Re: [openssl-users] cipher suite ECDH-ECDSA-AES128-SHA256

Wed, 25 May 2011 06:13:17 -0700 

> The answer however has changed: experimental TLS v1.2 code is present in
HEAD
> and the 1.0.1 stable branch. The code hasn't been fully tested yet so some
> bugs may remain. There are some known interop problems with some ECC
> ciphersuites: that is OpenSSL can connect to some servers but not others.
At
> this point it isn't clear if the problem is with the servers or OpenSSL.

>From ssl/tls1.h of today's snapshot, it looks to me that CipherSuites from
rfc 5288 and 5289(ECC and GCM  TLS1.2 CipherSuites) are not added yet.

Thanks,
Thulasi.

On 25 May 2011 15:51, Dr. Stephen Henson <st...@openssl.org> wrote:

> On Wed, May 25, 2011, Erwann ABALEA wrote:
>
> > Bonjour,
> >
> > Hodie VIII Kal. Iun. MMXI, shoutee scripsit:
> > > I want to run a TLS Server with support of cipher suite
> > > 'ECDH-ECDSA-AES128-SHA256' (RFC 5289). Unfortunately I can't find these
> cipher suite
> > > within tls1.h. ECDSA is only available with SHA1.
> > >
> > > Since openssl supports SHA256 I thought that ECDSA with SHA256 should
> be available, or am I missing something?
> > > I'm using openssl-1.0.0d.
> >
> > The ciphersuites defined in RFC5289 apply to TLS1.2 only. OpenSSL
> > doesn't support (yet) TLS1.2.
> > If your next question is "when will OpenSSL support TLS1.2?", you'll
> > find the answer in the archives, as it has been asked quite some
> > times.
> >
>
> The answer however has changed: experimental TLS v1.2 code is present in
> HEAD
> and the 1.0.1 stable branch. The code hasn't been fully tested yet so some
> bugs may remain. There are some known interop problems with some ECC
> ciphersuites: that is OpenSSL can connect to some servers but not others.
> At
> this point it isn't clear if the problem is with the servers or OpenSSL.
>
> If anyone knows of any public servers supporting TLS v1.2 I'd be interested
> in some interop testing.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>

Reply via email to