From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Jakob Bohm [jb-open...@wisemo.com]
Sent: Tuesday, November 06, 2012 1:34 AM
To: openssl-users@openssl.org
Subject: Re: ECDH-RSA and TLS 1.2
On 11/5/2012 1:37 AM, Jeffrey
On 11/5/2012 1:37 AM, Jeffrey Walton wrote:
On Sun, Nov 4, 2012 at 7:15 PM, jb-open...@wisemo.com wrote:
On 02-11-2012 21:46, Jeffrey Walton wrote:
On Fri, Nov 2, 2012 at 4:30 PM, Jakob Bohm jb-open...@wisemo.com wrote:
(continuing TOFU posting to keep the thread somewhat consistent)
On Fri, Nov 02, 2012, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Abhiram Shandilya
Sent: Thursday, 01 November, 2012 21:31
-dev added
I configured my openssl RSA CA to add the key usage extension
for key agreement to the ECC certificate but even then it
-
From: Erik Tkal
Sent: Friday, November 02, 2012 8:24 AM
To: openssl-users@openssl.org
Subject: RE: ECDH-RSA and TLS 1.2
What if the server has an ECDH certificate? Would that then be the
appropriate set of suites?
-Original Message-
From: Dr. Stephen Henson
Sent: Thursday, November 01
On Sun, Nov 4, 2012 at 7:15 PM, jb-open...@wisemo.com wrote:
On 02-11-2012 21:46, Jeffrey Walton wrote:
On Fri, Nov 2, 2012 at 4:30 PM, Jakob Bohm jb-open...@wisemo.com wrote:
(continuing TOFU posting to keep the thread somewhat consistent)
Given some of the mathematical restrictions on
Of Dr. Stephen Henson
Sent: Thursday, November 01, 2012 10:38 PM
To: openssl-users@openssl.org
Subject: Re: ECDH-RSA and TLS 1.2
On Fri, Nov 02, 2012, Abhiram Shandilya wrote:
Hi Steve, Thanks for your response. I'm just trying to figure out what
it takes to get this working - are you
Well one reason is that the fixed ECDH cipher suites do not support forward
secrecy because they always use the same ECDH key.
ECDHE cipher suites as implemented in OpenSSL don't necessarily
support forward secrecy either. I wonder what it takes to get
SSL_OP_SINGLE_ECDH_USE option by default
@openssl.org
Subject: RE: ECDH-RSA and TLS 1.2
What if the server has an ECDH certificate? Would that then be the appropriate
set of suites?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org
: Friday, November 02, 2012 8:24 AM
To: openssl-users@openssl.org
Subject: RE: ECDH-RSA and TLS 1.2
What if the server has an ECDH certificate? Would that then be the appropriate
set of suites?
-Original Message-
From: Dr. Stephen Henson
Sent: Thursday, November 01, 2012 10:38 PM
certificates can be used for both ECDH key
agreement and ECDSA digital signature.
-Original Message-
From: Erik Tkal
Sent: Friday, November 02, 2012 8:24 AM
To: openssl-users@openssl.org
Subject: RE: ECDH-RSA and TLS 1.2
What if the server has an ECDH certificate? Would
From: owner-openssl-us...@openssl.org On Behalf Of Abhiram Shandilya
Sent: Thursday, 01 November, 2012 21:31
-dev added
I configured my openssl RSA CA to add the key usage extension
for key agreement to the ECC certificate but even then it
does not work. Pre-TLS 1.2 cipher suites such as
On Thu, Nov 01, 2012, Abhiram Shandilya wrote:
I ran openssl s_server with an ECC certificate signed by an RSA Root CA. When
I try to connect using s_client and a TLS 1.2 ECDH-RSA cipher suite (eg
ECDH-RSA-AES128-SHA256 or ECDH-RSA-AES128-GCM-SHA256), the connection fails
with s_server
Hi Steve,
Thanks for your response. I'm just trying to figure out what it takes to get
this working - are you of the opinion that an SSL server should not support TLS
1.2 ECDH-RSA cipher suites? Could you also mention why?
I configured my openssl RSA CA to add the key usage extension for key
On Fri, Nov 02, 2012, Abhiram Shandilya wrote:
Hi Steve, Thanks for your response. I'm just trying to figure out what it
takes to get this working - are you of the opinion that an SSL server should
not support TLS 1.2 ECDH-RSA cipher suites? Could you also mention why?
Well one reason
I ran openssl s_server with an ECC certificate signed by an RSA Root CA. When I
try to connect using s_client and a TLS 1.2 ECDH-RSA cipher suite (eg
ECDH-RSA-AES128-SHA256 or ECDH-RSA-AES128-GCM-SHA256), the connection fails
with s_server printing the following error: 3086918464:error:1408A0C1
15 matches
Mail list logo