Re: AES ciphers, are they supported?

Victor Duchovni Thu, 25 May 2006 07:17:18 -0700

On Thu, May 25, 2006 at 10:58:55AM +0200, Marek Marcola wrote:

> Hello,
> 
> > > AES256-SHA means also RSA key_exchange. Are you setting
> > > private RSA keys, certificate, and CA certificate also in SSL context ?
> > 
> > does this imply that when I want to use EDH for key exchange that the cipher
> > will not be able to be AES*?
> No, AES encryption may be used with the following SSL ciphers:
>       $ openssl ciphers -v | grep AES
>       DHE-RSA-AES256-SHA  SSLv3 Kx=DH   Au=RSA  Enc=AES(256)  Mac=SHA1
>       DHE-DSS-AES256-SHA  SSLv3 Kx=DH   Au=DSS  Enc=AES(256)  Mac=SHA1
>       AES256-SHA          SSLv3 Kx=RSA  Au=RSA  Enc=AES(256)  Mac=SHA1
>       DHE-RSA-AES128-SHA  SSLv3 Kx=DH   Au=RSA  Enc=AES(128)  Mac=SHA1
>       DHE-DSS-AES128-SHA  SSLv3 Kx=DH   Au=DSS  Enc=AES(128)  Mac=SHA1
>       AES128-SHA          SSLv3 Kx=RSA  Au=RSA  Enc=AES(128)  Mac=SHA1


If you through in "aNULL" you also get:

    $ openssl ciphers -v AES+aNULL
    ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
    ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1

The full list is:

    $ openssl ciphers -v AES:@STRENGTH
    ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
    DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
    DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
    AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
    ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
    DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
    DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
    AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

Which breaks down as follows:

    $ openssl ciphers -v AES+aNULL+kEDH
    ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
    ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1

    $ openssl ciphers -v AES+aRSA+kEDH
    DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
    DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1

    $ openssl ciphers -v AES+aRSA+kRSA
    AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
    AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

    $ openssl ciphers -v AES+aDSS+kEDH
    DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
    DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Re: AES ciphers, are they supported?

Reply via email to