While testing different ciphersuites I found a quite drastic change in
the behavior between openssl version 1.0.1h to 1.0.1i. While using a
cipherlist like "ECDHE-RSA-AES128-SHA256:RC4" with 1.0.1h the
"ECDHE-RSA-AES128-SHA256" cipher is used. With 1.0.1i uses "RC4-SHA".
example:
$ openssl s_server -cert server.pem
....
$ openssl s_client -cipher "ECDHE-RSA-AES128-SHA256:RC4" -connect
localhost:4443
....
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-SHA256
I guess following patch is responsible for the change in behavior:
http://rt.openssl.org/Ticket/Display.html?id=3374. There it says the
SSLv2 client-hello does not include enough information to establish a
connection with ECDHE, so this ciphers are not included in the
cipherlist. But the test with 1.0.1i shows that it works at least
against my openssl s_server.
I think this behavior could force established applications to use
"lower-strength" ciphers with openssl 1.0.1i than before with 1.0.1h.
Without anyone noticing.
cheers Frank
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org