On Fri, Nov 4, 2011 at 5:23 PM, John Foley fol...@cisco.com wrote:
None of the ECDH-RSA cipher suites appear to work in 0.9.8r. Yet they
work in 1.0.0. Is this expected?
Yes -- the OpenSSL 0.9.8 branch includes basic support for elliptic-curve
cryptography, but TLS integration wasn't finished. This is because OpenSSL
0.9.8 doesn't include support for TLS extensions, which are required for
RFC-compliant ECC curve negotiation.
Looking at s3_lib.c, all the older DH-RSA cipher suites are disabled
(SSL_CIPHER-valid=0). But the ECDH-RSA ciphers listed in s3_lib.c are
enabled. This leads to the following questions:
1. Is it a bug that the ECDH-RSA cipher suites are not working?
2. Or, is it a bug that the ECDH-RSA cipher suites are enabled?
Neither. Note that not *all* DH-RSA ciphersuites are disabled -- there are
two classes of these:
- The server's public key is a DH key (signed by RSA).
- The server's key is an RSA key, the handshake uses an ephemeral DH key.
The ciphersuites that are disabled are the non-ephemeral DH ciphersuites
(OpenSSL knows their assigned numbers, but doesn't implement the actual
ciphersuites). The ephemeral DH ciphersuites work in OpenSSL.
Bodo