On Pá, 2014-08-29 at 16:19 +0200, Frank Meier wrote: > While testing different ciphersuites I found a quite drastic change in > the behavior between openssl version 1.0.1h to 1.0.1i. While using a > cipherlist like "ECDHE-RSA-AES128-SHA256:RC4" with 1.0.1h the > "ECDHE-RSA-AES128-SHA256" cipher is used. With 1.0.1i uses "RC4-SHA". > > example: > $ openssl s_server -cert server.pem > .... > $ openssl s_client -cipher "ECDHE-RSA-AES128-SHA256:RC4" -connect > localhost:4443 > .... > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA256 > Server public key is 1024 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES128-SHA256 > > I guess following patch is responsible for the change in behavior: > http://rt.openssl.org/Ticket/Display.html?id=3374. There it says the > SSLv2 client-hello does not include enough information to establish a > connection with ECDHE, so this ciphers are not included in the > cipherlist. But the test with 1.0.1i shows that it works at least > against my openssl s_server. > > I think this behavior could force established applications to use > "lower-strength" ciphers with openssl 1.0.1i than before with 1.0.1h. > Without anyone noticing.
This happens because you use specification of cipherlist that does not make sense - that is with the RC4 you add also SSLv2 ciphers to the cipher list and simultaneously you add only EC based cipher in addition. With SSLv2 client hello the supported curves extension cannot be sent and thus the EC based ciphers must not be sent as well. If there was for example DHE-RSA-AES128-GCM-SHA256 in the cipher list, it would be correctly sent in the hello and chosen for the connection. I can't see anyone using such specification in real world. Basically what you specify is what you get. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org