On Tue, Jun 10, 2014 at 12:10:23PM -0400, Hubert Kario wrote:
> > > * aRSA, kRSA and RSA groups behave differently in master and 1.0.x
> >
> > Which differences did you have in mind specificically for the above?
>
> On second look, there is no difference in behaviour between 1.0.2 and master.
>
> I meant the change introduced by ffa45796 that made following update to
> ciphers(1):
>
> -=item B<kRSA>, B<RSA>
> +=item B<kRSA>, B<aRSA>, B<RSA>
>
> -cipher suites using RSA key exchange.
> +cipher suites using RSA key exchange, authentication or either respectively.
>
> I've assumed that it is correct with regards to master and just this
> functionality was not implemented in 1.0.1 or 1.0.2 (where I checked it).
> So this looks like a bug either in cipher suite parsing or in ciphers(1) man
> page, since kRSA == RSA, even in master branch.
I think this is a documentation bug, since indeed "kRSA" == "RSA"
(which is a subset of "aRSA", because "kRSA" requires "RSA" auth
keys) in each of 0.9.8, 1.0.0, 1.0.1, 1.0.2 and master. If the
intention was to have "RSA" be the larger "aRSA", rather than the
smaller "kRSA", then it is a long-standing implementation bug, which
probably needs to stay that way now, for backwards compatibility.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
