I changed the default_md to sha512 in the configuration file and the
generated pem file shows
Signature Algorithm: sha512WithRSAEncryption
Client and server are still able to communicate. ( Server uses the new
pem file and the client uses an old pem file with md5 ).
So I guess that works f
So if I want to use SHA-2 in my certificates, how do I choose on from the
available SHA-2 family?
The only thing I see in the config file we use is
default_md = md5
and the generated pem file has the following entry:
Signature Algorithm: md5WithRSAEncryption
Which SHA-2 family can I use?
Hodie IV Id. Aug. MMX, Jakob Bohm scripsit:
[...]
> The issue is which PRF to use when TLS version <= 1.1 but ciphersuite
> is from RFC5246 Appendix A. The TLS 1.1 and older standards then
> insist on the old PRF no matter what cipher suite is used, while the
> cipher suite definitions (in RFC5246
Hodie IV Id. Aug. MMX, Alex Chen scripsit:
> I am only a end user and not familiar with SSL internal. If I
> understand the replies correctly, OpenSSL 1.0.x currently supports
> SHA-2 in certificates but not in the cipher suites used in network
> communication protocol. Is that a correct statemen
I am only a end user and not familiar with SSL internal. If I understand the
replies correctly, OpenSSL 1.0.x currently supports SHA-2 in certificates but
not in the cipher suites used in network communication protocol. Is that a
correct statement?
Alex
On Aug 9, 2010, at 6:44 AM, Jakob Bohm
On 09-08-2010 19:09, Erwann ABALEA wrote:
Hodie V Id. Aug. MMX, Erwann ABALEA scripsit:
[...]
This is not possible, as the ciphersuites defined by RFC5246 all
use P_SHA256 as the PRF (paragraph 1.2).
In paragraph 5, it is said "New cipher suites MUST explicitely specify
a PRF and, in general, SH
Hodie V Id. Aug. MMX, Erwann ABALEA scripsit:
[...]
> This is not possible, as the ciphersuites defined by RFC5246 all
> use P_SHA256 as the PRF (paragraph 1.2).
> In paragraph 5, it is said "New cipher suites MUST explicitely specify
> a PRF and, in general, SHOULD use the TLS PRF with SHA-256 or
Hodie V Id. Aug. MMX, Jakob Bohm scripsit:
> On 08-08-2010 01:13, Dr. Stephen Henson wrote:
[...]
> >It depends on what you mean by "in". Support for SHA-2 algorithms is in
> >OpenSSL 0.9.8 and later. The algorithm can be used in certificates and CMS
> >for
> >example.
> >
> >Since OpenSSL doesn't
Jakob Bohm wrote:
I believe this is an unfortunate reading of the RFCs. Fundamentally,
the SSL3/TLS protocols do not tie the availability of a cipher suite to
the version of the protocol document which was current when it was
introduced. The fact that the most common cipher suites are defined in
On 08-08-2010 01:13, Dr. Stephen Henson wrote:
On Fri, Aug 06, 2010, Alex Chen wrote:
Is SHA-2 supported in OpenSSL 1.0 or the latest version?
From my search in Google, I found the following entry in openssl-dev mailing
list:
List: openssl-dev
Subject:Re: SHA-2 support in openssl?
On Fri, Aug 06, 2010, Alex Chen wrote:
> Is SHA-2 supported in OpenSSL 1.0 or the latest version?
> From my search in Google, I found the following entry in openssl-dev mailing
> list:
> > List: openssl-dev
> > Subject:Re: SHA-2 support in openssl?
> > From: smitha daggubati
> >
Is SHA-2 supported in OpenSSL 1.0 or the latest version?
From my search in Google, I found the following entry in openssl-dev mailing
list:
> List: openssl-dev
> Subject:Re: SHA-2 support in openssl?
> From: smitha daggubati
> Date: 2009-11-18 9:56:55
> Message-ID: 40a23ffd0
12 matches
Mail list logo
