On Sat, 2007-02-17 at 11:58 +1300, Matthew Hunt wrote: > jimmy said: > > i think he was talking about ssl ciphers, these are different from those > > in libcrypto. SSL ciphers go like SSL3_CK_RSA_RC4_128_SHA. So he > > probably meant whether openssl has support for SHA2 in the hash part of > > ssl ciphers. > > > > i haven't seen sha2 in any of the snapshots. maybe one of the openssl > > developers can comment? > > Thanks, Jimmy, > > That's exactly what I meant. Any comment from the developers would be > very helpful.
Further to my previous question, I have been reading through the mass of TLS related RFCs and it seems that the method of specifying the hash algorithm is a fairly new development, for example RFC4492 says: "The default hash function is SHA-1 [10], and sha_size (see Sections 5.4 and 5.8) is 20. However, an alternative hash function, such as one of the new SHA hash functions specified in FIPS 180-2 [10], may be used instead if the certificate containing the EC public key explicitly requires use of another hash function. (The mechanism for specifying the required hash function has not been standardized, but this provision anticipates such standardization and obviates the need to update this document in response. Future PKIX RFCs may choose, for example, to specify the hash function to be used with a public key in the parameters field of subjectPublicKeyInfo.)" -- http://tools.ietf.org/html/rfc4492 This, I assume, is addressed by RFC4680, TLS Handshake Message for Supplemental Data http://tools.ietf.org/html/rfc4680 and also in Transport Layer Security (TLS) Parameters - per [RFC4346] http://www.iana.org/assignments/tls-parameters It would be useful to get an idea of the likely development time required for adding support for these developments. I have been unable to find any implementations of this so far, but have done little more than scratch the surface. Regards, Matt. -- Matthew Hunt Catalyst IT Limited, PO Box 11053, Manners Street, Wellington 6142 Phone: +64 (4) 499 2267, Direct: +64 (4) 803 2216, Fax: +64 (4) 499 5596 http://catalyst.net.nz/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]