* Dr. Stephen Henson <st...@openssl.org> [2013-02-06 20:14]: > On Wed, Feb 06, 2013, Brad House wrote: > > DHE-RSA-CAMELLIA256-SHA also has the same issue. I'm thinking it may be > > a -SHA issue as the only -SHA cipher I've gotten to work so far is RC4-SHA. > > Note though the TLSv1.2+HIGH ciphers that use SHA256 and greater look fine. > > Hmmm... if it's a problem with the CVE-2013-0169 it would appear when you > select a ciphersuites using a block cipher.
I'm (most probably) seeing the same issue with the pre-shared key cipher suites PSK-AES256-CBC-SHA, PSK-AES128-CBC-SHA, and PSK-3DES-EDE-CBC-SHA. PSK-RC4-SHA works fine. As "git bisect" revealed, the culprit is indeed commit 125093b59f3c. Reverting it fixes the issue. > In ssl/s3_cbc.c and the function ssl3_cbc_record_digest_supported try > setting it to return 0 when NID_sha1 is passed. This doesn't help. > Do you get the same problem with OpenSSL 1.0.0k? No. Holger ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org