Hi,
We are currently analyzing and understanding the security strength of the
openSSL internal implementation to certify the products.
In version 0.9.8d, TLSv1.0 alone is supported. Can you please answer the
following or provide me with the documentation reference
1. Does openSSL
MD5 is used in TLS1.0 for RSA signing and random derivation (PRF). See
RFC2246.
(Please note that OpenSSL hasn't been mentioned in this sentence).
SHA256 used for the PRF is available with TLS1.2 only. SHA256 used for
the HMAC is available for some ciphersuites defined for TLS1.2 only (but
I
You're right.
PRF in TLS1.0 is done by splitting the secret in 2 parts, hashing the
first with MD5, hashing the second with SHA1, and XORing the 2 results.
RSA signing in TLS1.0 is done by hashing the data with MD5 and SHA1,
concatenating the 2 hash results, and signing the 36 bytes result
Careful about this. The technically correct answer is misleading.
Yes, MD5 is used in the PRF, but it is XORed with SHA1. So you get at
least the strength of stronger of the two.
--David Jacobson
On 4/23/13 3:31 AM, Erwann Abalea wrote:
MD5 is used in TLS1.0 for RSA signing and random
Since there is no fixed, I was tasked to get this to work.. Here is the
workaround I created and the code has been in the production for a year. I
found it works well. Also, when Microsoft utilize subjectAltName as
UserPrincipalName value to integrate smart card authentication with Active
Hey All,
I'm trying to figure out how to properly destroy an X509_CRL struct. I
can't seem to figure out any API for it. Can someone point me in the right
direction? I'm using PEM_read_X509_CRL to create the object.
Thanks,
Shawn
