.6
safari 2.0.4 (419.3)
curl 7.15.4 with OpenSSL/0.9.7i

I found that they list the following cipher suites during the client
hello handshake protocol:

(snippets from ethereal -V output...)

safari (22):
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: Unknown (0xff83)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: Unknown (0xff82)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
Cipher Suite: Unknown (0xff80)
Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
Cipher Suite: TLS_DH_anon_WITH_RC4_128_MD5 (0x0018)
Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b)
Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a)
Cipher Suite: TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 (0x0017)
Cipher Suite: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x0019)

firefox (20):
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: SSL_RSA_FIPS_WITH_DES_CBC_SHA (0xfefe)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)

curl (33):
Cipher Spec: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
Cipher Spec: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38)
Cipher Spec: TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
Cipher Spec: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)
Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13)
Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x0a)
Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
Cipher Spec: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
Cipher Spec: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32)
Cipher Spec: TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
Cipher Spec: SSL2_RC2_CBC_128_CBC_WITH_MD5 (0x030080)
Cipher Spec: TLS_DHE_DSS_WITH_RC4_128_SHA (0x66)
Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x05)
Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x04)
Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
Cipher Spec: SSL2_RC4_64_WITH_MD5 (0x080080)
Cipher Spec: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x63)
Cipher Spec: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62)
Cipher Spec: TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 (0x61)
Cipher Spec: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x15)
Cipher Spec: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x12)
Cipher Spec: TLS_RSA_WITH_DES_CBC_SHA (0x09)
Cipher Spec: SSL2_DES_64_CBC_WITH_MD5 (0x060040)
Cipher Spec: TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA (0x65)
Cipher Spec: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x64)
Cipher Spec: TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 (0x60)
Cipher Spec: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x14)
Cipher Spec: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x11)
Cipher Spec: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x08)
Cipher Spec: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x06)
Cipher Spec: SSL2_RC2_CBC_128_CBC_WITH_MD5 (0x040080)
Cipher Spec: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x03)
Cipher Spec: SSL2_RC4_128_EXPORT40_WITH_MD5 (0x020080)

Safari only seems to support DES, 3DES, and RC4 ciphers.  My question
is this: should I be concerned about privacy when *_RC4_* is the
negotiated suite, i.e., in my tests, safari used
TLS_RSA_WITH_RC4_128_SHA?  Firefox and curl used
TLS_DHE_RSA_WITH_AES_256_CBC_SHA.

Thanks,
Joe

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: mac os x safari ssl cipher suite

mac os x safari ssl cipher suite

2 matches

Site Navigation

Mail list logo

Footer information