On 8 January 2014 09:19, Alexey Haritonov via RT <[email protected]> wrote: > Greetings, > > It seems that OpenSSL supports AES in SSLv3, while this protocol is not > listed as supported protocols for SSLv3 according to RFC. > http://tools.ietf.org/html/rfc6101#appendix-A.6 > > Can You address this issue? >
Why do you see this as an issue? The RFC does not explicitly restrict SSLv3 to ONLY those ciphersuites it contains. In fact the protocol is designed to be extensible and have the ability to add new ciphersuites. The AES ciphersuites were originally defined in RFC3268 (and then subsequently merged into later TLS RFCs). The only ambiguity here is that this RFC only talks about their applicability to TLS1.0 and not SSLv3 (although it does not explicitly exclude their use). As they are fully backwards compatible, why should we not use them? I believe it is common practice to do so. Running some quick tests with firefox shows that when you force it into SSLv3 only, it still offers AES ciphersuites in its ClientHello. If you do not wish OpenSSL to select AES ciphers in SSLv3 it is straight forward to configure it for this, e.g. openssl s_server -key server-key.pem -cert server-cert.pem -www -ssl3 -cipher 'SSLv3:!AES:!ADH:!NULL:!LOW:!EXP@STRENGTH' Similarly for s_client if you do not wish it to offer them in the ClientHello. And of course you can do it programmatically using SSL_CTX_set_cipher_list. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
