On Wed, May 25, 2011, Erwann ABALEA wrote: > Bonjour, > > Hodie VIII Kal. Iun. MMXI, shoutee scripsit: > > I want to run a TLS Server with support of cipher suite > > 'ECDH-ECDSA-AES128-SHA256' (RFC 5289). Unfortunately I can't find these > > cipher suite > > within tls1.h. ECDSA is only available with SHA1. > > > > Since openssl supports SHA256 I thought that ECDSA with SHA256 should be > > available, or am I missing something? > > I'm using openssl-1.0.0d. > > The ciphersuites defined in RFC5289 apply to TLS1.2 only. OpenSSL > doesn't support (yet) TLS1.2. > If your next question is "when will OpenSSL support TLS1.2?", you'll > find the answer in the archives, as it has been asked quite some > times. >
The answer however has changed: experimental TLS v1.2 code is present in HEAD and the 1.0.1 stable branch. The code hasn't been fully tested yet so some bugs may remain. There are some known interop problems with some ECC ciphersuites: that is OpenSSL can connect to some servers but not others. At this point it isn't clear if the problem is with the servers or OpenSSL. If anyone knows of any public servers supporting TLS v1.2 I'd be interested in some interop testing. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org