On Fri, Jun 30, 2006 at 07:29:04AM -0400, Victor Duchovni wrote: >>> Currently I specify the group (HIGH/MEDIUM/LOW) and remove some ciphers >>> from a group (IDEA and ADH). I also remove AES at the beginning (Shif >>> +="-AES:") and add it later because if I don't remove AES there is no >>> way to separate AES128 and AES256. >>> (Due to an OpenSSL bug, HIGH selects both AES128 and AES256)
It's not a bug that AES182 is classified as "HIGH", although it is a missing feature that there is no class that encompasses only the 256-bit ciphers. That's why there now is "@STRENGTH", which does not add any ciphers and just sorts the one enabled so far. >> Is this a real problem? What's wrong with: >> >> >> !EXPORT:!LOW:!MEDIUM:DEFAULT:-DHE-RSA-AES128-SHA:-DHE-DSS-AES128-SHA:-AES128-SHA > Sorry, I guess this ("DEFAULT:" should have been first) does not work, > because removing the 128 bit ciphers also removes the 256 bit ciphers. > > With: > > $ openssl ciphers -v \ > 'DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:@STRENGTH' > DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 > DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 > AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 > DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 > DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 > AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 > > and > > $ openssl ciphers -v \ > 'DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:@STRENGTH' > DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 > DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 > AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 > DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 > DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 > AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 > > producing the same results you are out of luck, if you want 256 bit AES, > you always also get 128 bit AES. It appears that you are using OpenSSL 0.9.8 or 0.9.8a here. This is a bug that should be fixed in OpenSSL 0.9.8b, so that the DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA ciphersuite specification (with or without :STRENGTH appended) will only yield the three ciphersuites intended. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]