Re: Cipher Negotiation

Bodo Moeller Fri, 30 Jun 2006 06:12:57 -0700

On Fri, Jun 30, 2006 at 07:29:04AM -0400, Victor Duchovni wrote:

>>> Currently I specify the group (HIGH/MEDIUM/LOW) and remove some ciphers
>>> from a group (IDEA and ADH). I also remove AES at the beginning (Shif
>>> +="-AES:") and add it later because if I don't remove AES there is no
>>> way to separate AES128 and AES256.
>>> (Due to an OpenSSL bug, HIGH selects both AES128 and AES256)


It's not a bug that AES182 is classified as "HIGH", although it is a
missing feature that there is no class that encompasses only the
256-bit ciphers.  That's why there now is "@STRENGTH", which does
not add any ciphers and just sorts the one enabled so far.


>> Is this a real problem? What's wrong with:
>> 
>>     
>> !EXPORT:!LOW:!MEDIUM:DEFAULT:-DHE-RSA-AES128-SHA:-DHE-DSS-AES128-SHA:-AES128-SHA

> Sorry, I guess this ("DEFAULT:" should have been first) does not work,
> because removing the 128 bit ciphers also removes the 256 bit ciphers.
> 
> With:
> 
>     $ openssl ciphers -v \
>       'DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:@STRENGTH'
>     DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>     DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
>     AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>     DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
>     DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
>     AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
> 
> and
> 
>     $ openssl ciphers -v \
>       'DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:@STRENGTH'
>     DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>     DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
>     AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>     DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
>     DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
>     AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
> 
> producing the same results you are out of luck, if you want 256 bit AES,
> you always also get 128 bit AES.

It appears that you are using OpenSSL 0.9.8 or 0.9.8a here.  This is a
bug that should be fixed in OpenSSL 0.9.8b, so that the
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA ciphersuite
specification (with or without :STRENGTH appended) will only yield the
three ciphersuites intended.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Re: Cipher Negotiation

Reply via email to