Does TLS support any "non-static" RSA ciphersuites. For example is it possible to use a 128 bit key to encrypt the pre-master secret in chunks of 16 bytes (including the padding), or use a 256 bit key to encrypt it in 32 byte chunks.
regards, --- asad -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson Sent: Wednesday, March 26, 2003 11:30 AM To: [EMAIL PROTECTED] Subject: Re: Minimum RSA Key length ? On Wed, Mar 26, 2003, Asad Ali wrote: > > Hi, > > I am experimenting with the minumum RSA key lenght allowed > by TLS 1.0. What I gather from reading the specification is > that it is left to applications to enforce minimum/maximum > lenghts - please correct me if this is not the case. > There are various minimum limitations based on the protocol requirements of TLS. For example in static RSA ciphersuites it must be possible to encrypt the pre-master secret using the server's public key. The PMS is 48 bytes in length and the PKCS#1 padding overhead is 11 bytes effectively making the absolute minimum 59 * 8 = 472 bits. For client certificates or for ciphersuites where server certificates sign data it must be able to contain the combined SHA1+MD5 hash and with the overhead again this is 20+16+11 = 47 or 376 bits. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
