subject:"RE\: \[openssl.org #3059\] TLS 1.2 CertificateRequests allows MD5"

Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

2013-06-03 Thread Kurt Roeckx via RT

On Mon, Jun 03, 2013 at 07:25:24AM -0400, John Foley wrote: > Rather than dropping it from the list, another option would be to > re-prioritize the list. Given MD5 is weak, it should be at the end of > the ClientHello signature algorithms extensions. This would facilitate > backwards compatibilit

Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

2013-06-03 Thread Kurt Roeckx

On Mon, Jun 03, 2013 at 07:25:24AM -0400, John Foley wrote: > Rather than dropping it from the list, another option would be to > re-prioritize the list. Given MD5 is weak, it should be at the end of > the ClientHello signature algorithms extensions. This would facilitate > backwards compatibilit

RE: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

2013-06-03 Thread Salz, Rich

Subject: Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5 On Mon, Jun 03, 2013, Salz, Rich wrote: > It's a general problem; what if the client list contains stronger ciphers but > they appear after the weaker ones? > > We modified code so that the server side

Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

2013-06-03 Thread Dr. Stephen Henson

On Mon, Jun 03, 2013, Salz, Rich wrote: > It's a general problem; what if the client list contains stronger ciphers but > they appear after the weaker ones? > > We modified code so that the server side can have its own ordered list, and > it will search through that list from what the client of

RE: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

2013-06-03 Thread Salz, Rich

It's a general problem; what if the client list contains stronger ciphers but they appear after the weaker ones? We modified code so that the server side can have its own ordered list, and it will search through that list from what the client offers. If I can get the patches released, is there

Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

2013-06-03 Thread John Foley via RT

Rather than dropping it from the list, another option would be to re-prioritize the list. Given MD5 is weak, it should be at the end of the ClientHello signature algorithms extensions. This would facilitate backwards compatibility, while improving the security posture when communicating with peer

Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

2013-06-03 Thread John Foley

Rather than dropping it from the list, another option would be to re-prioritize the list. Given MD5 is weak, it should be at the end of the ClientHello signature algorithms extensions. This would facilitate backwards compatibility, while improving the security posture when communicating with peer

Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

RE: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

RE: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5

7 matches

Site Navigation

Mail list logo

Footer information