Re: TLS Cipher Suites

Patrick O'Keefe Wed, 04 Feb 2009 16:28:16 -0800

On Wed, 4 Feb 2009 15:45:42 -0600, Hal Merritt 
<hmerr...@jackhenry.com> wrote:


>Awesome! That was too easy. Now All I have to do is figure out what 
was displayed. The FM just identifies the message number as a 
response to a display.
>
>GSK01009I Cryptographic status 024
>Algorithm       Hardware    Software
>DES                 56          56
>3DES               168         168
>AES                 --         256
>RC2                 --         128
>RC4                 --         128
>RSA Encrypt       1024        4096
>RSA Sign          2048        4096
>DSS                 --        1024
>
>Since I don't see 'anonymous', can I safely say that that algorithm is -
not- present? And bet my job on that? (I am only half kidding.)
>...
I'm pretty sure you can bet your job on it.  The anon algorithms
ar not supported, either in hardware or software.  I've herad that
they are not safe to use anyway.
 
A useful table I got from somewhere (that gets pretty garbled with 
proportional fonts.  Each cipher suite is a combination of an
encryption algorithm and a hashing algorithm.   It's pretty easy 
to match the parts of the cipher suite names to the lines in the 
GSKSRVR display.
Cipher Suite name                Cipher Suite 
                                              
null                                    00    
TLS_RSA_WITH_NULL_MD5                   01    
TLS_RSA_WITH_NULL_SHA                   02    
TLS_RSA_EXPORT_WITH_RC4_40_MD5          03    
TLS_RSA_WITH_RC4_128_MD5                04    
TLS_RSA_WITH_RC4_128_SHA                05    
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      06    
TLS_RSA_WITH_IDEA_CBC_SHA               07    
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       08    
TLS_RSA_WITH_DES_CBC_SHA                09    
TLS_RSA_WITH_3DES_EDE_CBC_SHA           0A    
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    0B    
TLS_DH_DSS_WITH_DES_CBC_SHA             0C    
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        0D    
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    0E    
TLS_DH_RSA_WITH_DES_CBC_SHA             0F    
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        10    
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   11    
TLS_DHE_DSS_WITH_DES_CBC_SHA            12    
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       13    
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   14    
TLS_DHE_RSA_WITH_DES_CBC_SHA            15    
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       16    
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      17    
TLS_DH_anon_WITH_RC4_128_MD5            18    
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   19    
TLS_DH_anon_WITH_DES_CBC_SHA            1A    
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       1B    
TLS_RSA_WITH_AES_128_CBC_SHA            2F    
TLS_DH_DSS_WITH_AES_128_CBC_SHA         30    
TLS_DH_RSA_WITH_AES_128_CBC_SHA         31    
TLS_DHE_DSS_WITH_AES_128_CBC_SHA        32    
TLS_DHE_RSA_WITH_AES_128_CBC_SHA        33    
TLS_DH_anon_WITH_AES_128_CBC_SHA        34    
TLS_RSA_WITH_AES_256_CBC_SHA            35    


Pat O'Keefe

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: TLS Cipher Suites

Reply via email to