Re: ECDH-RSA key exchange support (rfc 4492)
On 08/14/2011 03:53 PM, Dr. Stephen Henson wrote: Should be fixed by this: http://cvs.openssl.org/chngview?cn=21247 Hi and thanks, it would solve all my problems too! Unfortunately, it doesn't seem to work for me :( __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDH-RSA key exchange support (rfc 4492)
On Tue, Aug 16, 2011, Gaglia wrote: On 08/14/2011 03:53 PM, Dr. Stephen Henson wrote: Should be fixed by this: http://cvs.openssl.org/chngview?cn=21247 Hi and thanks, it would solve all my problems too! Unfortunately, it doesn't seem to work for me :( Can you give me a more complete report? With me before this change OpenSSL 1.0.0 and later couldn't handle anything other than SHA1 signed ECDSA certificates for static ECDH ciphersuites, after this change it worked fine. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDH-RSA key exchange support (rfc 4492)
On 08/16/2011 02:58 PM, Dr. Stephen Henson wrote: Can you give me a more complete report? I detailed my situation in a previous recent thread ( Please help: OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian) ). Briefly: - I want to use ECDSA+SHA512 for OpenVPN authentication - OpenVPN uses OpenSSL routines to perform crypto - I recompiled the latest OpenSSL version after having applied your patch, and then recompiled OpenVPN with this updated instance of OpenSSL - still, ECDSA+SHA512 certificates don't work, while ECDSA+SHA160 ones and RSA+SHA512 ones do work Maybe I missed something important but all the steps I performed are detailed in the other thread. Feel free to ask anything of course! Thanks :) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDH-RSA key exchange support (rfc 4492)
On 08/13/2011 04:28 AM, Dave Thompson wrote: Adjacent in the code, 1.0.0 like 0.9.8 allows kECDH*e* only for cert signed ECDSA+SHA1 Now, this is interesting. I have tried an OpenVPN setup using elliptic curves certificates generated with OpenSSL 1.0.0, and in fact I've found that I couldn't use SHA-256 nor SHA-512. I thought it was an OpenVPN's issue, but then it seems it's not the case. See: https://forums.openvpn.net/topic8404-15.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDH-RSA key exchange support (rfc 4492)
On Fri, Aug 12, 2011, Dave Thompson wrote: 1.0.0 allows any cert sig alg whose name includes WithRSA. Adjacent in the code, 1.0.0 like 0.9.8 allows kECDH*e* only for cert signed ECDSA+SHA1, though 1.0.0 otherwise handles ECDSA+SHA2family. That probably needs a similar upgrade. Should be fixed by this: http://cvs.openssl.org/chngview?cn=21247 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ECDH-RSA key exchange support (rfc 4492)
Is there a known bug with ECDH_RSA key exchange cipher suites in 0.9.8r? For instance, using cipher suite ECDH-RSA-AES128-SHA in 0.9.8r does not work. But it does work in 1.0.0d. This is tested using the following command: ssltest -tls1 -cert servercert.pem -key serverkey.pem -cipher ECDH-RSA-AES128-SHA The certificate is an ECC cert signed by an RSA root. Here's the output from the cert: Certificate: Data: Version: 1 (0x0) Serial Number: a5:30:9a:82:45:80:65:61 Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd Validity Not Before: Aug 10 18:57:37 2011 GMT Not After : Sep 9 18:57:37 2011 GMT Subject: C=AU, ST=Some-State, L=ok, O=dd, OU=ee, CN=ff Subject Public Key Info: Public Key Algorithm: id-ecPublicKey EC Public Key: pub: 04:a5:79:81:29:ba:0f:49:32:f2:e6:11:47:db:7b: 25:ed:4a:3f:b2:96:ad:93:a4:5a:3f:35:f4:c9:85: f1:f3:eb:15:86:c8:01:b7:c0:11:92:5a:48:63:73: 1a:2a:30:e3 ASN1 OID: prime192v1 Signature Algorithm: sha1WithRSAEncryption 21:b2:20:f1:c6:c8:e5:e6:8e:66:ec:a3:3c:ac:25:eb:61:6f: cd:7c:e7:e8:c1:c5:1a:7c:26:9b:2e:2d:22:f4:30:bc:97:23: 55:2a:eb:c6:d8:ee:14:36:55:55:24:19:32:17:10:13:e5:3a: aa:1d:94:c6:37:80:e4:25:79:87:bb:ec:11:a4:8c:79:db:7f: 70:a9:e2:2b:38:38:c8:fa:36:b1:8f:06:fe:d0:ba:b4:05:82: f4:c5:87:e7:ca:5a:a5:49:6c:2b:9b:8e:87:f8:c2:7e:d3:b0: 58:db:3c:f6:ff:06:04:f7:26:27:0f:18:86:af:cc:91:f7:f0: f9:ff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: ECDH-RSA key exchange support (rfc 4492)
From: owner-openssl-us...@openssl.org On Behalf Of John Foley Sent: Thursday, 11 August, 2011 15:10 Is there a known bug with ECDH_RSA key exchange cipher suites in 0.9.8r? For instance, using cipher suite ECDH-RSA-AES128-SHA in 0.9.8r does not work. But it does work in 1.0.0d. This is tested using the following command: ssltest -tls1 -cert servercert.pem -key serverkey.pem -cipher ECDH-RSA-AES128-SHA The certificate is an ECC cert signed by an RSA root. snip Looking at 0.9.8 ssl_set_cert_mask there is a limitation which is certainly surprising (and not to my recollection documented), whether or not we call it a bug. It allows kECDHr only if the cert is signed with md2+RSA md4+RSA or md5+RSA, nothing else. In particular not sha1+RSA which your posted cert is. I tested with an md5+RSA cert and it works. But in about the past 3 years md5+anything certs are easily forgeable at least sometimes, so they don't reliably give you authentication, and if you don't need authentication you could just use anon-ECDH which also works. 1.0.0 allows any cert sig alg whose name includes WithRSA. Adjacent in the code, 1.0.0 like 0.9.8 allows kECDH*e* only for cert signed ECDSA+SHA1, though 1.0.0 otherwise handles ECDSA+SHA2family. That probably needs a similar upgrade. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org