Bonjour, Hodie VIII Kal. Iun. MMXI, Dr. Stephen Henson scripsit: > On Wed, May 25, 2011, Erwann ABALEA wrote: > > Hodie VIII Kal. Iun. MMXI, shoutee scripsit: > > > I want to run a TLS Server with support of cipher suite > > > 'ECDH-ECDSA-AES128-SHA256' (RFC 5289). Unfortunately I can't find these > > > cipher suite > > > within tls1.h. ECDSA is only available with SHA1. > > > > > > Since openssl supports SHA256 I thought that ECDSA with SHA256 should be > > > available, or am I missing something? > > > I'm using openssl-1.0.0d. > > > > The ciphersuites defined in RFC5289 apply to TLS1.2 only. OpenSSL > > doesn't support (yet) TLS1.2. > > If your next question is "when will OpenSSL support TLS1.2?", you'll > > find the answer in the archives, as it has been asked quite some > > times. > > The answer however has changed: experimental TLS v1.2 code is present in HEAD > and the 1.0.1 stable branch. The code hasn't been fully tested yet so some
I forgot that, it was mentioned once recently, you're right. Was that work funded, or did some developer dedicate some spare time for this? > If anyone knows of any public servers supporting TLS v1.2 I'd be interested > in some interop testing. If you can install a recent IIS, you'll have TLS1.2. Recent versions of GNUTLS also support TLS1.2. IE9 (probably on Windows 7) also supports TLS1.2, if you want to test the server part. -- Erwann ABALEA <erwann.aba...@keynectis.com> Département R&D KEYNECTIS ----- Stupidity has no limits, genius does. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
