Re: MD5 in openSSL internals

[Peter Waltenberg]

Your answers lie here:

http://tools.ietf.org/html/rfc2246

The RFC for TLS 1.0

OpenSSL implements that, as per specification. And incidentally, as rfc2246 pre-dates (Jan 1999) SHA-256 (2001) the answers aren't the ones you want to hear.
NOT an OpenSSL problem that, simply the fact that time has passed and the security landscape has changed.

If you want secure, TLS 1.2 (Published March 2011) is it now, and OpenSSL 0.9.8d  (Released September 2006) dosn't support TLS 1.2

Peter

-----owner-openssl-...@openssl.org wrote: -----

To: openssl-us...@openssl.org, "openssl-dev@openssl.org" <openssl-dev@openssl.org>
From: "Nikola Vassilev"
Sent by: owner-openssl-...@openssl.org
Date: 04/25/2013 02:21AM
Subject: Re: MD5 in openSSL internals

---

From: Venkataragavan Narayanaswamy <v...@brocade.com>

Sender: owner-openssl-us...@openssl.org

Date: Tue, 23 Apr 2013 00:29:17 -0600

To: openssl-dev@openssl.org<openssl-dev@openssl.org>; openssl-us...@openssl.org<openssl-us...@openssl.org>

ReplyTo: openssl-us...@openssl.org

Subject: MD5 in openSSL internals

Hi,

 

We are currently analyzing and understanding the security strength of the openSSL internal implementation to certify the products.

In version 0.9.8d, TLSv1.0 alone is supported. Can you please answer the following or provide me with the documentation reference

 

1.       Does openSSL library use MD5 internally for any operation?

2.       Can we have SHA256 in the ciphersuite with TLSv1.0?

 

Thanks,

Venkat

______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org