On Wed, Feb 27, 2013, Nayna Jain wrote:
Thanks Dr. Stephen and Victor for explanation
Some questions further in this :
Is there an API to configure programmatically , what hash algorithm it
can use. My understanding is that final ciphers which are selected are
for encryption
On 2/27/2013 3:14 PM, Dr. Stephen Henson wrote:
On Wed, Feb 27, 2013, Nayna Jain wrote:
Thanks Dr. Stephen and Victor for explanation
Some questions further in this :
Is there an API to configure programmatically , what hash algorithm it
can use. My understanding is that final
Hi all,
I have a server and client.
Both server and client authenticate each other. And so client also sends
the certificate.
Here client certificate has RSA 512 bits and md5. Server certificates has
RSA 1024 bits and md5.
Both server and client are using the API SSLv23_server_method() and
On Tue, Feb 26, 2013 at 11:30:18PM +0530, Nayna Jain wrote:
Both server and client authenticate each other. And so client also sends
the certificate.
Here client certificate has RSA 512 bits and md5. Server certificates has
RSA 1024 bits and md5.
Bottom-line: DO NOT use 512-bit RSA moduli,
Or use another hash type for signature which can produce not more than 53
bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using 512-bit
keys. OpenSSL by default uses SHA512 hash for signature. Change the code to
use any other hash.
512 bit(64 byte) RSA key can only encrypt 53 bytes at
On Wed, Feb 27, 2013 at 12:49:55AM +0530, Thulasi Goriparthi wrote:
Or use another hash type for signature which can produce not more than 53
bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using 512-bit
keys. OpenSSL by default uses SHA512 hash for signature. Change the code to
On Wed, Feb 27, 2013 at 1:39 AM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:
On Wed, Feb 27, 2013 at 12:49:55AM +0530, Thulasi Goriparthi wrote:
Or use another hash type for signature which can produce not more than 53
bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using
On Wed, Feb 27, 2013 at 01:55:24AM +0530, Thulasi Goriparthi wrote:
Interestingly enough, it is in fact SHA384 that fails with RSA-512. The
client and server agree on:
ECDHE-RSA-AES256-GCM-SHA384
Signature Hash type is not controlled by the CipherSuite and can be
dynamically
On Tue, Feb 26, 2013, Viktor Dukhovni wrote:
On Wed, Feb 27, 2013 at 12:49:55AM +0530, Thulasi Goriparthi wrote:
Or use another hash type for signature which can produce not more than 53
bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using 512-bit
keys. OpenSSL by default
Thanks Dr. Stephen and Victor for explanation
Some questions further in this :
Is there an API to configure programmatically , what hash algorithm it
can use. My understanding is that final ciphers which are selected are
for encryption and HMAC generation of application data packets.
10 matches
Mail list logo
